| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: svchost.exe macht 100% SystemauslastungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.07.2010, 20:33
| #1 |
| |  svchost.exe macht 100% Systemauslastung Hallo, bei mir ist leider genau das selbe Problem. 100% CPU Auslastung und wenn der Netzwerkabel nicht angeschlossen ist dann kommt der fehler nicht. Hier mal der OTL auswurf: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.07.2010 22:15:58 - Run 1 OTL by OldTimer - Version 3.2.7.1 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 549,00 Mb Available Physical Memory | 54,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 14,65 Gb Total Space | 0,31 Gb Free Space | 2,14% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 26,93 Gb Free Space | 27,58% Space Free | Partition Type: NTFS Drive E: | 120,57 Gb Total Space | 30,63 Gb Free Space | 25,41% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: * Current User Name: * Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Vodafone\Via The Phone\VodafoneConnectorService.exe (Vodafone Group) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH ) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.) PRC - C:\Programme\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.) PRC - C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) ========== Modules (SafeList) ========== MOD - E:\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL (Logitech Inc.) MOD - C:\Programme\Logitech\MouseWare\system\LgWndHk.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (VodafoneConnectorService) -- C:\Programme\Vodafone\Via The Phone\VodafoneConnectorService.exe (Vodafone Group) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Driver Services (SafeList) ========== DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.) DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-484763869-1897051121-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-484763869-1897051121-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.25 08:01:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.02 18:59:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.12 12:12:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.07.02 18:59:08 | 000,000,000 | ---D | M] [2009.11.05 17:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Mozilla\Extensions [2010.07.02 15:23:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Mozilla\Firefox\Profiles\xrj7l90x.default\extensions [2010.04.16 18:00:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Mozilla\Firefox\Profiles\xrj7l90x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.02 15:23:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.31 18:15:23 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2010.03.07 03:54:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.07 03:54:48 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.07 03:54:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.07 03:54:48 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.07 03:54:48 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-484763869-1897051121-839522115-1005..\Run: [{01AFD72A-0250-82F6-1FE1-4C33DD933D70}] C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Wemofy\houp.exe () O4 - HKU\S-1-5-21-484763869-1897051121-839522115-1005..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-484763869-1897051121-839522115-1005..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MSI US54EX Wireless Client Utility.lnk = C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH ) O4 - Startup: C:\Dokumente und Einstellungen\Helvete\Startmenü\Programme\Autostart\sisytj32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-484763869-1897051121-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.11.05 15:31:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{940c6888-0399-11df-bcef-0015f249abde}\Shell - "" = AutoRun O33 - MountPoints2\{940c6888-0399-11df-bcef-0015f249abde}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{940c6888-0399-11df-bcef-0015f249abde}\Shell\AutoRun\command - "" = L:\VTP_Manager.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Sparbuch heute.lnk - D:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Helvete^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Programme\Pando Networks\Media Booster\PMB.exe () MsConfig - StartUpReg: PDFPrint - hkey= - key= - D:\Programme\pdf24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point (56027131116781568) ========== Files/Folders - Created Within 30 Days ========== [2010.06.09 15:03:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.06.08 17:55:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Helvete\Eigene Dateien\Downloads [2010.06.03 18:06:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Helvete\Eigene Dateien\Electronic Arts [2010.06.03 17:14:21 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll [2010.06.03 17:14:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft WSE [2010.06.03 09:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.02 22:02:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.02 21:57:50 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.02 21:57:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.02 21:57:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.02 21:56:27 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\Helvete\NTUSER.DAT [2010.07.02 21:56:27 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Helvete\ntuser.ini [2010.07.02 18:59:10 | 000,001,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.07.01 21:03:34 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\avdrn.dat [2010.06.29 04:22:03 | 000,000,573 | ---- | M] () -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\burnaware.ini [2010.06.26 19:27:26 | 000,187,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Helvete\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.25 11:16:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.06.24 07:46:07 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.06.22 09:23:29 | 002,642,060 | -H-- | M] () -- C:\Dokumente und Einstellungen\Helvete\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.06.21 03:02:20 | 001,024,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.21 03:02:20 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.21 03:02:20 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.21 03:02:20 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.21 03:02:20 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.09 19:17:23 | 001,467,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.09 15:03:43 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.06.05 09:52:38 | 000,048,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Helvete\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.02 18:44:12 | 000,001,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.07.01 21:13:41 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dhxiuw.dat [2010.07.01 21:03:34 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\avdrn.dat [2010.05.26 03:01:10 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini [2010.05.24 21:09:38 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.04.24 05:39:54 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2010.04.24 05:39:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL [2010.04.24 05:39:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll [2010.04.24 05:39:10 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini [2010.04.19 15:01:09 | 000,000,168 | ---- | C] () -- C:\WINDOWS\Sierra.ini [2010.04.09 23:20:48 | 000,000,637 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.03.28 16:56:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.02.24 02:00:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.12.22 21:17:46 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll [2009.12.22 21:17:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll [2009.12.01 14:17:59 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2009.12.01 14:17:59 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2009.12.01 14:17:59 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2009.12.01 14:17:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2009.12.01 14:17:54 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2009.12.01 14:17:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2009.12.01 14:17:52 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI [2009.12.01 14:17:39 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009.11.27 14:41:16 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll [2009.11.05 16:35:14 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2009.11.05 15:33:44 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007.11.07 01:00:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.11.07 01:00:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.11.07 01:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.11.07 01:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.11.07 01:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys ========== LOP Check ========== [2010.04.09 12:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.04.10 16:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2009.11.13 17:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FlashFXP [2010.01.31 19:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS [2010.05.29 20:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PassMark [2010.01.31 18:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.02.02 20:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2009.11.13 10:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.03.16 01:40:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\.minecraft [2010.06.28 13:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Bioshock [2010.04.09 12:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Buhl Data Service [2010.05.24 21:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\DAEMON Tools [2010.04.10 16:09:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\elsterformular [2010.05.22 00:49:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\enchant [2010.06.11 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\FrostWire [2010.02.26 20:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\GetRightToGo [2010.06.02 04:33:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\gtk-2.0 [2010.07.02 19:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\ICQ [2009.12.24 01:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\MilkShape 3D 1.x.x [2010.01.31 20:34:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\NeopleLauncherDFO [2009.11.30 17:31:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\OpenOffice.org [2010.07.02 16:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Saipix [2010.05.30 13:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Samsung [2010.02.23 18:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Serif [2009.11.10 17:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Thunderbird [2010.04.28 22:26:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Wemofy ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.03.16 01:40:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\.minecraft [2010.04.28 13:13:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Adobe [2009.12.07 21:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Apple Computer [2010.06.28 13:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Bioshock [2010.04.09 12:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Buhl Data Service [2010.05.24 21:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\DAEMON Tools [2009.11.27 08:11:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\DivX [2010.04.01 10:08:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\dvdcss [2010.04.10 16:09:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\elsterformular [2010.05.22 00:49:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\enchant [2010.06.11 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\FrostWire [2010.02.26 20:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\GetRightToGo [2009.11.09 19:43:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Google [2010.06.02 04:33:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\gtk-2.0 [2010.04.24 05:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Help [2010.07.02 19:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\ICQ [2009.11.05 15:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Identities [2010.02.09 03:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\InstallShield [2009.11.05 17:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Macromedia [2010.06.23 07:19:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Microsoft [2009.12.24 01:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\MilkShape 3D 1.x.x [2009.11.10 17:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Mozilla [2010.01.31 20:34:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\NeopleLauncherDFO [2009.11.30 17:31:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\OpenOffice.org [2010.07.02 16:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Saipix [2010.05.30 13:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Samsung [2010.02.09 03:37:43 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\SecuROM [2010.02.23 18:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Serif [2009.11.13 02:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Sun [2009.11.10 17:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Thunderbird [2010.06.28 15:46:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\vlc [2010.04.28 22:26:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Wemofy [2010.04.13 09:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Winamp [2009.11.07 04:36:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2009.11.16 19:08:31 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe [2010.06.03 17:14:20 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.04.28 22:26:55 | 000,133,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Helvete\Anwendungsdaten\Wemofy\houp.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2004.09.26 15:24:54 | 000,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: NVATA.SYS > [2005.08.18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys < MD5 for: NVATABUS.SYS > [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\system32\drivers\nvatabus.sys [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvatabus.sys [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvatabus.sys [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvatabus.sys < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: VIAMRAID.SYS > [2004.05.18 15:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.24 21:09:38 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2009.11.01 14:42:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009.11.01 14:42:37 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009.11.01 14:42:37 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
07.07.2010, 20:34
| #2 |
| |  svchost.exe macht 100% Systemauslastung Ich hoffe ihr könnt mir helfen
__________________ OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.07.2010 22:15:58 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 549,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 0,31 Gb Free Space | 2,14% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 26,93 Gb Free Space | 27,58% Space Free | Partition Type: NTFS
Drive E: | 120,57 Gb Total Space | 30,63 Gb Free Space | 25,41% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: *
Current User Name: *
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-484763869-1897051121-839522115-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56106:TCP" = 56106:TCP:*:Enabled:Pando Media Booster
"56106:UDP" = 56106:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\FlashFXP\FlashFXP.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Games\Age Of Empires II\age2_x1.exe" = D:\Games\Age Of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\FlashFXP\FlashFXP.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"E:\Alter Pc\Neuer Ordner\games\Quake III Arena\quake3.exe" = E:\Alter Pc\Neuer Ordner\games\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- File not found
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- File not found
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"D:\Games\Dungeon Fighter Online\DFO\DFO.exe" = D:\Games\Dungeon Fighter Online\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online -- File not found
"D:\Programme\FrostWire\FrostWire.exe" = D:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"D:\Games\Valve\Steam\SteamApps\-fussy-\half-life blue shift\hl.exe" = D:\Games\Valve\Steam\SteamApps\-fussy-\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Games\Valve\Steam\SteamApps\-fussy-\half-life\hl.exe" = D:\Games\Valve\Steam\SteamApps\-fussy-\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Games\EmperorDAdRdM\Emperor.exe" = D:\Games\EmperorDAdRdM\Emperor.exe:*:Enabled:Emperor -- (Sierra)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{34A0FF07-F11A-4157-84A3-92F8AD688CBF}" = Vodafone Mobile Broadband via the phone
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E0D0742-45BF-4438-8CE2-1AAADE878DBD}" = Vodafone Mobile Broadband via the phone
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = DER ERSTE KAISER: Aufstieg des Reichs der Mitte
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C79F39-5FEB-45C3-A7EF-511FA8E806A5}" = Serif PagePlus X4
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFB1C194-CF92-4D51-8329-408E8932F222}" = Brother HL-2040
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFAA01ED-BEEC-4578-87D5-90E1C7A6D230}" = MSI US54EX Wireless Client Utility
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bluefish" = Bluefish 2.0.0-1
"BurnAware Free_is1" = BurnAware Free 2.4.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.3.0.4235" = ElsterFormular
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"RollerCoaster Tycoon Setup" = Roll
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Steam App 130" = Half-Life: Blue Shift
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.06.2010 04:08:54 | Computer Name = DANIEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3743, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 11.06.2010 21:32:20 | Computer Name = DANIEL | Source = ESENT | ID = 490
Description = svchost (1080) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 12.06.2010 07:53:05 | Computer Name = DANIEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msnmsgr.exe, Version 14.0.8089.726, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 23.06.2010 00:22:39 | Computer Name = DANIEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3814, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 28.06.2010 22:14:46 | Computer Name = DANIEL | Source = ESENT | ID = 490
Description = svchost (1080) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 29.06.2010 10:24:18 | Computer Name = DANIEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3828, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.4053, Fehleradresse 0x00090c0c.
Error - 29.06.2010 10:25:02 | Computer Name = DANIEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3828,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 01.07.2010 18:42:30 | Computer Name = DANIEL | Source = ESENT | ID = 482
Description = wlcomm (3700) Versuch, in Datei "C:\Dokumente und Einstellungen\Helvete\Lokale
Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{2f39e286-e462-47f5-ac15-c8ac6bb7061f}\DBStore\LogFiles\edbtmp.log"
bei Offset 0 (0x0000000000000000) für 1048576 (0x00100000) Bytes zu schreiben,
ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem
Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss
aus einer vorherigen Sicherung wiederhergestellt werden.
Error - 01.07.2010 20:01:17 | Computer Name = DANIEL | Source = ESENT | ID = 428
Description = wlcomm (3700) Das Datenbankmodul kann keine Aktualisierungen akzeptieren,
weil die Festplatte, auf der sich die Protokolldatei der Datenbank befindet, über
zu wenig freien Speicherplatz verfügt .
Error - 02.07.2010 11:22:32 | Computer Name = DANIEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.5.6.2512, fehlgeschlagenes
Modul winamp.exe, Version 5.5.6.2512, Fehleradresse 0x0002eb2e.
[ System Events ]
Error - 25.06.2010 01:49:55 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 29.06.2010 10:29:28 | Computer Name = DANIEL | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +372003 Sekunden
geändert
werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden
geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.2.100:123->207.46.232.182:123)
funktionsfähig ist.
Error - 02.07.2010 13:51:13 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7034
Description = Dienst "Vodafone Connector Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 02.07.2010 13:51:38 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DCOM-Server-Prozessstart" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Computer neu..
Error - 02.07.2010 13:51:38 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7034
Description = Dienst "Terminaldienste" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.07.2010 14:10:36 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DCOM-Server-Prozessstart" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Computer neu..
Error - 02.07.2010 14:10:36 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7034
Description = Dienst "Terminaldienste" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.07.2010 15:02:29 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DCOM-Server-Prozessstart" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Computer neu..
Error - 02.07.2010 15:02:29 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7034
Description = Dienst "Terminaldienste" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.07.2010 15:58:27 | Computer Name = DANIEL | Source = System Error | ID = 1003
Description = Fehlercode 00000024, 1. Parameter 001902fe, 2. Parameter ede6bb6c,
3. Parameter ede6b868, 4. Parameter f711e8d6.
< End of report >
|
|
| Themen zu svchost.exe macht 100% Systemauslastung |
| 0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, avgntflt.sys, c:\windows\system32\rundll32.exe, components, firefox.exe, iastor.sys, location, mozilla thunderbird, oldtimer, otl.exe, pando media booster, plug-in, sched.exe, searchplugins, security update, service pack 1, sptd.sys, studio, vodafone, wrapper |
Linear-Darstellung
