Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus? (https://www.trojaner-board.de/102435-laptop-laeuft-staendig-hoch-3-updates-win-installiert-hab-sowas-virus.html)

stone1979 12.08.2011 16:46
Laptop läuft ständig hoch und 3 updates von Win werden nicht Installiert, hab ich sowas wie Virus?
 
Hallo, ich habe ein bzw zwei Probleme:-(!

Seit einiger Zeit denkt man das im Hintergrund in meinem Laptop irgendein Programm oder sowas läuft. Denn mein Laptop hört sich so an "lüfter" das er irgendwas rechnet, auch die Prozessor laufen ziemlich hoch auf 85-95%, irgendwas passt da nicht:-(. Vielleicht hab ich mir was eingefangen, evtl könnt ihr bei den log´s im Ahnang was erkennen, kenn mich da nicht aus :-(.

Hab auch heute gesehen das 3 updates von windows nicht installiert worden sind, bei mehrfachen starten immer mit fehler beendet :-( "siehe screenshot bild im anhang welche updates das sind".
Ich hoffe ihr könnt mir zwecks den den Problemen mir weiter helfen.
Danke vorab.

Gruß Marco


Betriebssystemname Microsoft® Windows Vista™ Home Premium
Version 6.0.6001 Service Pack 1 Build 6001
Zusätzliche Betriebssystembeschreibung Nicht verfügbar
Betriebssystemhersteller Microsoft Corporation
Systemname MARCO-PC
Systemhersteller Dell Inc.
Systemmodell XPS M1530
Systemtyp X86-basierter PC
Prozessor Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz, 2401 MHz, 2 Kern(e), 2 logische(r) Prozessor(en)
BIOS-Version/-Datum Dell Inc. A07, 24.01.2008
SMBIOS-Version 2.4
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume2
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.0.6001.18000"
Benutzername Marco-PC\Marco
Zeitzone Mitteleuropäische Zeit
Installierter physikalischer Speicher (RAM) 4,00 GB
Gesamter realer Speicher 3,50 GB
Verfügbarer realer Speicher 1,91 GB
Gesamter virtueller Speicher 7,17 GB
Verfügbarer virtueller Speicher 5,60 GB
Größe der Auslagerungsdatei 3,79 GB
Auslagerungsdatei C:\pagefile.sys

sorry hab defogger_disable.log vergessen, hier bitte=

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:29 on 12/08/2011 (Marco)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

kira 17.08.2011 14:03
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

3.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=mcafee&p="
[2010.09.04 14:31:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0675aa88-a5c9-11df-82d9-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{0675aa88-a5c9-11df-82d9-001e4ce44100}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0675aa95-a5c9-11df-82d9-001e101f034e}\Shell - "" = AutoRun
O33 - MountPoints2\{0675aa95-a5c9-11df-82d9-001e101f034e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0d760aac-5e6a-11df-963c-001e4ce44100}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{4cc6eceb-eca7-11de-9680-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{4cc6eceb-eca7-11de-9680-001e4ce44100}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{5379a33f-7876-11de-b25d-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{5379a33f-7876-11de-b25d-001e4ce44100}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{812c2dfd-79db-11de-b606-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{812c2dfd-79db-11de-b606-001e4ce44100}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{85c28529-0eaa-11de-a4ec-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{85c28529-0eaa-11de-a4ec-001e4ce44100}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{928905b4-f658-11df-8986-001e4ce44100}\Shell\AutoRun\command - "" = TranscendService(JF).exe
O33 - MountPoints2\{eda8b189-f31a-11de-a330-001e4ce44100}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{f7072733-0bc1-11de-88a2-001e4ce44100}\Shell - "" = AutoRun
O33 - MountPoints2\{f7072733-0bc1-11de-88a2-001e4ce44100}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

:Commands
[purity]
[emptytemp]
[resethosts]

4.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

6.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira

stone1979 17.08.2011 20:42
Hallo, so denke hab nichts vergessen, hoffe auf eure>/deine hilfe.
Vorab Danke :-), Gruß Marco


[CODE]
GMER Logfile:
Code:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-17 18:35:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST920042 rev.3.AD
Running: uxt98hes.exe; Driver: C:\Users\Marco\AppData\Local\Temp\ugloypog.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                                                                              [74C57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                                                                              [74CAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                                                                                          [74C5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                                                                                    [74C4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                                                                              [74C575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                                                                                            [74C4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                                                                                [74C88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                                                                                  [74C5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                                                                                          [74C4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                                                                                            [74C4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                                                                                            [74C471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                                                                                    [74CDCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                                                                                        [74C7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                                                                                          [74C4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                                                                                    [74C46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                                                                                    [74C4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                                                                                      [74C52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\fastfat \Fat                                                                                                                                                                                          901CDA7A

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce44100                                                                                                                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce44100@0015aff8831b                                                                                                                          0xBB 0x24 0xBD 0xB6 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce44100@000761b6d81c                                                                                                                          0xBC 0x53 0x87 0xE7 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                                C:\Program Files\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                                0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                            0x24 0x7A 0xAF 0xE1 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                                                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                      0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                                    0x59 0x31 0x08 0xD4 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                                                                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                            0xA4 0x3A 0xC9 0xAB ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce44100 (not active ControlSet)                                                                                                                   
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce44100@0015aff8831b                                                                                                                              0xBB 0x24 0xBD 0xB6 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce44100@000761b6d81c                                                                                                                              0xBC 0x53 0x87 0xE7 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                                             
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                                    C:\Program Files\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                                    0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                                0x24 0x7A 0xAF 0xE1 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                                                     
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                                        0x59 0x31 0x08 0xD4 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                                                                             
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                                0xA4 0x3A 0xC9 0xAB ...
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~x86~~0.0.0.0@Package_for_KB973507~31bf3856ad364e3"\0\0\0\eVþÿ\5VþÿZV  2

---- EOF - GMER 1.0.15 ----
--- --- ---


Code:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST920042 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x82850912] -> \Device\Harddisk0\DR0[0x86B40348]
3 CLASSPNP[0x8C1A08B3] -> ntkrnlpa!IofCallDriver[0x82850912] -> \Device\Ide\IAAStorageDevice-0[0x85717030]
kernel: MBR read successfully
user & kernel MBR OK
Code:
All processes killed
========== OTL ==========
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Prefs.js: "http://de.search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0675aa88-a5c9-11df-82d9-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0675aa88-a5c9-11df-82d9-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0675aa88-a5c9-11df-82d9-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0675aa88-a5c9-11df-82d9-001e4ce44100}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0675aa95-a5c9-11df-82d9-001e101f034e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0675aa95-a5c9-11df-82d9-001e101f034e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0675aa95-a5c9-11df-82d9-001e101f034e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0675aa95-a5c9-11df-82d9-001e101f034e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d760aac-5e6a-11df-963c-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d760aac-5e6a-11df-963c-001e4ce44100}\ not found.
File F:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc6eceb-eca7-11de-9680-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc6eceb-eca7-11de-9680-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc6eceb-eca7-11de-9680-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc6eceb-eca7-11de-9680-001e4ce44100}\ not found.
File "F:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5379a33f-7876-11de-b25d-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5379a33f-7876-11de-b25d-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5379a33f-7876-11de-b25d-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5379a33f-7876-11de-b25d-001e4ce44100}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{812c2dfd-79db-11de-b606-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{812c2dfd-79db-11de-b606-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{812c2dfd-79db-11de-b606-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{812c2dfd-79db-11de-b606-001e4ce44100}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85c283e4-0eaa-11de-a4ec-001e4ce44100}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c28529-0eaa-11de-a4ec-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85c28529-0eaa-11de-a4ec-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c28529-0eaa-11de-a4ec-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85c28529-0eaa-11de-a4ec-001e4ce44100}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{928905b4-f658-11df-8986-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{928905b4-f658-11df-8986-001e4ce44100}\ not found.
File TranscendService(JF).exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eda8b189-f31a-11de-a330-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eda8b189-f31a-11de-a330-001e4ce44100}\ not found.
File F:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7072733-0bc1-11de-88a2-001e4ce44100}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7072733-0bc1-11de-88a2-001e4ce44100}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7072733-0bc1-11de-88a2-001e4ce44100}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7072733-0bc1-11de-88a2-001e4ce44100}\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Marco
->Temp folder emptied: 20345048 bytes
->Temporary Internet Files folder emptied: 9110056 bytes
->Java cache emptied: 11556 bytes
->FireFox cache emptied: 171927720 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4607 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121068 bytes
RecycleBin emptied: 1622491 bytes
 
Total Files Cleaned = 194,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.5 log created on 08172011_185137

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7488

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

17.08.2011 20:48:40
mbam-log-2011-08-17 (20-48-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 335504
Laufzeit: 1 Stunde(n), 37 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
7-Zip 4.65                26.02.2010        3,13MB       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        11.09.2010                10.1.82.76
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        10.08.2011                10.3.183.5
Adobe Reader 9.4.5 - Deutsch        Adobe Systems Incorporated        14.06.2011        164,1MB        9.4.5
Advanced Audio FX Engine                02.03.2008               
Advanced Video FX Engine                02.03.2008               
Apple Application Support        Apple Inc.        26.07.2011        60,2MB        2.0.1
Apple Mobile Device Support        Apple Inc.        12.06.2011        22,1MB        3.4.1.2
Apple Software Update        Apple Inc.        11.07.2011        2,38MB        2.1.3.127
AviSynth 2.5                16.01.2011        5,81MB       
Biet-O-Matic v2.8.3        BOM Development Team        28.11.2008        2,75MB        Biet-O-Matic v2.8.3
Bonjour        Apple Inc.        26.07.2011        0,73MB        3.0.0.2
Canon Easy-PhotoPrint EX                10.08.2011        227MB       
Canon Easy-PhotoPrint Pro                10.08.2011        36,0MB       
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data                10.08.2011        36,0MB       
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data                10.08.2011        11,8MB       
Canon IJ Network Scan Utility                10.08.2011        1,07MB       
Canon IJ Network Tool                10.08.2011        2,97MB       
Canon MG6100 series Benutzerregistrierung                10.08.2011        1,18MB       
Canon MG6100 series MP Drivers                10.08.2011        401MB       
Canon MP Navigator EX 4.0                10.08.2011        75,3MB       
Canon MP600 Benutzerregistrierung                08.03.2008        0,50MB       
Canon My Printer                10.08.2011        5,55MB       
Canon Solution Menu EX                10.08.2011        12,4MB       
CCleaner        Piriform        26.07.2011        3,82MB        3.09
CD-LabelPrint                10.08.2011        11,7MB       
CyberLink MediaShow        CyberLink Corp.        13.11.2008        327MB        4.0.1827
Dell Resource CD        Ihr Firmenname        02.03.2008        3,05MB        1.10.0000
Dell Touchpad        Alps Electric        02.03.2008        7,66MB        7.1.102.7
Dell Webcam Center                02.03.2008        14,1MB       
Dell Webcam Manager                02.03.2008        0,77MB       
DivX-Setup        DivX, LLC        22.06.2011        3,11MB        2.5.0.15
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        23.03.2011        3,02MB       
Free Video to iPhone Converter version 3.2.17.324        DVDVideoSoft Limited.        26.03.2011        5,57MB       
Free YouTube to MP3 Converter version 3.9.34.305        DVDVideoSoft Limited.        23.03.2011        3,41MB       
ICQ7.5        ICQ        14.05.2011        52,1MB        7.5
Intel(R) PROSet/Wireless Software        Intel Corporation        02.03.2008                11.01.0000
Intel® Matrix Storage Manager                02.03.2008        37,1MB       
iPhone-Konfigurationsprogramm        Apple Inc.        13.09.2009        22,4MB        2.1.0.163
IrfanView (remove only)                30.05.2009        1,57MB       
iTunes        Apple Inc.        26.07.2011        141,9MB        10.4.0.80
Java DB 10.5.3.0        Sun Microsystems, Inc        14.09.2010        28,5MB        10.5.3.0
Java(TM) 6 Update 20        Sun Microsystems, Inc.        19.06.2010        94,5MB        6.0.200
Java(TM) SE Development Kit 6 Update 21        Oracle        14.09.2010        149,5MB        1.6.0.210
Laptop Integrated Webcam Driver (1.04.01.1011)                03.03.2008               
Live! Cam Avatar        Creative Technology Ltd.        02.03.2008        14,0MB        1.0
Live! Cam Avatar Creator        Creative Technology Ltd.        02.03.2008        183,2MB        4.6.0817.1
Lottoschein-Check                09.01.2009        0,21MB       
Lottoschein-Check Version 1.27        Stefan Oellerich        12.08.2011        0,91MB        1.27
Malwarebytes' Anti-Malware Version 1.51.1.1800        Malwarebytes Corporation        16.08.2011        6,71MB        1.51.1.1800
Marvell Miniport Driver        Marvell        02.03.2008        1,80MB        10.22.6.3
McAfee SecurityCenter        McAfee, Inc.        06.08.2011        27,6MB        10.5.240
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        30.03.2009        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        29.03.2009        37,0MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        24.06.2010        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        24.06.2010        24,5MB        4.0.30319
Microsoft Silverlight        Microsoft Corporation        09.09.2009                3.0.40818.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        29.07.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        12.11.2008        0,41MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        03.10.2010        0,59MB        9.0.30729
MobileMe Control Panel        Apple Inc.        08.05.2011        11,3MB        3.1.6.0
Mozilla Firefox 5.0 (x86 de)        Mozilla        08.07.2011        33,3MB        5.0
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        10.03.2008        1,27MB        4.20.9848.0
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        18.03.2008        1,27MB        4.20.9849.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        13.11.2008        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        1,34MB        4.20.9876.0
Nero 9        Nero AG        23.10.2010        1.075MB       
NVIDIA Drivers        NVIDIA Corporation        08.11.2009                1.3
Protector Suite QL 5.6        UPEK Inc.        02.03.2008        48,1MB        5.6.2.3447
QuickSet        Dell Inc.        02.03.2008        8,27MB        8.2.17
QuickTime        Apple Inc.        09.08.2011        73,0MB        7.70.80.34
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01                02.03.2008        1,49MB        3.51.01
Safari        Apple Inc.        26.07.2011        43,4MB        5.34.50.0
ScanSoft OmniPage SE 4.0        Nuance Communications, Inc.        08.03.2008        157,5MB        15.00.0020
SetPoint        Logitech        02.03.2008        13,0MB        3.2
SigmaTel Audio        SigmaTel        02.03.2008        15,1MB        5.10.5207.0
Spelling Dictionaries Support For Adobe Reader 9        Adobe Systems Incorporated        05.03.2010        29,7MB        9.0.0
Tinypic 3.14        E. Fiedler        02.01.2011        1,16MB        Tinypic 3.14
TomTom HOME 2.7.6.2056        TomTom        05.09.2010        40,5MB        2.7.6.2056
TomTom HOME Visual Studio Merge Modules        TomTom International B.V.        01.05.2009        1,88MB        1.0.2
Uninstall 1.0.0.1                26.03.2011        20,4MB       
VideoReDo/Plus Version 2.5.6.512        DRD Systems, Inc.        04.03.2008        15,6MB       
Vista Codec Package        Shark007        09.04.2010        53,8MB        5.6.7
VLC media player 1.0.5        VideoLAN Team        05.04.2010        76,6MB        1.0.5
WBFS Manager 3.0        AlexDP        15.10.2009        3,48MB        3.0
WIDCOMM Bluetooth Software 6.0.1.3100        Dell        02.03.2008        33,3MB        6.0.1.3100
Windows Live Anmelde-Assistent        Microsoft Corporation        30.03.2009        1,93MB        5.000.818.6
Windows Media Player Firefox Plugin        Microsoft Corp        17.06.2011        0,29MB        1.0.0.8
XMedia Recode 3.0.0.0        Sebastian Dörfler        22.06.2011        16,3MB        3.0.0.0
Code:
OTL logfile created on: 17.08.2011 20:57:39 - Run 6
OTL by OldTimer - Version 3.2.26.5    Folder = C:\Users\Marco\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 56,99% Memory free
7,18 Gb Paging File | 5,40 Gb Available in Paging File | 75,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,26 Gb Total Space | 30,23 Gb Free Space | 16,23% Space Free | Partition Type: NTFS
 
Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.17 18:48:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
PRC - [2011.06.28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011.04.14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011.04.14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007.09.07 17:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007.09.07 11:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.09.07 11:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007.08.29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.07.27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007.07.24 19:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.24 19:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.07.02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007.06.06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007.05.10 02:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2007.02.20 14:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007.01.11 20:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2006.11.03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.10.11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.11 05:53:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.16 06:32:36 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2006.11.03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006.05.07 18:28:48 | 000,057,451 | ---- | M] () -- C:\Program Files\ICQLite\ICQLiteShell.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011.04.14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.04.14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.10.07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.07 11:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.08.29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.07.24 19:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.04.14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.04.14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.04.14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.04.14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.04.14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.04.14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.04.14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011.04.14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.10.17 01:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.09.16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009.09.16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009.07.24 19:19:44 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.03.15 21:09:28 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oreans32.sys -- (oreans32)
DRV - [2007.10.10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.07 11:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.06.25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 19:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.11 20:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.01.11 20:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2005.06.13 10:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.19 19:02:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.19 19:02:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.08.11 03:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.10 16:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.10 16:22:39 | 000,000,000 | ---D | M]
 
[2008.12.31 15:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions
[2008.06.03 16:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.08.17 18:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions
[2010.06.24 06:15:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6dp35kc7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.09 21:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.20 13:40:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010.06.20 13:39:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.19 18:01:01 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011.08.17 18:52:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515092528.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.17 19:09:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.17 19:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.17 19:09:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.17 19:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.17 19:00:42 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marco\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.17 18:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.08.17 18:51:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.17 18:48:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
[2011.08.14 08:33:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.08.14 08:15:34 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\Canon Easy-PhotoPrint EX
[2011.08.13 18:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lottoschein-Check
[2011.08.11 20:33:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011.08.11 20:33:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2011.08.11 20:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2011.08.11 20:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2011.08.11 20:30:47 | 001,335,296 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC6100C.dll
[2011.08.11 20:30:47 | 000,307,200 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC6100L.dll
[2011.08.11 20:30:47 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC6100I.dll
[2011.08.11 20:30:47 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC6100U.dll
[2011.08.11 20:30:47 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2011.08.11 20:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2011.08.11 20:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series Benutzerregistrierung
[2011.08.11 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011.08.11 20:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011.08.11 20:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
[2011.08.11 20:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series Manual
[2011.08.11 20:22:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011.08.11 20:22:06 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011.08.11 20:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series
[2011.08.11 20:20:52 | 000,290,816 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMAG.DLL
[2011.08.11 20:20:39 | 000,180,224 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMIUAG.DLL
[2011.08.11 20:20:18 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011.08.11 20:19:57 | 000,034,816 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL
[2011.08.11 20:19:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING
[2011.08.11 20:08:41 | 000,038,480 | ---- | C] (CANON INC.) -- C:\Windows\System32\IJRMF.exe
[2011.08.11 03:03:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.11 03:03:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.11 03:03:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.11 03:03:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.11 03:03:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.10 16:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.08.10 16:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.08.10 06:21:24 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.10 06:20:57 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.10 06:20:57 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.07 09:19:11 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\Firma Bilder
[2011.08.07 09:13:09 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\Garage
[2011.08.03 18:19:24 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\K1024
[2011.07.27 16:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.27 16:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.27 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.07.27 16:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.17 20:54:26 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 20:54:26 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 19:09:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.17 19:02:26 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marco\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.17 19:01:02 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.17 19:01:02 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.17 19:01:02 | 000,127,200 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.17 19:01:02 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.17 18:54:56 | 000,122,479 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.17 18:54:56 | 000,122,479 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.17 18:54:53 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011.08.17 18:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.17 18:54:24 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.17 18:53:29 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.17 18:52:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.08.17 18:48:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
[2011.08.17 18:43:28 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.08.17 17:16:13 | 000,167,139 | ---- | M] () -- C:\Users\Marco\Desktop\Unbenannt.jpg
[2011.08.17 17:04:10 | 370,011,781 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.17 16:52:09 | 000,302,592 | ---- | M] () -- C:\Users\Marco\Desktop\uxt98hes.exe
[2011.08.13 19:39:56 | 000,002,591 | ---- | M] () -- C:\Users\Marco\Desktop\Microsoft Office Word 2007.lnk
[2011.08.13 18:50:14 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Lottoschein-Check.lnk
[2011.08.11 22:29:00 | 000,000,020 | ---- | M] () -- C:\Users\Marco\defogger_reenable
[2011.08.11 20:27:23 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011.08.11 20:24:04 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG6100 series Online-Handbuch.lnk
[2011.08.11 05:53:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.10 16:22:27 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.08.06 14:48:38 | 000,045,221 | R--- | M] () -- C:\Users\Marco\Desktop\Elektronik_2000_Perfekt_S_SE.pdf
[2011.08.03 17:14:28 | 000,002,695 | ---- | M] () -- C:\Users\Marco\Desktop\Microsoft Office Outlook 2007.lnk
[2011.08.02 16:53:00 | 001,318,700 | ---- | M] () -- C:\Users\Marco\Desktop\2011-07-18 06.39.31.jpg
[2011.08.02 16:18:48 | 000,001,356 | ---- | M] () -- C:\Users\Marco\AppData\Local\d3d9caps.dat
[2011.07.29 19:24:12 | 000,247,808 | ---- | M] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.27 17:59:15 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.27 16:58:54 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2011.08.17 19:09:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.17 18:45:11 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.08.17 18:36:19 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.17 17:16:13 | 000,167,139 | ---- | C] () -- C:\Users\Marco\Desktop\Unbenannt.jpg
[2011.08.17 17:04:10 | 370,011,781 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.17 16:52:07 | 000,302,592 | ---- | C] () -- C:\Users\Marco\Desktop\uxt98hes.exe
[2011.08.13 18:50:14 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Lottoschein-Check.lnk
[2011.08.11 22:28:40 | 000,000,020 | ---- | C] () -- C:\Users\Marco\defogger_reenable
[2011.08.11 20:30:47 | 000,013,056 | ---- | C] () -- C:\Windows\System32\CNC174AD.TBL
[2011.08.11 20:27:23 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011.08.11 20:24:04 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG6100 series Online-Handbuch.lnk
[2011.08.10 16:22:27 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.08.06 14:48:41 | 000,045,221 | R--- | C] () -- C:\Users\Marco\Desktop\Elektronik_2000_Perfekt_S_SE.pdf
[2011.08.02 16:53:00 | 001,318,700 | ---- | C] () -- C:\Users\Marco\Desktop\2011-07-18 06.39.31.jpg
[2011.07.27 16:58:54 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.24 00:03:43 | 000,000,600 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\winscp.rnd
[2010.03.05 02:39:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.03.05 02:39:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.01.28 02:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.18 18:54:46 | 000,000,141 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\default.rss
[2009.01.18 10:42:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.01.17 14:08:13 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.10 16:33:51 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009.01.10 16:33:51 | 000,000,586 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Lottoschein-Check.dat
[2008.12.31 15:35:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.11.29 12:07:54 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2008.11.16 11:24:46 | 000,122,479 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.16 11:24:46 | 000,122,479 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.14 23:13:26 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.11.14 23:13:07 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.10.07 19:19:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.20 16:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Nlsdl.dll
[2008.03.15 21:50:54 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.03.15 21:09:28 | 000,033,824 | ---- | C] () -- C:\Windows\System32\drivers\oreans32.sys
[2008.03.09 20:28:45 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.03.05 20:22:26 | 000,247,808 | ---- | C] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.03 20:57:35 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008.03.03 20:11:32 | 000,027,335 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\nvModes.001
[2008.03.03 20:08:42 | 000,027,335 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\nvModes.dat
[2008.03.03 19:57:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.03.03 19:12:54 | 000,001,356 | ---- | C] () -- C:\Users\Marco\AppData\Local\d3d9caps.dat
[2008.03.03 19:02:43 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 17:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,127,200 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,410,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 11:03:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mcicda.dll
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.06.27 16:41:31 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Ashampoo
[2011.07.25 21:21:08 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\BOM
[2011.08.14 08:50:35 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Canon
[2008.03.09 21:07:01 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\CD-LabelPrint
[2011.03.27 16:34:46 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DVDVideoSoft
[2011.03.24 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.05 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\FreeAudioPack
[2011.08.15 22:13:21 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ICQ
[2008.03.05 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ICQLite
[2008.09.30 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\IrfanView
[2008.11.14 23:16:47 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\MAGIX
[2008.03.09 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ScanSoft
[2009.09.04 13:43:13 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\temp
[2008.03.03 20:14:23 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TMP
[2008.03.12 18:19:45 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TomTom
[2011.07.23 22:06:01 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\VideoReDoPlus
[2010.04.10 13:49:43 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\VistaCodecs
[2011.06.23 18:58:57 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\XMedia Recode
[2011.08.17 18:53:29 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:0888F409

< End of report >

stone1979 17.08.2011 20:44
Und noch das Extra Log da es oben nicht mehr reingepasst hat. Bitteschön :-)

Code:
OTL Extras logfile created on: 17.08.2011 20:57:39 - Run 6
OTL by OldTimer - Version 3.2.26.5    Folder = C:\Users\Marco\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 56,99% Memory free
7,18 Gb Paging File | 5,40 Gb Available in Paging File | 75,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,26 Gb Total Space | 30,23 Gb Free Space | 16,23% Space Free | Partition Type: NTFS
 
Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AC4693A2-308F-4A20-97DD-997CD862F57E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35030BAB-8465-4716-9F1F-212FD5D860C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{39656B8F-7509-4204-ABAA-940A9BE5D945}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{494A99F4-963A-44CB-A9D9-1558E6BD8C25}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4AE840F9-D1CB-4853-9E78-222F621156E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50CFFE47-333C-4AA7-9708-F2C7D55B1070}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{529F3582-B2FE-4358-89B3-5458516F155B}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5B42FC9E-EFDE-46CE-8720-59EDF6C96049}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{607C5962-280F-413A-A3CA-911091A3A1C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{60CEF585-35DA-4623-8846-54BC9709288E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{72F1AC96-BFDA-4BF3-8EF6-53E6AA3BA308}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ACC2B5B8-D82B-4366-A9BD-C0E7B538C79A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B5D1B49F-D1F2-4DB2-BF9C-05CD9E2A2CA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D6BD6BF7-3F03-4AC7-8669-72DD23CAF500}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{DEAC9C11-C236-4B0A-8BE2-1DA0B9101A1C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E36B54E1-999B-4184-87E7-64B094F5BCBC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E5108FD3-BFCD-4B8B-A028-BD3B7F3360C9}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E9474FC0-AF0F-4A1C-96B6-877305B0A51A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{03E8FD54-7EED-44EC-BE84-AB8EDB663362}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{04E3576E-B4CA-49FE-ABFE-5A6F70FD1168}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{276E2E4F-9EA5-46F1-AD97-DC5A22A378D5}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{38761D1C-F315-4125-AEB2-89E00AD61583}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DCCDFEE5-3621-4515-8C75-D29DA8C7E6DF}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" = protocol=6 | dir=in | app=c:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe |
"TCP Query User{DE93F1BC-AC08-4962-B583-D20E19BFAF5B}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{17553674-4733-4E00-982C-8B878F721049}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" = protocol=17 | dir=in | app=c:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe |
"UDP Query User{375EDD71-0A6D-4361-A22F-A3CC5D7175AB}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{630F1B9C-8546-4795-B86B-ECF2474BB415}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7B25A99D-AEBA-40BE-BD4F-D8C63DEF4D20}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{B0988C33-5909-41B9-BCB5-677611BB06B7}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{E1091172-4E1D-456B-88F9-17169CA0E361}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C9DC767-ABC7-4427-B758-FA2CF0FA9F47}_is1" = Lottoschein-Check Version 1.27
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ace2a21f-2106-4ecc-a963-360cd3ca68af}" = Nero 9
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.8.3" = Biet-O-Matic v2.8.3
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung
"Canon MP600 Benutzerregistrierung" = Canon MP600 Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) 
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2.17.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"IrfanView" = IrfanView (remove only)
"Lottoschein-Check" = Lottoschein-Check
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.6.512
"VLC media player" = VLC media player 1.0.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"XMedia Recode" = XMedia Recode 3.0.0.0
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.08.2011 11:02:18 | Computer Name = Marco-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung uxt98hes.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul uxt98hes.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0x1234,
Anwendungsstartzeit 01cc5cee321f0f90.
 
Error - 17.08.2011 11:06:53 | Computer Name = Marco-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
Error - 17.08.2011 11:11:37 | Computer Name = Marco-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung uxt98hes.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul uxt98hes.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0x145c,
Anwendungsstartzeit 01cc5cef69562e59.
 
Error - 17.08.2011 11:19:28 | Computer Name = Marco-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 17.08.2011 11:23:09 | Computer Name = Marco-PC | Source = Perflib | ID = 1008
Description =
 
Error - 17.08.2011 11:23:09 | Computer Name = Marco-PC | Source = Perflib | ID = 1010
Description =
 
Error - 17.08.2011 11:23:09 | Computer Name = Marco-PC | Source = PerfNet | ID = 2004
Description =
 
Error - 17.08.2011 11:23:09 | Computer Name = Marco-PC | Source = PerfNet | ID = 2002
Description =
 
Error - 17.08.2011 12:39:19 | Computer Name = Marco-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
Error - 17.08.2011 12:57:12 | Computer Name = Marco-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
[ OSession Events ]
Error - 25.09.2009 16:16:43 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.09.2009 16:19:24 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 155
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2009 08:05:35 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2009 08:08:30 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 169
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2009 08:09:49 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2009 08:14:34 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.07.2010 12:52:23 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.12.2010 12:23:59 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2010 15:43:29 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.04.2011 10:43:39 | Computer Name = Marco-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.08.2011 11:20:12 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.08.2011 11:22:52 | Computer Name = Marco-PC | Source = DCOM | ID = 10005
Description =
 
Error - 17.08.2011 12:38:04 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 17.08.2011 12:51:38 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 17.08.2011 12:56:06 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

kira 17.08.2011 23:31
musst mir mal erklären, schaut nicht schön aus:

Zitat:
"TCP Query User{DCCDFEE5-3621-4515-8C75-D29DA8C7E6DF}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" = protocol=6 | dir=in | app=c:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe |
"UDP Query User{17553674-4733-4E00-982C-8B878F721049}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" = protocol=17 | dir=in | app=c:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe |

stone1979 18.08.2011 05:07
Ups, das kann weg, das war mal ein Versuch mit mein alten iphone3 vor 3 Jahren, ..... garnicht gewusst das ich das noch hab. Mein Laptop ist ja schließlich schon 4 Jahre alt, da sammelt sich haufen schrott/zeug! Sorry!
Ist sonst irgendwas zu finden was das verursachen kann das laptop seit neusten immer so tut als würde er im hintergrund was rechen...zumindes läuft der lüfter ständig und auch mehr wie sonst/lauter?
Kann das sein das es an firefox liegt das ich meist 5-6 tabs offfen hab?
Gruß Marco

kira 18.08.2011 06:07
- Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizierenhttp://www.world-of-smilies.com/wos_sonstige/a048.gif
"Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen!
** Du solltest in so einem Fall mal dein Konsummuster überdenken:twak:
-> Forumregel!
Alles restlos entfernen!

1.
Windows Defender:
Parallel zu McAfee nicht Empfehlenswert aktiv laufen lassen, weil dadurch kommen sich die Beiden in die Quere. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen

2.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:0888F409

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{DCCDFEE5-3621-4515-8C75-D29DA8C7E6DF}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" =-
"TCP Query User{DE93F1BC-AC08-4962-B583-D20E19BFAF5B}C:\program files\icq6\icq.exe" =-
"UDP Query User{17553674-4733-4E00-982C-8B878F721049}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe" =-

:Commands
[purity]
[emptytemp]

5.
Empfehlungen/Vorschläge:
Wie lange dauert die Startvorgang? Wenn du auf der Stelle ein schnelleres System haben möchtest:
- Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
- Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.
"Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK"
it-academy.cc
pqtuning.de
Laden von Programmen beim Start von Windows Vista verhindern
- Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart...
- Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten`
(Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.)
- Falls Du mal brauchst, manueller Start jederzeit möglich
- Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*):
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
Da es ist immer Benutzerspezifisch, ein allgemein gültiges Rezept gibt es nicht, finde über Google die Grundfunktionen der einzelnen Programme heraus!
Gleich ein paar Vorschläge:
Code:
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

stone1979 18.08.2011 16:11
Hallo ich bin bei punkt 2 hängen geblieben:-(, deinstallation des letzten java ...geht nicht "siehe screenschoot"! Installieren der neuen java geht auch nicht "siehe screenshoot"!

Ich erriner mich eben, das updaten des java geht schon ca1 jahr lang nicht, hielt das nicht für wichtig....da lag ich anscheinend falsch :-(!

Was soll ich jetzt machen?

Gruß Marco

stone1979 18.08.2011 16:17
Liste der Anhänge anzeigen (Anzahl: 2)
Hier der Screenshoot :-(


Gruß Marco

kira 18.08.2011 16:33
1.
Software mit Revo Uninstaller deinstallieren

Downloade von Revo Group die Freeware-Version des Revo Uninstallers
  • Doppelklick auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklick auf das Icon Revo Uninstaller.
  • Doppelklicke nacheinander folgende Software aus der Code-Box:
    Code:
    Java
  • Bestätige die Deinstallation mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach übrig gebliebenen Registry-Einträgen auf dem Rechner suchen. Klicke auf weiter.
  • Klicke auf den Button Markiere alle, klicke auf löschen und weiter und bestätige mit Ja.
  • Zum Schluss sucht das Tool evtl. noch nach übrig geblieben Dateien und Ordnern.
  • Prüfe die Ordner und Dateien und klicke ggfs. auf den Button Markiere alle, klicke auf weiter und bestätige mit Ja.

Starte den Rechner neu.

2.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

stone1979 18.08.2011 17:55
Hallo ich habe mit den Programm Jave deinstalliert dann hab ich neues java installiert... ging auch, aber leider sagt laptop mir das ich kein java hab, nach nochmaliegen installieren sagt er dennoch ist schon installiert. wenn ich dann aber das deinstallation programm öffne sowie über systemsteuerung programme und funktionen schau ob java installiert ist zeigt er mir java nicht mal an:-(.Den ccleaner hab ich auch durchgeführt, musste aber häckchen bei internet explorer rausnehmen sonst bleibt cleaner beim verlauf des internet explorerers hängen :-(.
Was ist nun falsch gelaufen mit java und cleaner? Sollt ich evtl mal einen anderen pfad zum java installieren verwenden, wenn ja welchen?
hier der link Download von Java für Windows


Gruß Marco

stone1979 18.08.2011 18:16
Liste der Anhänge anzeigen (Anzahl: 1)
sorry .... hier das ist der fehler screenshoot bei erneuter java installation. Laptop sagt java sei schon installiert, leider ist es nicht zu finden unter systemsteuerung ...prorgamme und funktionen und auch nicht mit den von dir genannen uniinstallatuions programm. Was nun :-(? Bei neu installation kommt siehe screenshoot.

Gruß Marco

kira 19.08.2011 05:42
mach erstmal ab Punkt 4. weiter

stone1979 19.08.2011 16:34
Hallo, hier das Ergebniss
von Punkt 4=

Code:
All processes killed
========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
ADS C:\ProgramData\TEMP:0888F409 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DCCDFEE5-3621-4515-8C75-D29DA8C7E6DF}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DE93F1BC-AC08-4962-B583-D20E19BFAF5B}C:\program files\icq6\icq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{17553674-4733-4E00-982C-8B878F721049}C:\users\marco\desktop\marco alter laptop\iphone cracken\umbrella-4.1.4.exe deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Marco
->Temp folder emptied: 8749770 bytes
->Temporary Internet Files folder emptied: 639966 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67202780 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1432 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1465513 bytes
 
Total Files Cleaned = 74,00 mb
 
 
OTL by OldTimer - Version 3.2.26.5 log created on 08192011_162327

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_bGEs9Nj92cIb61H not found!

Registry entries deleted on Reboot...
Punkt 5 wollt ich durchführen leider zeigt er mir nach dieser Beschreibung Laden von Programmen beim Start von Windows Vista verhindern - HP Kundendienst (Österreich - Deutsch) nur "one Note 2007 Bildschirmausschnitt startprogramm" an, bekomm es nicht hin das er mir mehr anzeigt :-(!
Was mach ich falsch?

Gruß Marco

kira 20.08.2011 04:57
Start→ Alle Programme → Zubehör → Ausführen →"msconfig" (reinschreiben ohne "") → Ok
die unten (Punkt 5.) genannten Programme aus Autostart rausnehmen (Häckhen wegklicken)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:24 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129