| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.08.2011, 16:46
| #1 |
 |  Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Hallo, ich habe ein bzw zwei Probleme:-(! Seit einiger Zeit denkt man das im Hintergrund in meinem Laptop irgendein Programm oder sowas läuft. Denn mein Laptop hört sich so an "lüfter" das er irgendwas rechnet, auch die Prozessor laufen ziemlich hoch auf 85-95%, irgendwas passt da nicht:-(. Vielleicht hab ich mir was eingefangen, evtl könnt ihr bei den log´s im Ahnang was erkennen, kenn mich da nicht aus :-(. Hab auch heute gesehen das 3 updates von windows nicht installiert worden sind, bei mehrfachen starten immer mit fehler beendet :-( "siehe screenshot bild im anhang welche updates das sind". Ich hoffe ihr könnt mir zwecks den den Problemen mir weiter helfen. Danke vorab. Gruß Marco Betriebssystemname Microsoft® Windows Vista™ Home Premium Version 6.0.6001 Service Pack 1 Build 6001 Zusätzliche Betriebssystembeschreibung Nicht verfügbar Betriebssystemhersteller Microsoft Corporation Systemname MARCO-PC Systemhersteller Dell Inc. Systemmodell XPS M1530 Systemtyp X86-basierter PC Prozessor Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz, 2401 MHz, 2 Kern(e), 2 logische(r) Prozessor(en) BIOS-Version/-Datum Dell Inc. A07, 24.01.2008 SMBIOS-Version 2.4 Windows-Verzeichnis C:\Windows Systemverzeichnis C:\Windows\system32 Startgerät \Device\HarddiskVolume2 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "6.0.6001.18000" Benutzername Marco-PC\Marco Zeitzone Mitteleuropäische Zeit Installierter physikalischer Speicher (RAM) 4,00 GB Gesamter realer Speicher 3,50 GB Verfügbarer realer Speicher 1,91 GB Gesamter virtueller Speicher 7,17 GB Verfügbarer virtueller Speicher 5,60 GB Größe der Auslagerungsdatei 3,79 GB Auslagerungsdatei C:\pagefile.sys sorry hab defogger_disable.log vergessen, hier bitte= defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:29 on 12/08/2011 (Marco) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- Geändert von Larusso (12.08.2011 um 20:11 Uhr) |
|
17.08.2011, 14:03
| #2 | ||
| /// Helfer-Team    | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
3. Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=mcafee&p="
[2010.09.04 14:31:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0675aa88-a5c9-11df-82d9-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{0675aa88-a5c9-11df-82d9-001e4ce44100}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0675aa95-a5c9-11df-82d9-001e101f034e}\Shell - "" = AutoRun
O33 - MountPoints2\{0675aa95-a5c9-11df-82d9-001e101f034e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0d760aac-5e6a-11df-963c-001e4ce44100}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{4cc6eceb-eca7-11de-9680-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{4cc6eceb-eca7-11de-9680-001e4ce44100}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{5379a33f-7876-11de-b25d-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{5379a33f-7876-11de-b25d-001e4ce44100}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{812c2dfd-79db-11de-b606-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{812c2dfd-79db-11de-b606-001e4ce44100}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{85c28529-0eaa-11de-a4ec-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{85c28529-0eaa-11de-a4ec-001e4ce44100}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{928905b4-f658-11df-8986-001e4ce44100}\Shell\AutoRun\command - "" = TranscendService(JF).exe
O33 - MountPoints2\{eda8b189-f31a-11de-a330-001e4ce44100}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{f7072733-0bc1-11de-88a2-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{f7072733-0bc1-11de-88a2-001e4ce44100}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Commands
[purity]
[emptytemp]
[resethosts]
4. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
5. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 6. erneut einen Scan mit OTL:
Zitat:
kira
__________________ |
|
17.08.2011, 20:42
| #3 |
| | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Hallo, so denke hab nichts vergessen, hoffe auf eure>/deine hilfe.
__________________Vorab Danke :-), Gruß Marco [CODE] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-17 18:35:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST920042 rev.3.AD
Running: uxt98hes.exe; Driver: C:\Users\Marco\AppData\Local\Temp\ugloypog.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74C57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74CAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74C5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74C4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74C575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74C4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74C88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74C5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74C4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74C4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74C471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74CDCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74C7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74C4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74C46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74C4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74C52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\fastfat \Fat 901CDA7A
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce44100
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce44100@0015aff8831b 0xBB 0x24 0xBD 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce44100@000761b6d81c 0xBC 0x53 0x87 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x24 0x7A 0xAF 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0x31 0x08 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA4 0x3A 0xC9 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce44100 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce44100@0015aff8831b 0xBB 0x24 0xBD 0xB6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce44100@000761b6d81c 0xBC 0x53 0x87 0xE7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x24 0x7A 0xAF 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0x31 0x08 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA4 0x3A 0xC9 0xAB ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~x86~~0.0.0.0@Package_for_KB973507~31bf3856ad364e3"\0\0\0\eVþÿ\5VþÿZV 2
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST920042 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x82850912] -> \Device\Harddisk0\DR0[0x86B40348]
3 CLASSPNP[0x8C1A08B3] -> ntkrnlpa!IofCallDriver[0x82850912] -> \Device\Ide\IAAStorageDevice-0[0x85717030]
kernel: MBR read successfully
user & kernel MBR OK
Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Prefs.js: "http://de.search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0675aa88-a5c9-11df-82d9-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0675aa88-a5c9-11df-82d9-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0675aa88-a5c9-11df-82d9-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0675aa88-a5c9-11df-82d9-001e4ce44100}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0675aa95-a5c9-11df-82d9-001e101f034e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0675aa95-a5c9-11df-82d9-001e101f034e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0675aa95-a5c9-11df-82d9-001e101f034e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0675aa95-a5c9-11df-82d9-001e101f034e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d760aac-5e6a-11df-963c-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d760aac-5e6a-11df-963c-001e4ce44100}\ not found.
File F:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc6eceb-eca7-11de-9680-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc6eceb-eca7-11de-9680-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc6eceb-eca7-11de-9680-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc6eceb-eca7-11de-9680-001e4ce44100}\ not found.
File "F:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5379a33f-7876-11de-b25d-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5379a33f-7876-11de-b25d-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5379a33f-7876-11de-b25d-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5379a33f-7876-11de-b25d-001e4ce44100}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{812c2dfd-79db-11de-b606-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{812c2dfd-79db-11de-b606-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{812c2dfd-79db-11de-b606-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{812c2dfd-79db-11de-b606-001e4ce44100}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c28529-0eaa-11de-a4ec-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85c28529-0eaa-11de-a4ec-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c28529-0eaa-11de-a4ec-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85c28529-0eaa-11de-a4ec-001e4ce44100}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{928905b4-f658-11df-8986-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{928905b4-f658-11df-8986-001e4ce44100}\ not found.
File TranscendService(JF).exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eda8b189-f31a-11de-a330-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eda8b189-f31a-11de-a330-001e4ce44100}\ not found.
File F:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7072733-0bc1-11de-88a2-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7072733-0bc1-11de-88a2-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7072733-0bc1-11de-88a2-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7072733-0bc1-11de-88a2-001e4ce44100}\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marco
->Temp folder emptied: 20345048 bytes
->Temporary Internet Files folder emptied: 9110056 bytes
->Java cache emptied: 11556 bytes
->FireFox cache emptied: 171927720 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4607 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121068 bytes
RecycleBin emptied: 1622491 bytes
Total Files Cleaned = 194,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.5 log created on 08172011_185137
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7488
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
17.08.2011 20:48:40
mbam-log-2011-08-17 (20-48-40).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 335504
Laufzeit: 1 Stunde(n), 37 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter 7-Zip 4.65 26.02.2010 3,13MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 11.09.2010 10.1.82.76
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.08.2011 10.3.183.5
Adobe Reader 9.4.5 - Deutsch Adobe Systems Incorporated 14.06.2011 164,1MB 9.4.5
Advanced Audio FX Engine 02.03.2008
Advanced Video FX Engine 02.03.2008
Apple Application Support Apple Inc. 26.07.2011 60,2MB 2.0.1
Apple Mobile Device Support Apple Inc. 12.06.2011 22,1MB 3.4.1.2
Apple Software Update Apple Inc. 11.07.2011 2,38MB 2.1.3.127
AviSynth 2.5 16.01.2011 5,81MB
Biet-O-Matic v2.8.3 BOM Development Team 28.11.2008 2,75MB Biet-O-Matic v2.8.3
Bonjour Apple Inc. 26.07.2011 0,73MB 3.0.0.2
Canon Easy-PhotoPrint EX 10.08.2011 227MB
Canon Easy-PhotoPrint Pro 10.08.2011 36,0MB
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data 10.08.2011 36,0MB
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data 10.08.2011 11,8MB
Canon IJ Network Scan Utility 10.08.2011 1,07MB
Canon IJ Network Tool 10.08.2011 2,97MB
Canon MG6100 series Benutzerregistrierung 10.08.2011 1,18MB
Canon MG6100 series MP Drivers 10.08.2011 401MB
Canon MP Navigator EX 4.0 10.08.2011 75,3MB
Canon MP600 Benutzerregistrierung 08.03.2008 0,50MB
Canon My Printer 10.08.2011 5,55MB
Canon Solution Menu EX 10.08.2011 12,4MB
CCleaner Piriform 26.07.2011 3,82MB 3.09
CD-LabelPrint 10.08.2011 11,7MB
CyberLink MediaShow CyberLink Corp. 13.11.2008 327MB 4.0.1827
Dell Resource CD Ihr Firmenname 02.03.2008 3,05MB 1.10.0000
Dell Touchpad Alps Electric 02.03.2008 7,66MB 7.1.102.7
Dell Webcam Center 02.03.2008 14,1MB
Dell Webcam Manager 02.03.2008 0,77MB
DivX-Setup DivX, LLC 22.06.2011 3,11MB 2.5.0.15
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 23.03.2011 3,02MB
Free Video to iPhone Converter version 3.2.17.324 DVDVideoSoft Limited. 26.03.2011 5,57MB
Free YouTube to MP3 Converter version 3.9.34.305 DVDVideoSoft Limited. 23.03.2011 3,41MB
ICQ7.5 ICQ 14.05.2011 52,1MB 7.5
Intel(R) PROSet/Wireless Software Intel Corporation 02.03.2008 11.01.0000
Intel® Matrix Storage Manager 02.03.2008 37,1MB
iPhone-Konfigurationsprogramm Apple Inc. 13.09.2009 22,4MB 2.1.0.163
IrfanView (remove only) 30.05.2009 1,57MB
iTunes Apple Inc. 26.07.2011 141,9MB 10.4.0.80
Java DB 10.5.3.0 Sun Microsystems, Inc 14.09.2010 28,5MB 10.5.3.0
Java(TM) 6 Update 20 Sun Microsystems, Inc. 19.06.2010 94,5MB 6.0.200
Java(TM) SE Development Kit 6 Update 21 Oracle 14.09.2010 149,5MB 1.6.0.210
Laptop Integrated Webcam Driver (1.04.01.1011) 03.03.2008
Live! Cam Avatar Creative Technology Ltd. 02.03.2008 14,0MB 1.0
Live! Cam Avatar Creator Creative Technology Ltd. 02.03.2008 183,2MB 4.6.0817.1
Lottoschein-Check 09.01.2009 0,21MB
Lottoschein-Check Version 1.27 Stefan Oellerich 12.08.2011 0,91MB 1.27
Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 16.08.2011 6,71MB 1.51.1.1800
Marvell Miniport Driver Marvell 02.03.2008 1,80MB 10.22.6.3
McAfee SecurityCenter McAfee, Inc. 06.08.2011 27,6MB 10.5.240
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 30.03.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 29.03.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.06.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.06.2010 24,5MB 4.0.30319
Microsoft Silverlight Microsoft Corporation 09.09.2009 3.0.40818.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.11.2008 0,41MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 03.10.2010 0,59MB 9.0.30729
MobileMe Control Panel Apple Inc. 08.05.2011 11,3MB 3.1.6.0
Mozilla Firefox 5.0 (x86 de) Mozilla 08.07.2011 33,3MB 5.0
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 10.03.2008 1,27MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 18.03.2008 1,27MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.11.2008 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0
Nero 9 Nero AG 23.10.2010 1.075MB
NVIDIA Drivers NVIDIA Corporation 08.11.2009 1.3
Protector Suite QL 5.6 UPEK Inc. 02.03.2008 48,1MB 5.6.2.3447
QuickSet Dell Inc. 02.03.2008 8,27MB 8.2.17
QuickTime Apple Inc. 09.08.2011 73,0MB 7.70.80.34
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 02.03.2008 1,49MB 3.51.01
Safari Apple Inc. 26.07.2011 43,4MB 5.34.50.0
ScanSoft OmniPage SE 4.0 Nuance Communications, Inc. 08.03.2008 157,5MB 15.00.0020
SetPoint Logitech 02.03.2008 13,0MB 3.2
SigmaTel Audio SigmaTel 02.03.2008 15,1MB 5.10.5207.0
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 05.03.2010 29,7MB 9.0.0
Tinypic 3.14 E. Fiedler 02.01.2011 1,16MB Tinypic 3.14
TomTom HOME 2.7.6.2056 TomTom 05.09.2010 40,5MB 2.7.6.2056
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 01.05.2009 1,88MB 1.0.2
Uninstall 1.0.0.1 26.03.2011 20,4MB
VideoReDo/Plus Version 2.5.6.512 DRD Systems, Inc. 04.03.2008 15,6MB
Vista Codec Package Shark007 09.04.2010 53,8MB 5.6.7
VLC media player 1.0.5 VideoLAN Team 05.04.2010 76,6MB 1.0.5
WBFS Manager 3.0 AlexDP 15.10.2009 3,48MB 3.0
WIDCOMM Bluetooth Software 6.0.1.3100 Dell 02.03.2008 33,3MB 6.0.1.3100
Windows Live Anmelde-Assistent Microsoft Corporation 30.03.2009 1,93MB 5.000.818.6
Windows Media Player Firefox Plugin Microsoft Corp 17.06.2011 0,29MB 1.0.0.8
XMedia Recode 3.0.0.0 Sebastian Dörfler 22.06.2011 16,3MB 3.0.0.0
Code:
ATTFilter OTL logfile created on: 17.08.2011 20:57:39 - Run 6 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Marco\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 56,99% Memory free 7,18 Gb Paging File | 5,40 Gb Available in Paging File | 75,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186,26 Gb Total Space | 30,23 Gb Free Space | 16,23% Space Free | Partition Type: NTFS Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.17 18:48:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe PRC - [2011.06.28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.04.14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2011.04.14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2011.04.14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.03.24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2007.09.07 17:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2007.09.07 11:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.09.07 11:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007.08.29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.07.27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe PRC - [2007.07.24 19:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.24 19:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.07.02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2007.06.06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2007.05.10 02:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe PRC - [2007.02.20 14:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe PRC - [2007.01.11 20:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe PRC - [2006.11.03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006.11.03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2006.10.11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe ========== Modules (No Company Name) ========== MOD - [2011.08.11 05:53:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.06.16 06:32:36 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2006.11.03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2006.05.07 18:28:48 | 000,057,451 | ---- | M] () -- C:\Program Files\ICQLite\ICQLiteShell.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2011.04.14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.04.14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2010.10.07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.07 11:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.08.29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007.07.24 19:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV - [2011.04.14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.04.14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2011.04.14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2011.04.14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011.04.14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.04.14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.04.14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2011.04.14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2011.04.14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010.10.17 01:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.09.16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.09.16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.07.24 19:19:44 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.03.15 21:09:28 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oreans32.sys -- (oreans32) DRV - [2007.10.10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.09.07 11:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.06.25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.05 19:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.11 20:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.01.11 20:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2005.06.13 10:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.19 19:02:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.19 19:02:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.08.11 03:32:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.10 16:22:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.10 16:22:39 | 000,000,000 | ---D | M] [2008.12.31 15:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions [2008.06.03 16:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.08.17 18:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions [2010.06.24 06:15:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.09 21:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.06.20 13:40:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2010.06.20 13:39:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.19 18:01:01 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2011.08.17 18:52:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515092528.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.17 19:09:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.17 19:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.17 19:09:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.17 19:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.17 19:00:42 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marco\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.17 18:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011.08.17 18:51:37 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.17 18:48:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe [2011.08.14 08:33:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2011.08.14 08:15:34 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\Canon Easy-PhotoPrint EX [2011.08.13 18:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lottoschein-Check [2011.08.11 20:33:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2011.08.11 20:33:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2011.08.11 20:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2011.08.11 20:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities [2011.08.11 20:30:47 | 001,335,296 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC6100C.dll [2011.08.11 20:30:47 | 000,307,200 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC6100L.dll [2011.08.11 20:30:47 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC6100I.dll [2011.08.11 20:30:47 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC6100U.dll [2011.08.11 20:30:47 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll [2011.08.11 20:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup [2011.08.11 20:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series Benutzerregistrierung [2011.08.11 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2011.08.11 20:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2011.08.11 20:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint [2011.08.11 20:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series Manual [2011.08.11 20:22:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2011.08.11 20:22:06 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2011.08.11 20:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series [2011.08.11 20:20:52 | 000,290,816 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMAG.DLL [2011.08.11 20:20:39 | 000,180,224 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMIUAG.DLL [2011.08.11 20:20:18 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2011.08.11 20:19:57 | 000,034,816 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL [2011.08.11 20:19:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING [2011.08.11 20:08:41 | 000,038,480 | ---- | C] (CANON INC.) -- C:\Windows\System32\IJRMF.exe [2011.08.11 03:03:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.11 03:03:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.08.11 03:03:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.11 03:03:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.11 03:03:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.10 16:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.08.10 16:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.08.10 06:21:24 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.10 06:20:57 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.10 06:20:57 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.08.07 09:19:11 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\Firma Bilder [2011.08.07 09:13:09 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\Garage [2011.08.03 18:19:24 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\K1024 [2011.07.27 16:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.07.27 16:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.07.27 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.07.27 16:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour ========== Files - Modified Within 30 Days ========== [2011.08.17 20:54:26 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.17 20:54:26 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.17 19:09:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.17 19:02:26 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marco\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.17 19:01:02 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.17 19:01:02 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.17 19:01:02 | 000,127,200 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.17 19:01:02 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.17 18:54:56 | 000,122,479 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.08.17 18:54:56 | 000,122,479 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.08.17 18:54:53 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk [2011.08.17 18:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.17 18:54:24 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys [2011.08.17 18:53:29 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.08.17 18:52:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011.08.17 18:48:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe [2011.08.17 18:43:28 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.08.17 17:16:13 | 000,167,139 | ---- | M] () -- C:\Users\Marco\Desktop\Unbenannt.jpg [2011.08.17 17:04:10 | 370,011,781 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.08.17 16:52:09 | 000,302,592 | ---- | M] () -- C:\Users\Marco\Desktop\uxt98hes.exe [2011.08.13 19:39:56 | 000,002,591 | ---- | M] () -- C:\Users\Marco\Desktop\Microsoft Office Word 2007.lnk [2011.08.13 18:50:14 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Lottoschein-Check.lnk [2011.08.11 22:29:00 | 000,000,020 | ---- | M] () -- C:\Users\Marco\defogger_reenable [2011.08.11 20:27:23 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2011.08.11 20:24:04 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG6100 series Online-Handbuch.lnk [2011.08.11 05:53:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.08.10 16:22:27 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.08.06 14:48:38 | 000,045,221 | R--- | M] () -- C:\Users\Marco\Desktop\Elektronik_2000_Perfekt_S_SE.pdf [2011.08.03 17:14:28 | 000,002,695 | ---- | M] () -- C:\Users\Marco\Desktop\Microsoft Office Outlook 2007.lnk [2011.08.02 16:53:00 | 001,318,700 | ---- | M] () -- C:\Users\Marco\Desktop\2011-07-18 06.39.31.jpg [2011.08.02 16:18:48 | 000,001,356 | ---- | M] () -- C:\Users\Marco\AppData\Local\d3d9caps.dat [2011.07.29 19:24:12 | 000,247,808 | ---- | M] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.27 17:59:15 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.27 16:58:54 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll ========== Files Created - No Company Name ========== [2011.08.17 19:09:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.17 18:45:11 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.08.17 18:36:19 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys [2011.08.17 17:16:13 | 000,167,139 | ---- | C] () -- C:\Users\Marco\Desktop\Unbenannt.jpg [2011.08.17 17:04:10 | 370,011,781 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.08.17 16:52:07 | 000,302,592 | ---- | C] () -- C:\Users\Marco\Desktop\uxt98hes.exe [2011.08.13 18:50:14 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Lottoschein-Check.lnk [2011.08.11 22:28:40 | 000,000,020 | ---- | C] () -- C:\Users\Marco\defogger_reenable [2011.08.11 20:30:47 | 000,013,056 | ---- | C] () -- C:\Windows\System32\CNC174AD.TBL [2011.08.11 20:27:23 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2011.08.11 20:24:04 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG6100 series Online-Handbuch.lnk [2011.08.10 16:22:27 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.08.06 14:48:41 | 000,045,221 | R--- | C] () -- C:\Users\Marco\Desktop\Elektronik_2000_Perfekt_S_SE.pdf [2011.08.02 16:53:00 | 001,318,700 | ---- | C] () -- C:\Users\Marco\Desktop\2011-07-18 06.39.31.jpg [2011.07.27 16:58:54 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.05.24 00:03:43 | 000,000,600 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\winscp.rnd [2010.03.05 02:39:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.03.05 02:39:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.01.28 02:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.05.30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.01.18 18:54:46 | 000,000,141 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\default.rss [2009.01.18 10:42:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.01.17 14:08:13 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.10 16:33:51 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2009.01.10 16:33:51 | 000,000,586 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Lottoschein-Check.dat [2008.12.31 15:35:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.11.29 12:07:54 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2008.11.16 11:24:46 | 000,122,479 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.11.16 11:24:46 | 000,122,479 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.11.14 23:13:26 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.11.14 23:13:07 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.10.07 19:19:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.06.20 16:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Nlsdl.dll [2008.03.15 21:50:54 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.03.15 21:09:28 | 000,033,824 | ---- | C] () -- C:\Windows\System32\drivers\oreans32.sys [2008.03.09 20:28:45 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.03.05 20:22:26 | 000,247,808 | ---- | C] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.03 20:57:35 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.03.03 20:11:32 | 000,027,335 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\nvModes.001 [2008.03.03 20:08:42 | 000,027,335 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\nvModes.dat [2008.03.03 19:57:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.03.03 19:12:54 | 000,001,356 | ---- | C] () -- C:\Users\Marco\AppData\Local\d3d9caps.dat [2008.03.03 19:02:43 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 17:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,127,200 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,410,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 11:03:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mcicda.dll [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2009.06.27 16:41:31 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Ashampoo [2011.07.25 21:21:08 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\BOM [2011.08.14 08:50:35 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Canon [2008.03.09 21:07:01 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\CD-LabelPrint [2011.03.27 16:34:46 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DVDVideoSoft [2011.03.24 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.05 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\FreeAudioPack [2011.08.15 22:13:21 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ICQ [2008.03.05 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ICQLite [2008.09.30 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\IrfanView [2008.11.14 23:16:47 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\MAGIX [2008.03.09 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ScanSoft [2009.09.04 13:43:13 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\temp [2008.03.03 20:14:23 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TMP [2008.03.12 18:19:45 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TomTom [2011.07.23 22:06:01 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\VideoReDoPlus [2010.04.10 13:49:43 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\VistaCodecs [2011.06.23 18:58:57 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\XMedia Recode [2011.08.17 18:53:29 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:0888F409 < End of report > |
|
17.08.2011, 20:44
| #4 |
| | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Und noch das Extra Log da es oben nicht mehr reingepasst hat. Bitteschön :-) Code:
ATTFilter OTL Extras logfile created on: 17.08.2011 20:57:39 - Run 6
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Marco\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 56,99% Memory free
7,18 Gb Paging File | 5,40 Gb Available in Paging File | 75,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,26 Gb Total Space | 30,23 Gb Free Space | 16,23% Space Free | Partition Type: NTFS
Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AC4693A2-308F-4A20-97DD-997CD862F57E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35030BAB-8465-4716-9F1F-212FD5D860C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{39656B8F-7509-4204-ABAA-940A9BE5D945}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{494A99F4-963A-44CB-A9D9-1558E6BD8C25}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4AE840F9-D1CB-4853-9E78-222F621156E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50CFFE47-333C-4AA7-9708-F2C7D55B1070}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{529F3582-B2FE-4358-89B3-5458516F155B}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5B42FC9E-EFDE-46CE-8720-59EDF6C96049}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{607C5962-280F-413A-A3CA-911091A3A1C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{60CEF585-35DA-4623-8846-54BC9709288E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{72F1AC96-BFDA-4BF3-8EF6-53E6AA3BA308}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ACC2B5B8-D82B-4366-A9BD-C0E7B538C79A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B5D1B49F-D1F2-4DB2-BF9C-05CD9E2A2CA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D6BD6BF7-3F03-4AC7-8669-72DD23CAF500}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{DEAC9C11-C236-4B0A-8BE2-1DA0B9101A1C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E36B54E1-999B-4184-87E7-64B094F5BCBC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E5108FD3-BFCD-4B8B-A028-BD3B7F3360C9}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E9474FC0-AF0F-4A1C-96B6-877305B0A51A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{03E8FD54-7EED-44EC-BE84-AB8EDB663362}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{04E3576E-B4CA-49FE-ABFE-5A6F70FD1168}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{276E2E4F-9EA5-46F1-AD97-DC5A22A378D5}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{38761D1C-F315-4125-AEB2-89E00AD61583}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DCCDFEE5-3621-4515-8C75-D29DA8C7E6DF}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" = protocol=6 | dir=in | app=c:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe |
"TCP Query User{DE93F1BC-AC08-4962-B583-D20E19BFAF5B}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{17553674-4733-4E00-982C-8B878F721049}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" = protocol=17 | dir=in | app=c:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe |
"UDP Query User{375EDD71-0A6D-4361-A22F-A3CC5D7175AB}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{630F1B9C-8546-4795-B86B-ECF2474BB415}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7B25A99D-AEBA-40BE-BD4F-D8C63DEF4D20}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{B0988C33-5909-41B9-BCB5-677611BB06B7}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{E1091172-4E1D-456B-88F9-17169CA0E361}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C9DC767-ABC7-4427-B758-FA2CF0FA9F47}_is1" = Lottoschein-Check Version 1.27
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ace2a21f-2106-4ecc-a963-360cd3ca68af}" = Nero 9
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.8.3" = Biet-O-Matic v2.8.3
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung
"Canon MP600 Benutzerregistrierung" = Canon MP600 Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2.17.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"IrfanView" = IrfanView (remove only)
"Lottoschein-Check" = Lottoschein-Check
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.6.512
"VLC media player" = VLC media player 1.0.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"XMedia Recode" = XMedia Recode 3.0.0.0
"YTdetect" = Yahoo! Detect
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.08.2011 11:02:18 | Computer Name = Marco-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung uxt98hes.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul uxt98hes.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x1234,
Anwendungsstartzeit 01cc5cee321f0f90.
Error - 17.08.2011 11:06:53 | Computer Name = Marco-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =
Error - 17.08.2011 11:11:37 | Computer Name = Marco-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung uxt98hes.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul uxt98hes.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x145c,
Anwendungsstartzeit 01cc5cef69562e59.
Error - 17.08.2011 11:19:28 | Computer Name = Marco-PC | Source = EventSystem | ID = 4609
Description =
Error - 17.08.2011 11:23:09 | Computer Name = Marco-PC | Source = Perflib | ID = 1008
Description =
Error - 17.08.2011 11:23:09 | Computer Name = Marco-PC | Source = Perflib | ID = 1010
Description =
Error - 17.08.2011 11:23:09 | Computer Name = Marco-PC | Source = PerfNet | ID = 2004
Description =
Error - 17.08.2011 11:23:09 | Computer Name = Marco-PC | Source = PerfNet | ID = 2002
Description =
Error - 17.08.2011 12:39:19 | Computer Name = Marco-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =
Error - 17.08.2011 12:57:12 | Computer Name = Marco-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =
[ OSession Events ]
Error - 25.09.2009 16:16:43 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.09.2009 16:19:24 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 155
seconds with 120 seconds of active time. This session ended with a crash.
Error - 05.10.2009 08:05:35 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.10.2009 08:08:30 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 169
seconds with 120 seconds of active time. This session ended with a crash.
Error - 05.10.2009 08:09:49 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.10.2009 08:14:34 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.07.2010 12:52:23 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.12.2010 12:23:59 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.12.2010 15:43:29 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.04.2011 10:43:39 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.08.2011 11:22:52 | Computer Name = Marco-PC | Source = DCOM | ID = 10005
Description =
Error - 17.08.2011 12:38:04 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.08.2011 12:51:38 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 17.08.2011 12:56:06 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
17.08.2011, 23:31
| #5 | |
| /// Helfer-Team | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? musst mir mal erklären, schaut nicht schön aus: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
18.08.2011, 05:07
| #6 |
| | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Ups, das kann weg, das war mal ein Versuch mit mein alten iphone3 vor 3 Jahren, ..... garnicht gewusst das ich das noch hab. Mein Laptop ist ja schließlich schon 4 Jahre alt, da sammelt sich haufen schrott/zeug! Sorry! Ist sonst irgendwas zu finden was das verursachen kann das laptop seit neusten immer so tut als würde er im hintergrund was rechen...zumindes läuft der lüfter ständig und auch mehr wie sonst/lauter? Kann das sein das es an firefox liegt das ich meist 5-6 tabs offfen hab? Gruß Marco |
|
18.08.2011, 06:07
| #7 |
| /// Helfer-Team | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? - Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren  "Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen! ** Du solltest in so einem Fall mal dein Konsummuster überdenken  -> Forumregel! Alles restlos entfernen! 1. Windows Defender: Parallel zu McAfee nicht Empfehlenswert aktiv laufen lassen, weil dadurch kommen sich die Beiden in die Quere. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen 2. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 3. reinige dein System mit Ccleaner:
4. Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:0888F409
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{DCCDFEE5-3621-4515-8C75-D29DA8C7E6DF}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" =-
"TCP Query User{DE93F1BC-AC08-4962-B583-D20E19BFAF5B}C:\program files\icq6\icq.exe" =-
"UDP Query User{17553674-4733-4E00-982C-8B878F721049}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" =-
:Commands
[purity]
[emptytemp]
5. Empfehlungen/Vorschläge: Wie lange dauert die Startvorgang? Wenn du auf der Stelle ein schnelleres System haben möchtest: - Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben - Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen. "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK" it-academy.cc pqtuning.de Laden von Programmen beim Start von Windows Vista verhindern - Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart... - Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten` (Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.) - Falls Du mal brauchst, manueller Start jederzeit möglich - Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*): Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
Gleich ein paar Vorschläge: Code:
ATTFilter O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
7. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 8. erneut einen Scan mit OTL:
► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
18.08.2011, 16:11
| #8 |
| | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Hallo ich bin bei punkt 2 hängen geblieben:-(, deinstallation des letzten java ...geht nicht "siehe screenschoot"! Installieren der neuen java geht auch nicht "siehe screenshoot"! Ich erriner mich eben, das updaten des java geht schon ca1 jahr lang nicht, hielt das nicht für wichtig....da lag ich anscheinend falsch :-(! Was soll ich jetzt machen? Gruß Marco |
|
18.08.2011, 16:17
| #9 |
| | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Hier der Screenshoot :-( Gruß Marco |
|
18.08.2011, 16:33
| #10 |
| /// Helfer-Team | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? 1. Software mit Revo Uninstaller deinstallieren Downloade von Revo Group die Freeware-Version des Revo Uninstallers
Starte den Rechner neu. 2. reinige dein System mit Ccleaner:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
18.08.2011, 17:55
| #11 |
| | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Hallo ich habe mit den Programm Jave deinstalliert dann hab ich neues java installiert... ging auch, aber leider sagt laptop mir das ich kein java hab, nach nochmaliegen installieren sagt er dennoch ist schon installiert. wenn ich dann aber das deinstallation programm öffne sowie über systemsteuerung programme und funktionen schau ob java installiert ist zeigt er mir java nicht mal an:-(.Den CCleaner hab ich auch durchgeführt, musste aber häckchen bei internet explorer rausnehmen sonst bleibt cleaner beim verlauf des internet explorerers hängen :-(. Was ist nun falsch gelaufen mit java und cleaner? Sollt ich evtl mal einen anderen pfad zum java installieren verwenden, wenn ja welchen? hier der link Download von Java für Windows Gruß Marco Geändert von stone1979 (18.08.2011 um 18:07 Uhr) |
|
18.08.2011, 18:16
| #12 |
| | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? sorry .... hier das ist der fehler screenshoot bei erneuter java installation. Laptop sagt java sei schon installiert, leider ist es nicht zu finden unter systemsteuerung ...prorgamme und funktionen und auch nicht mit den von dir genannen uniinstallatuions programm. Was nun :-(? Bei neu installation kommt siehe screenshoot. Gruß Marco |
|
19.08.2011, 05:42
| #13 |
| /// Helfer-Team | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? mach erstmal ab Punkt 4. weiter
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
19.08.2011, 16:34
| #14 |
| | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Hallo, hier das Ergebniss von Punkt 4= Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
ADS C:\ProgramData\TEMP:0888F409 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DCCDFEE5-3621-4515-8C75-D29DA8C7E6DF}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DE93F1BC-AC08-4962-B583-D20E19BFAF5B}C:\program files\icq6\icq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{17553674-4733-4E00-982C-8B878F721049}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marco
->Temp folder emptied: 8749770 bytes
->Temporary Internet Files folder emptied: 639966 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67202780 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1432 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1465513 bytes
Total Files Cleaned = 74,00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08192011_162327
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_bGEs9Nj92cIb61H not found!
Registry entries deleted on Reboot...
Was mach ich falsch? Gruß Marco |
|
20.08.2011, 04:57
| #15 |
| /// Helfer-Team | Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? Start→ Alle Programme → Zubehör → Ausführen →"msconfig" (reinschreiben ohne "") → Ok die unten (Punkt 5.) genannten Programme aus Autostart rausnehmen (Häckhen wegklicken)
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? |
| auslagerungsdatei, beendet, bild, cpu, device, fehler, hintergrund, home, intel, laptop, lüfter, nicht installiert, pagefile.sys, physikalischer speicher, probleme, programm, prozessor, screenshot, service, speicher, starten, updates, virus, virus?, win, windows, zone |
.
Linear-Darstellung
