|
Log-Analyse und Auswertung: Mein PC lädt runter und lädt runter..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.08.2010, 23:48 | #1 |
| Mein PC lädt runter und lädt runter.. Hallo liebe Leute! Ich bin neu hier und ich muss zugeben, ich kenne mich absolut NICHT aus am PC. Mein PC lädt runter und lädt runter.. ich habe nun Spybot - Search & Destroy laufen lassen - Gratuliere, keine Spione gefunden. Ich habe auch ein antiviren-programm - avast - auch nichts gefunden.. ich weiß nicht, woran das Problem liegt.. könnte mir bitte jemand Schritt für Schritt aufschreiben, was ich jetzt tun soll... ich habe rausgefunden, dass ich das machen soll. (Hijick), aber was jetzt.. bitte, seid so lieb und schreibt mir Schritt auf, was ich jetzt machen soll.. ich bin wirklich eine totale Anfängerin. Vielen lieben Dank!! HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:46:27, on 19.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\SiteAdvisor\6173\SiteAdv.exe C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSyncMAPI.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Opera\opera.exe C:\Users\claudia\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O15 - Trusted Zone: hxxp://*.mcafee.com (HKLM) O15 - Trusted Zone: hxxp://betavscan.mcafeeasap.com (HKLM) O15 - Trusted Zone: hxxp://vs.mcafeeasap.com (HKLM) O15 - Trusted Zone: hxxp://www.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: hxxp://*.mcafee.com (HKLM) O15 - ESC Trusted Zone: hxxp://betavscan.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: hxxp://vs.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: hxxp://www.mcafeeasap.com (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{7CC0E751-E59A-4961-AA67-DB4BDDD722E6}: NameServer = 194.48.124.202 194.48.124.200 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe O23 - Service: EngineServer - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system32\uArcCapture.exe -- End of file - 12956 bytes bitte, Schritt für Schritt ...... vielen lieben Dank.. vielleicht habe ich soviel auch auf meinem PC, was ich nicht brauche.. auch dafür wäre ich dankbar.. erstmal muss das ständige runterladen aufhören... danke!!!!!!! lg frc1501 bitte kann mir jemand dringend helfen!!!! danke |
19.08.2010, 19:32 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC lädt runter und lädt runter.. Hallo und
__________________Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
20.08.2010, 20:00 | #3 |
| Mein PC lädt runter und lädt runter.. Danke für die Hilfe!!!
__________________Nun.. erstmal Ergebnis Anti-Malwarebytes. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4453 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20.08.2010 20:56:23 mbam-log-2010-08-20 (20-56-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 251987 Laufzeit: 2 Stunde(n), 0 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Ergebnis von OTL folgt noch... |
20.08.2010, 21:03 | #4 |
| Mein PC lädt runter und lädt runter.. OTL - Extras.Txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 8/20/2010 9:02:42 PM - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\...\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 215.59 Gb Total Space | 181.50 Gb Free Space | 84.19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1.99 Gb Total Space | 0.02 Gb Free Space | 0.88% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: namexy-HP Current User Name: namexy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers "{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager "{198B3755-CBC3-4086-BA6C-DA0C3D6C555A}" = Broadcom CrystalHD Decoder "{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates "{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam "{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B40D6A-4F41-4AA5-934B-41796A9DFCC3}" = HP ProtectTools Security Manager "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates "{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager "{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools "{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver "{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{469039EC-72A4-4393-BF8B-20FBADEA6619}" = Drive Encryption for HP ProtectTools "{46DD6CB5-C129-40A5-9427-2E67A400888E}" = Qualcomm Gobi 2000 Package for HP "{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business "{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates "{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{670234D0-42BE-493E-B3EB-6B5275530461}" = Corel Home Office "{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools "{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78552E1C-84B9-41AE-9764-67CB874ABB0F}" = HP QuickLook "{7861911B-4270-498A-8F7A-FCF0570F4862}" = HP QuickWeb "{84FD80B9-AB11-406F-8719-09C51D18CC0C}" = HP Wireless Assistant "{8879F61A-C127-4171-A6E6-3299902492B9}" = HP QuickSync "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91A889B2-F013-43B0-9A68-014F0C9E0610}" = HP User Guides 0163 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2BF004A-6565-49C0-B398-0C668CC85105}" = HP ESU for Microsoft Windows 7 "{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera "{CB65A1C3-533D-4EA6-82B5-FBA926F19079}" = Face Recognition for HP ProtectTools "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}" = HP Connection Manager "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast5" = avast! Free Antivirus "B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Drive Encryption" = Drive Encryption for HP ProtectTools "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "GMX MultiMessenger" = GMX MultiMessenger "HDMI" = Intel(R) Graphics Media Accelerator Driver "HPProtectTools" = HP ProtectTools Security Manager "InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery "InstallShield_{CB65A1C3-533D-4EA6-82B5-FBA926F19079}" = Face Recognition for HP ProtectTools "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "McAfee SiteAdvisor" = McAfee Browser Protection Service "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "MVS" = McAfee Virus and Spyware Protection Service "PDF Complete" = PDF Complete Special Edition "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.1.2 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
20.08.2010, 21:17 | #5 |
| Mein PC lädt runter und lädt runter.. OTL Text-Editor:OTL Logfile: Code:
ATTFilter OTL logfile created on: 8/20/2010 9:02:42 PM - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\...\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 215.59 Gb Total Space | 181.50 Gb Free Space | 84.19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1.99 Gb Total Space | 0.02 Gb Free Space | 0.88% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Namexy-HP Current User Name: namexy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) PRC - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.) PRC - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe (Smith Micro Software, Inc) PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) PRC - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - C:\Program Files\SiteAdvisor\6173\SAService.exe () PRC - C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSyncMAPI.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc.) PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe (IDT, Inc.) PRC - C:\PROGRA~1\McAfee\MANAGE~1\Agent\myAgtTry.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe (McAfee, Inc.) PRC - c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE (McAfee, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files\SiteAdvisor\6173\SiteAdv.exe () PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\...\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (QDLService2kHP) Qualcomm Gobi 2000 Download Service (HP) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.) SRV - (SMManager) -- C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (DpHost) Biometric Authentication Service (Biometrischer Authentifizierungsservice) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (SiteAdvisor Service) -- C:\Program Files\SiteAdvisor\6173\SAService.exe () SRV - (uArcCapture) -- C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc.) SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe (IDT, Inc.) SRV - (myAgtSvc) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe (McAfee, Inc.) SRV - (HPDrvMntSvc.exe) -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (McShield) -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe (McAfee, Inc.) SRV - (EngineServer) -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE (McAfee, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (qcusbnethp2k) Gobi 2000 USB-NDIS miniport(03F0-251D) -- C:\Windows\System32\drivers\qcusbnethp2k.sys (QUALCOMM Incorporated) DRV - (qcusbserhp2k) Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D) -- C:\Windows\System32\drivers\qcusbserhp2k.sys (QUALCOMM Incorporated) DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (ARCSOFTVCAPTURE) -- C:\Windows\System32\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.) DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (McAfee, Inc.) DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (McAfee, Inc.) DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys () DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (SynTP) -- C:\windows\system32\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (qcfilterhp2k) Gobi 2000 USB Composite Device Filter Driver(03F0-251D) -- C:\Windows\System32\drivers\qcfilterhp2k.sys (QUALCOMM Incorporated) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard) DRV - (Accelerometer) -- C:\windows\system32\DRIVERS\Accelerometer.sys (Hewlett-Packard) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (HpqKbFiltr) -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Commercial | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Commercial | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Commercial | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/05/07 10:17:27 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Connection Manager.exe] File not found O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe (McAfee, Inc.) O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe () O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.358.dll (McAfee, Inc.) O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/08/20 18:44:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010/08/20 18:44:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010/08/20 18:41:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\claudia\Desktop\OTL.exe [2010/08/20 18:40:46 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\claudia\Desktop\mbam-setup.exe [2010/08/20 11:02:44 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes [2010/08/20 11:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/08/20 11:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/08/19 18:39:15 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\backups [2010/08/18 22:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/08/18 22:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/08/12 14:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2010/08/12 13:45:07 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\vlc [2010/08/12 13:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/08/12 08:52:39 | 000,000,000 | ---D | C] -- C:\Users\...\Office Genuine Advantage [2010/08/12 00:00:49 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\DFX [2010/08/11 23:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DFX [2010/08/11 23:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DFX [2010/08/11 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\DFX [2010/08/11 18:45:35 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll [2010/08/11 18:45:35 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll [2010/08/11 18:45:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll [2010/08/11 18:45:19 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2010/08/11 18:45:19 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2010/08/11 18:45:11 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2010/08/11 18:45:11 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2010/08/11 18:45:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2010/08/11 18:45:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2010/08/11 18:45:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2010/08/11 18:45:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2010/08/11 18:45:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2010/08/11 18:45:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2010/08/11 18:45:03 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2010/04/13 16:08:44 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2010/04/13 16:08:39 | 000,213,040 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\...\Documents\*.tmp files -> C:\Users\...\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/08/20 21:12:13 | 001,572,864 | -HS- | M] () -- C:\Users\...\ntuser.dat [2010/08/20 20:59:55 | 001,498,506 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010/08/20 20:59:55 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010/08/20 20:59:55 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010/08/20 20:59:55 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010/08/20 20:59:55 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010/08/20 20:13:13 | 000,013,885 | ---- | M] () -- C:\Users\...\Documents\holiday Ende.docx [2010/08/20 19:02:47 | 000,000,162 | -H-- | M] () -- C:\Users\...\Documents\~$liday Ende.docx [2010/08/20 18:56:16 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/20 18:56:16 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/20 18:47:57 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/08/20 18:47:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/08/20 18:47:41 | 1599,381,504 | -HS- | M] () -- C:\hiberfil.sys [2010/08/20 18:46:53 | 005,825,236 | -H-- | M] () -- C:\Users\...\AppData\Local\IconCache.db [2010/08/20 18:46:25 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/20 18:41:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2010/08/20 18:41:01 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\...\Desktop\mbam-setup.exe [2010/08/20 15:31:07 | 000,524,288 | -HS- | M] () -- C:\Users\...\ntuser.dat{7acf6c4c-ac3e-11df-ad02-0027139e3968}.TMContainer00000000000000000002.regtrans-ms [2010/08/20 15:31:07 | 000,524,288 | -HS- | M] () -- C:\Users\...\ntuser.dat{7acf6c4c-ac3e-11df-ad02-0027139e3968}.TMContainer00000000000000000001.regtrans-ms [2010/08/20 15:31:07 | 000,065,536 | -HS- | M] () -- C:\Users\...\ntuser.dat{7acf6c4c-ac3e-11df-ad02-0027139e3968}.TM.blf [2010/08/20 11:43:02 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/08/20 11:42:33 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2010/08/18 17:59:01 | 000,652,800 | ---- | M] () -- C:\Users\...\Desktop\Band_04.doc [2010/08/15 16:36:51 | 001,219,419 | ---- | M] () -- C:\Users\...\Desktop\118_Paedagogische_Professionalitaet_u_die_Bedeutung_des_Erlebens.pdf [2010/08/15 16:29:45 | 001,264,242 | ---- | M] () -- C:\Users\...\Desktop\94_Verstehen_von_Beziehungsprozessen.pdf [2010/08/15 16:22:25 | 000,360,147 | ---- | M] () -- C:\Users\...\Desktop\2008-10-01_9850693.pdf [2010/08/15 16:20:16 | 000,087,976 | ---- | M] () -- C:\Users\...\Desktop\Schnoor.pdf [2010/08/13 20:26:02 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010/08/13 02:25:49 | 000,011,826 | ---- | M] () -- C:\Users\...\Documents\holiday schluss.docx [2010/08/12 08:42:21 | 000,412,304 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2010/08/11 18:28:00 | 000,153,088 | ---- | M] () -- C:\Users\...\Desktop\Buchblatt Strachota - Heilpädagogik & Medizin.doc [2010/08/09 23:48:39 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2010/08/05 15:35:56 | 000,837,632 | ---- | M] () -- C:\Users\...\Desktop\DAüberarbeitetneu 3 August.doc [2010/07/31 09:19:38 | 000,000,162 | -H-- | M] () -- C:\Users\Public\Documents\~$eber holiday.docx [2010/07/29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll [2010/07/29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\windows\System32\iccvid.dll [2010/07/28 16:44:51 | 000,016,332 | ---- | M] () -- C:\Users\Public\Documents\JoE.docx [2010/07/28 16:38:57 | 000,016,076 | ---- | M] () -- C:\Users\Public\Documents\neu.docx [2010/07/28 15:23:18 | 000,009,873 | ---- | M] () -- C:\Users\Public\Documents\neuer brief holiday.docx [2010/07/27 21:57:55 | 000,018,527 | ---- | M] () -- C:\Users\Public\Documents\Liebe holiday.docx [2010/07/27 13:12:17 | 000,000,162 | -H-- | M] () -- C:\Users\...\Desktop\~$TEST.doc [2010/07/27 13:03:44 | 000,860,160 | ---- | M] () -- C:\Users\...\Desktop\TEST.doc [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\...\Documents\*.tmp files -> C:\Users\...\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/08/20 19:02:47 | 000,000,162 | -H-- | C] () -- C:\Users\...\Documents\~$oliday Ende.docx [2010/08/20 18:45:00 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/20 12:03:46 | 000,013,885 | ---- | C] () -- C:\Users\...\Documents\holiday Ende.docx [2010/08/20 11:43:02 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/08/20 11:37:23 | 000,524,288 | -HS- | C] () -- C:\Users\...\ntuser.dat{7acf6c4c-ac3e-11df-ad02-0027139e3968}.TMContainer00000000000000000002.regtrans-ms [2010/08/20 11:37:23 | 000,524,288 | -HS- | C] () -- C:\Users\...\ntuser.dat{7acf6c4c-ac3e-11df-ad02-0027139e3968}.TMContainer00000000000000000001.regtrans-ms [2010/08/20 11:37:23 | 000,065,536 | -HS- | C] () -- C:\Users\...\ntuser.dat{7acf6c4c-ac3e-11df-ad02-0027139e3968}.TM.blf [2010/08/15 16:37:55 | 001,219,419 | ---- | C] () -- C:\Users\...\Desktop\118_Paedagogische_Professionalitaet_u_die_Bedeutung_des_Erlebens.pdf [2010/08/15 16:32:20 | 001,264,242 | ---- | C] () -- C:\Users\...\Desktop\94_Verstehen_von_Beziehungsprozessen.pdf [2010/08/15 16:23:45 | 000,360,147 | ---- | C] () -- C:\Users\...\Desktop\2008-10-01_9850693.pdf [2010/08/15 16:21:04 | 000,087,976 | ---- | C] () -- C:\Users\...\Desktop\Schnoor.pdf [2010/08/13 20:26:02 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2010/08/13 00:59:24 | 000,011,826 | ---- | C] () -- C:\Users\...\Documents\bernhard schluss.docx [2010/08/11 18:28:42 | 000,153,088 | ---- | C] () -- C:\Users\...\Desktop\Buchblatt Strachota - Heilpädagogik & Medizin.doc [2010/08/04 12:42:06 | 000,837,632 | ---- | C] () -- C:\Users\...\Desktop\DAüberarbeitetneu 3 August.doc [2010/07/31 09:19:38 | 000,000,162 | -H-- | C] () -- C:\Users\Public\Documents\~$eber Holiday.docx [2010/07/28 15:23:17 | 000,009,873 | ---- | C] () -- C:\Users\Public\Documents\neuer brief holiday.docx [2010/07/28 09:47:47 | 000,016,076 | ---- | C] () -- C:\Users\Public\Documents\neu.docx [2010/07/27 22:04:11 | 000,016,332 | ---- | C] () -- C:\Users\Public\Documents\JoE.docx [2010/07/27 20:41:09 | 000,018,527 | ---- | C] () -- C:\Users\Public\Documents\Lieber holiday.docx [2010/07/27 13:12:17 | 000,000,162 | -H-- | C] () -- C:\Users\...\Desktop\~$TEST.doc [2010/07/27 12:42:16 | 000,860,160 | ---- | C] () -- C:\Users\...\Desktop\TEST.doc [2010/07/06 23:38:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/06/11 09:43:39 | 000,000,202 | ---- | C] () -- C:\windows\System32\HPWA.ini [2010/04/15 18:56:00 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/04/13 16:26:02 | 000,000,000 | ---- | C] () -- C:\Users\...\AppData\Local\QSwitch.txt [2010/04/13 16:26:02 | 000,000,000 | ---- | C] () -- C:\Users\...\AppData\Local\DSwitch.txt [2010/04/13 16:26:02 | 000,000,000 | ---- | C] () -- C:\Users\...\AppData\Local\AtStart.txt [2010/04/13 16:08:42 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2010/04/13 16:08:42 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2010/04/13 16:08:39 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2010/04/13 15:54:05 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll [2010/01/22 14:29:16 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign [2010/01/22 14:29:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign [2010/01/22 14:29:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign [2010/01/22 14:28:48 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign [2010/01/22 14:28:48 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign [2010/01/22 14:28:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign [2009/12/11 21:20:30 | 000,648,464 | ---- | C] () -- C:\windows\System32\SUPSDK.dll [2009/12/11 21:20:18 | 000,050,448 | ---- | C] () -- C:\windows\System32\ExpSnapShotAPI.dll [2009/11/20 21:33:34 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010/04/15 21:01:42 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Canon [2010/04/13 15:47:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DigitalPersona [2010/05/13 11:12:18 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\GMX [2010/04/17 13:23:07 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Opera [2010/05/08 10:35:24 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Uniblue [2010/08/12 00:05:16 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\uTorrent [2009/07/14 06:53:46 | 000,026,818 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
20.08.2010, 21:18 | #6 |
| Mein PC lädt runter und lädt runter.. Das uTorrent sollte eigentich definitiv von meinem PC gelöscht sein.... ist aber noch da.. hoffe ihr könnt mir helfen... danke!!!!!!!!!!!!! lg frc1501.. |
21.08.2010, 19:22 | #7 |
| Mein PC lädt runter und lädt runter.. Bitte kann mir jetzt jemand helfen??? lg |
22.08.2010, 09:23 | #8 |
| Mein PC lädt runter und lädt runter.. Wieso antwortet mir nun niemand mehr??? ich würde nicht hier posten,wenn ich nicht wirklich eure Hilfe brauchen würde.... vielleicht hat wenigstens 1 Person Erbarmen mit mir..denn ich brauche das Internet für meine Ausbildung....Bitte nochmals um dringende Hilfe!! Dank!!! |
22.08.2010, 18:47 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC lädt runter und lädt runter.. Hör auf zu drängeln! Du bist nicht der einzige der Hilfe haben will und ich hab auch noch berufliche Dinge zu erledigen und möchte auch mal an einem WE nicht nur am PC rumhängen!
__________________ Logfiles bitte immer in CODE-Tags posten |
22.08.2010, 18:57 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC lädt runter und lädt runter.. Schädlinge seh ich da nicht. Ich würd mal folgendes vorschlagen: Du besorgst Dir von hier => http://www.netlimiter.com/download/nl_2011_mon.exe das Setup von Netlimiter Monitor und startest das Programm. Dann teilst Du mir mit welcher Prozess den Traffic erzeugt.
__________________ Logfiles bitte immer in CODE-Tags posten |
23.08.2010, 08:21 | #11 |
| Mein PC lädt runter und lädt runter.. Hallo… Schon klar…möchte auch nicht drängeln,sorry... aber brauche das internet für meine ausbildung und im moment kann ich nicht online gehen, weil es sofort in Massen runterlädt und ich keine flatrate habe. Das von dir oben angegebene Programm unterstützt leider KEIN Windows 7, das ich habe (nur Windows 2000, XP und Vista). Eine Installation funktioniert nicht. Was ich rausgefunden habe, aber ich kenne mich nicht aus, wie ich das interpretieren soll. Also ich habe cmd –a eingegeben (ein bekannter hat mir das geraten)…. Da steht unter aktive Verbindungen, auch wenn ich NICHT online gehe: bei remote verbindung mein user.. also user-HP. Status: ABHÖREN. Dann auch eine remote Verbindung *.* Status Abhören… (ich habe heute morgen, ohne dass ich online war 25 Verbindungen festgestellt. 2 Verbindungen davon = Status hergestellt (mein user), der Rest ist auf abhören und bei den *:* steht gar kein Status.. Was ist, wenn ich die gesamte Festplatte formatiere, ist dann das Problem gelöst? Wenn ja, wie und wo ich das mache, dass ich „format c:“ eingebe (meine welche eingabetasten) und den laptop neu installiere? Kannst du mir, lieber Arne das sagen, falls das hilft? Ich habe nicht so wichtige Dinge auf meinem Laptop und ich denke, dass das Problem dann gelöst wäre, falls es so klappt?!?? Was ich bei meinem Laptop habe: WLAN und bluetooth … ich habe gestern abend alles versucht, dass ich bluetooth ausschalte. Aber das Problem bleibt leider… Ich habe so komische .dat dateien auf meinem Laptop und ich habe auch auf meinem USB Sachen, wie WRL0005.tmp oder synguid.dat, UUK.bin… ich habe das nie draufgespeichert…was ist das? Ich hatte das Problem vorher nicht. Danke nochmals Lg frc |
23.08.2010, 13:01 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC lädt runter und lädt runter.. Über netstat findest Du zuwenig heruas. Probier diese Beta von Netlimiter, sollte auch mit Win7 gehen => NetLimiter - The Ultimate Bandwidth Shaper
__________________ Logfiles bitte immer in CODE-Tags posten |
24.08.2010, 18:32 | #13 |
| Mein PC lädt runter und lädt runter.. folgendes befolgt.. habe downgeloaded NetLimiter 3Pro Ergebnis der Verbindungen: Local Security Autority Process Windows-Startanwendung Hostpress für Windows-Dienste system thrugoing - hier findet man keinen Pfad wo!!!! unrelated - hier findet man keinen Pfad wo!!!! Netlimiter 3 SMManager Application - hewlett Packard Anwendung für Dienste und Controller Java(TM)Platform QuickSync - hewlett packard NetLimiter 3 Client HP Connection Manger - Hewlett Packard Microsoft Feeds Snychronization Opera Software Microsoft SeaPort Search Enhancement zusätzlich wenn ich online gehe: selben Verbindungen! Das sind meine Verbindungen.. was soll ich jetzt deiner Meinung nach tun.. ich habe sogar schon einen Ortswechsel gemacht, weil ich ja Wlan und Bluetooth habe.. alles unverändert.. ladet weiterhin herunter... was soll ich machen??? bin schon verzweifelt lg frc |
24.08.2010, 18:43 | #14 |
| Mein PC lädt runter und lädt runter.. Sorry.. war glaube ich nicht die ganze Info.. da stehen dann noch drunter Process 480 .... wie weiß ich, ob das ein Prozess von mir ist oder etwas Bösartiges? und was bitte ist eine LISTENING CONNECTION??? Abhören?? Wie kragt man das weg auf Dauer?? wie kann ich diese Verbindungen kopieren und hier reinstellen oder was soll ich tun??? rechte maustaste und kopieren geht nicht.. Leider geht beim NetLimiter das ActiveX-Steuerelemement nicht, kommt zumindest die meldung .. weiß nicht, ob das was groß ausmacht.. oder mit Browser (Opera) zusammenhängt. lg frc Geändert von frc1501 (24.08.2010 um 19:16 Uhr) |
24.08.2010, 19:08 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC lädt runter und lädt runter.. Musst Du Netlimiter nicht per Rechtsklick als Admin starten? Und mach mal Screenshots, dann seh ich besser und muss nicht das hier machen =>
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Mein PC lädt runter und lädt runter.. |
antiviren-programm, antivirus, avast, avast!, bho, browser, canon, desktop, document, download, dringend, excel, explorer, hijack, hijackthis, internet, internet explorer, launch, lädt, mcafee virus, microsoft, neu, opera, pdf, problem, safer networking, security, siteadvisor, software, spyware, spyware protection, system, windows |