![]() |
Log-Analyse und Auswertung: GVU Trojaner entfernen (Windows 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() GVU Trojaner entfernen (Windows 7) Hallo und guten Abend, ich hatte in den letzten Wochen einen GVU Trojaner und noch einen anderen eingefangen. Nun habe ich durch Drücken der F8 Taste beim Hochfahren des PCs den PC auf den Originalzustand wie bei der Auslieferung nach dem Kauf zurückgesetzt und würde gerne wissen, ob er damit wieder "sauber" ist oder ob noch Handlungsbedarf besteht (und wenn ja, was). :-) Danach habe ich nur ITunes und McAffee neu installiert und die zuvor gesicherte Musik wieder reingespielt. Meine Sicherungssoftware (McAffee) hat nichts gefunden. Da ich sehr viel mit einem externen Laufwerk arbeite, wüsste ich auch gerne, ob da noch etwas versteckt sein könnte, ich glaube jedoch, dort wurde nicht gescannt (woran erkenne ich das?) - sorry, bin nicht gerade PC-Spezialist. Hier nun meine OTL Logs: OTL logfile created on: 25.06.2012 21:03:40 - Run 1 OTL by OldTimer - Version Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,79% Memory free 5,99 Gb Paging File | 4,13 Gb Available in Paging File | 69,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 212,94 Gb Free Space | 75,14% Space Free | Partition Type: NTFS Drive F: | 1862,10 Gb Total Space | 704,58 Gb Free Space | 37,84% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0929bf4ca3bc8e8b2131f27cdf500c7e\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll () MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (0322511340650633mcinstcleanup) McAfee Application Installer Cleanup (0322511340650633) -- C:\Windows\Temp\0322511340650633mcinst.exe (McAfee, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5C892E89-F104-4CE0-B773-56E6ADC57510} IE:64bit: - HKLM\..\SearchScopes\{5C892E89-F104-4CE0-B773-56E6ADC57510}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {55735EEA-89F1-4880-89A7-895F77DA0F48} IE - HKLM\..\SearchScopes\{55735EEA-89F1-4880-89A7-895F77DA0F48}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {55735EEA-89F1-4880-89A7-895F77DA0F48} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.24 15:30:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.06.25 20:57:07 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120624153009.dll (McAfee, Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624153009.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CCAE31D-4159-48A5-8FB9-FAB78D245D46}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9F0473B-62C2-41D8-8880-99D09A7079D8}: DhcpNameServer = O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.25 20:55:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.25 20:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.06.24 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2012.06.24 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2012.06.24 22:45:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2012.06.24 22:45:02 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2012.06.24 22:45:01 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.06.24 22:45:01 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.06.24 22:44:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dell [2012.06.24 22:44:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DataSafeOnline [2012.06.24 22:44:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Stardock_Corporation [2012.06.24 22:44:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Roxio [2012.06.24 22:43:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2012.06.24 22:43:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2012.06.24 22:43:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SupportSoft [2012.06.24 22:43:28 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2012.06.24 22:43:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.06.24 22:43:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2012.06.24 22:43:09 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2012.06.24 22:43:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2012.06.24 22:40:22 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.24 22:40:22 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.24 22:40:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.24 22:40:14 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.24 22:40:14 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.24 22:40:14 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.24 22:40:03 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.24 22:40:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2012.06.24 22:39:54 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2012.06.24 22:39:53 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2012.06.24 22:39:53 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.06.24 22:39:53 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2012.06.24 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2012.06.24 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2012.06.24 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\Programme [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.06.24 22:39:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.06.24 22:31:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.06.24 17:13:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2012.06.24 17:13:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2012.06.24 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.24 17:13:36 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2012.06.24 17:13:36 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2012.06.24 17:13:36 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.06.24 17:13:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.06.24 17:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.24 17:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.24 17:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.06.24 17:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.06.24 17:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012.06.24 17:11:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2012.06.24 17:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.06.24 17:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.06.24 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.06.24 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.06.24 17:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.06.24 17:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.06.24 16:47:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2012.06.24 16:01:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Reallusion [2012.06.24 16:00:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Dell WebCam Central [2012.06.24 16:00:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Creative [2012.06.24 16:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2012.06.24 15:44:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink [2012.06.24 15:41:06 | 000,162,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2012.06.24 15:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com [2012.06.24 15:30:09 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys [2012.06.24 15:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2012.06.24 15:30:04 | 000,487,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys [2012.06.24 15:30:04 | 000,289,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys [2012.06.24 15:30:04 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys [2012.06.24 15:30:04 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys [2012.06.24 15:30:04 | 000,075,936 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys [2012.06.24 15:30:04 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys [2012.06.24 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2012.06.24 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2012.06.24 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2012.06.24 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2012.06.24 15:17:31 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.24 15:17:31 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.24 15:17:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed ========== Files - Modified Within 30 Days ========== [2012.06.25 20:57:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 20:57:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 20:55:44 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.25 20:55:06 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk [2012.06.25 20:50:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.25 20:50:13 | 2413,056,000 | -HS- | M] () -- C:\hiberfil.sys [2012.06.24 22:44:13 | 000,001,980 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012.06.24 22:34:27 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.06.24 22:34:27 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.06.24 22:33:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.06.24 22:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.24 17:15:51 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.24 17:15:51 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.24 17:15:51 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.24 17:15:51 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.24 17:15:51 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.24 17:13:38 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.24 15:17:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.24 15:17:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe ========== Files Created - No Company Name ========== [2012.06.24 22:44:13 | 000,001,980 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012.06.24 22:43:35 | 000,001,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.06.24 22:43:29 | 000,001,441 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.06.24 22:40:09 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk [2012.06.24 22:33:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.06.24 22:31:27 | 2413,056,000 | -HS- | C] () -- C:\hiberfil.sys [2012.06.24 17:13:38 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.24 17:10:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.06.24 15:31:15 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk [2012.06.24 15:17:32 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job < End of report > Und hier der 2. Log (Extras.txt): OTL Extras logfile created on: 25.06.2012 21:03:40 - Run 1 OTL by OldTimer - Version Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,79% Memory free 5,99 Gb Paging File | 4,13 Gb Available in Paging File | 69,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 212,94 Gb Free Space | 75,14% Space Free | Partition Type: NTFS Drive F: | 1862,10 Gb Total Space | 704,58 Gb Free Space | 37,84% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{001A1F66-DCBF-46F1-8658-542ED75373FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{08214B2F-BCB2-4444-8D1D-347FA2F2D038}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1BDD06C7-7F39-447E-A8B2-BEA995C5A0B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2867D997-8F4C-495D-9EA2-2340EC963CF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{358159F3-4037-4A49-B54D-942FB4152DF6}" = rport=139 | protocol=6 | dir=out | app=system | "{363FDB41-1984-4B0C-9990-475EB942D482}" = lport=139 | protocol=6 | dir=in | app=system | "{3DDFD362-3B59-4CB3-939B-49AF79E156B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{482D8954-E8E0-4585-A0D2-3EAF3662BB0D}" = rport=138 | protocol=17 | dir=out | app=system | "{4A96928D-6B65-42AF-9587-667DA3E15BD2}" = rport=137 | protocol=17 | dir=out | app=system | "{527F9855-0CC1-4BC9-8DCC-8110D5AF5FC3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5BB01580-3D2D-47A0-88FE-62748A25362B}" = lport=137 | protocol=17 | dir=in | app=system | "{68F01227-79DA-469A-BA00-A7B2A965C976}" = lport=138 | protocol=17 | dir=in | app=system | "{7724B907-1672-43CE-997C-8D6C5D5DC307}" = lport=445 | protocol=6 | dir=in | app=system | "{7A7106F0-6569-4265-97CD-F2F36830A68F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A0D42888-93C8-4170-A94D-DC9CD4479B2C}" = rport=10243 | protocol=6 | dir=out | app=system | "{B5AC9704-BE48-43B2-B758-FF393AEE2013}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C37390B2-AFE0-4A62-B3DA-EBDD659F27A4}" = rport=445 | protocol=6 | dir=out | app=system | "{C5A29286-FDFF-490A-A03C-835EC99D0D9C}" = lport=10243 | protocol=6 | dir=in | app=system | "{CEB2010E-4CCE-4E6A-B89F-5E7575D5C30F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DDFED82F-AC58-450B-9BF7-EB54A7736B29}" = lport=2869 | protocol=6 | dir=in | app=system | "{DF4BFC35-6C3F-4EC3-9F36-AEC9F1D0CCCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F01EE2EB-4E2F-4120-8AC7-0742E94598F4}" = lport=2869 | protocol=6 | dir=in | app=system | "{FF7BC2DB-69EE-4579-8737-AB7853361013}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03D64BB1-2E49-4B7C-AFA1-754BA9B1A2D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0913FC50-AFD9-4339-BCAE-56738A069384}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0ACF6E0B-71AF-461D-8F2A-8266C4970CAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0FFD341E-F95D-4276-B330-FADA8CA4E6C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{158F79CD-8E95-4D50-8DDD-2660A443AAED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1C92B5A5-FA25-4954-895C-BF000A12B7A3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | "{3739A881-72B8-4C10-9900-80A5C5443462}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{41A1CFD8-B3F4-4968-BE48-DDF409236F02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4D4C0DB4-C7C8-469C-A046-C033FD41B37F}" = protocol=6 | dir=out | app=system | "{53F5BD48-EB57-4783-9DAB-1DEC512690CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{54E8FB45-F592-4B2F-BFF6-F61965397E8C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{6BF9FE96-985E-4F99-BD31-9C275E01CC28}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{70D1796E-F5E6-47B4-99A9-77DBC70E4462}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{73B4D5D2-351B-4E49-86C8-26B60D682C3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{75EE7B1D-3550-4726-895C-73C7366D6D1C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{7ADCB21D-E733-46B6-8283-FA39CC4835CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{813C45AF-0E44-423D-9B5D-51397B070038}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{93592424-9CBE-419D-8920-CCC65859C5BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A01DEB30-B0B2-4172-8418-BFACBBE307F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A1A5A1F5-8005-41B8-AE53-2064CFF0A1C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A8AAC38F-075B-4B2E-89AF-705D91328AC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0573EC7-7CF8-4D58-B121-289C02EE1823}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C249D261-7C46-4FC2-8604-EDABA3948B4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C884D0DF-8CA1-4110-B448-48A74D5551EE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{D697FB06-6F8F-4169-A026-9DEE629E248D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{DA27F8E6-6911-4A64-96E2-CA229BF957B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DE9174A4-1B87-41AC-93E2-1186ABF38C62}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{E1272196-2C44-421C-8223-20363EE56D1A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | "{E1B4BD83-68E1-435F-9D51-1671AF243AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E55CA4B2-C9D3-4DBE-834D-52C787C72968}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E5AB25B5-03B1-4C7A-A649-222299AD3BB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F65D4CF0-4A3A-4CFD-BF51-500234F1EC5C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FC427338-F8CB-4417-8D1E-BD2FC9A03A04}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FE503911-1F36-4D47-8377-7AFA309728DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit) "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64 "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility "SynTPDeinstKey" = Dell Touchpad [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean "{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian "{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All "{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common "{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese "{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New "{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish "{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing "{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding "{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Advanced Audio FX Engine" = Advanced Audio FX Engine "Dell Webcam Central" = Dell Webcam Central "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "MSC" = McAfee SecurityCenter "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24.06.2012 09:42:44 | Computer Name = ***-PC | Source = McLogEvent | ID = 5051 Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 4068 (0xfe4) Thread address : 0x0000000076DD01EA Thread message : Build VSCORE. / 5301.4018 Object being scanned = \Device\HarddiskVolume3\Windows\system32\bcmihvsrv64.dll by C:\Users\***\AppData\Local\Temp\McInstallTemp\RiskScan.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 24.06.2012 09:43:48 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mcnasvc.exe, Version:, Zeitstempel: 0x49de10e6 Name des fehlerhaften Moduls: mccoreps.dll, Version:, Zeitstempel: 0x49dd7393 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000a9b6 ID des fehlerhaften Prozesses: 0xcfc Startzeit der fehlerhaften Anwendung: 0x01cd524990768845 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\mcafee\core\mccoreps.dll Berichtskennung: 9fb37ab1-be02-11e1-b03c-00256474e55b Error - 24.06.2012 09:46:00 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mcnasvc.exe, Version:, Zeitstempel: 0x49de10e6 Name des fehlerhaften Moduls: mccoreps.dll, Version:, Zeitstempel: 0x49dd7393 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000a9b6 ID des fehlerhaften Prozesses: 0x15e0 Startzeit der fehlerhaften Anwendung: 0x01cd520f88af718c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\mcafee\core\mccoreps.dll Berichtskennung: ee63ef34-be02-11e1-b03c-00256474e55b Error - 24.06.2012 09:48:08 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mcnasvc.exe, Version:, Zeitstempel: 0x49de10e6 Name des fehlerhaften Moduls: mccoreps.dll, Version:, Zeitstempel: 0x49dd7393 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000a9b6 ID des fehlerhaften Prozesses: 0x158c Startzeit der fehlerhaften Anwendung: 0x01cd520fd4eddbbe Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\mcafee\core\mccoreps.dll Berichtskennung: 3a7984b7-be03-11e1-b03c-00256474e55b Error - 24.06.2012 11:35:47 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm iTunes.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7f4 Startzeit: 01cd521bf8f6edca Endzeit: 20 Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe Berichts-ID: Error - 24.06.2012 11:37:09 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm iTunes.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c68 Startzeit: 01cd521f0c5f7d9f Endzeit: 83 Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe Berichts-ID: Error - 24.06.2012 12:38:56 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 24.06.2012 12:40:22 | Computer Name = ***-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 24.06.2012 17:21:55 | Computer Name = ***-PC | Source = EventSystem | ID = 4621 Description = Error - 25.06.2012 14:59:41 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bb0 Startzeit: 01cd530430f317e1 Endzeit: 0 Anwendungspfad: C:\Users\***\Desktop\OTL.exe Berichts-ID: [ Broadcom Wireless LAN Events ] Error - 24.06.2012 16:44:21 | Computer Name = ***-PC | Source = WLAN-Tray | ID = 0 Description = 22:44:20, Sun, Jun 24, 12 Error - Unable to get current user admin status Error - 24.06.2012 16:45:51 | Computer Name = ***-PC | Source = WLAN-Tray | ID = 0 Description = 22:45:51, Sun, Jun 24, 12 Error - Unable to get current user admin status Error - 24.06.2012 16:47:31 | Computer Name = ***-PC | Source = WLAN-Tray | ID = 0 Description = 22:47:31, Sun, Jun 24, 12 Error - Unable to switch user context, authentication information not set correctly [ System Events ] Error - 24.06.2012 09:43:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht. Error - 24.06.2012 09:46:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "McAfee Network Agent" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 24.06.2012 09:48:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "McAfee Network Agent" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error - 24.06.2012 09:58:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 24.06.2012 11:14:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. Error - 24.06.2012 11:14:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht. Error - 24.06.2012 11:16:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. Error - 24.06.2012 11:17:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht. Error - 25.06.2012 15:02:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. Error - 25.06.2012 15:03:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht. < End of report > Vielen Dank schon mal!! Bridge |
![]() | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner entfernen (Windows 7) Ein Recovern kommt einer Neuinstallation gleich, sofern du keine Probleme hast gibt es auch keinen Anlass weitere Analysen zu machen
__________________ |
![]() | #3 |
| ![]() GVU Trojaner entfernen (Windows 7) Hallo Arne,
__________________das sind ja gute Neuigkeiten, vielen Dank! Viele Grüße und einen schönen Abend Bridge |
![]() |
Themen zu GVU Trojaner entfernen (Windows 7) |
adobe, autorun, bho, bonjour, entfernen, error, excel, firefox, flash player, format, gvu trojaner entfernen, gvu-trojaner entfernen, helper, home, install.exe, logfile, microsoft office word, musik, object, plug-in, realtek, registry, richtlinie, rundll, searchscopes, security, senden, siteadvisor, svchost.exe, trojaner, version=1.0, windows, wlan, wsearch |