| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC läuft sehr langsam, svchost.exe lastet das System extrem ausWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.08.2010, 22:07
| #1 |
 |  PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo zusammen, mein notebook läuft extrem langsam, besonders der Seitenaufbau von Internetseiten ist slow-motion. Google hat mich auch mit diesem Problem auf dieses Forum geführt. Ich habe hier gelesen habe, dass ggf. fehlende Windows-Updates zu diesem Problem führen. Mein Vista weigert sich standhaft das update KB973917 zu installieren. Der Ressourcen-Monitor zeigt an, dass svchost.exe das System extrem auslastet. Hier der Malwarebytes Bericht Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4447 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 18.08.2010 23:50:01 mbam-log-2010-08-18 (23-50-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 134803 Laufzeit: 9 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 27 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 7 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bd4438c-2511-4b93-ad34-2bdcd0ff78d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\***\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. habe heute noch einen Scan gemacht: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4478 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 25.08.2010 22:05:07 mbam-log-2010-08-25 (22-05-07).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 135694 Laufzeit: 9 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hier der OTL LogFile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.08.2010 22:26:58 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\*****\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,31 Gb Total Space | 30,33 Gb Free Space | 34,35% Space Free | Partition Type: NTFS Drive D: | 88,00 Gb Total Space | 49,25 Gb Free Space | 55,97% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\*****\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe () PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Windows\System32\perfmon.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe () PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation) SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys File not found DRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin) DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\***.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://***.myownstartpage.net/?cm=640368<=2&it=2008-02-16%2000%3A06%3A17&dt=2008-02-16%2000%3A52%3A40&q=about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://dsl-start.computerbild.de/" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3 FF - prefs.js..extensions.enabledItems: de-DE(at)dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4 FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.5 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: DeviceDetection(at)logitech.com:1.0.176.0 FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.17 01:13:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.16 21:25:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.28 21:25:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 23:48:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.16 21:25:16 | 000,000,000 | ---D | M] [2008.06.18 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.08.24 22:57:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions [2010.01.18 20:39:57 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.01.18 20:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}-trash [2010.02.13 20:48:25 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.05.12 21:29:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.04 10:30:11 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} [2008.06.22 16:27:46 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8} [2010.06.22 09:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2010.02.13 20:48:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.08.12 22:33:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com [2010.08.22 20:44:19 | 000,001,496 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\altavista-deutschland.xml [2009.02.11 23:53:13 | 000,000,681 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\ask.xml [2009.06.16 23:58:08 | 000,002,836 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\bing.xml [2008.07.12 14:00:06 | 000,001,722 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\computer-bild-suche.xml [2008.12.19 22:56:48 | 000,005,310 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\footiefox.xml [2008.07.11 23:11:18 | 000,001,504 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\imdb.xml [2010.08.23 22:50:43 | 000,001,595 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\ixquick---deutsch.xml [2008.10.03 01:10:14 | 000,001,733 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\live-search.xml [2010.08.22 20:44:20 | 000,001,659 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\metacrawlerde.xml [2010.08.22 20:44:19 | 000,002,271 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\xing.xml [2010.04.27 21:56:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.27 21:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.02.12 20:13:13 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.01.26 01:27:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.26 01:27:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.26 01:27:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.26 01:27:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.26 01:27:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100728212538.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found. O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\*****\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\*****\Pictures\Madeira 2008\Madeira 2008 054.JPG O24 - Desktop BackupWallPaper: C:\Users\*****\Pictures\Madeira 2008\Madeira 2008 054.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5963dc93-afa3-11de-b6b8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5963dc93-afa3-11de-b6b8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\zdata\cobi.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.18 23:36:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.08.18 23:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.18 23:36:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.18 23:36:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.18 23:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.17 20:46:48 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2010.08.17 20:39:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010.08.17 20:26:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.11 23:49:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.11 23:49:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.11 23:49:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.11 23:49:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.11 23:49:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.11 23:49:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.11 23:49:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.11 23:49:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.11 23:49:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.11 23:49:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.11 23:49:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.11 23:49:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.11 23:49:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.11 23:49:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.11 23:49:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.11 23:49:20 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 23:49:07 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.11 23:49:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.11 23:49:00 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.11 23:49:00 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.07 13:56:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2010.08.07 13:55:54 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2010.08.07 13:55:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2010.08.07 13:55:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2010.08.07 13:55:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2010.08.07 13:55:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2010.08.07 13:55:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2010.08.07 13:55:52 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2010.08.07 13:55:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2010.08.07 13:55:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2010.08.07 13:55:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2010.08.07 13:55:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2010.08.07 13:55:47 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2010.08.07 13:55:47 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2010.08.07 13:55:47 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2010.08.07 13:55:47 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.08.07 13:52:06 | 000,092,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL [2010.07.30 11:15:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.30 11:11:15 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.07.30 10:38:40 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2010.07.30 10:38:40 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2010.07.30 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Deployment [2010.07.30 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apps [2010.07.28 23:56:33 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2010.07.28 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\*****\SystemRequirementsLab [2010.07.28 23:35:27 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.07.28 21:25:36 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys [2010.07.28 21:24:26 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys [2010.07.28 21:24:25 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys [2010.07.28 21:24:25 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys [2010.07.28 21:24:25 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2010.07.28 21:24:25 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys [2010.07.28 21:24:24 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys [2010.07.28 21:24:24 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys [2010.07.28 21:24:24 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys [2010.07.28 21:24:24 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys [2007.04.26 21:36:39 | 000,528,040 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Programme\MSetup.exe [2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.25 22:25:31 | 003,932,160 | ---- | M] () -- C:\Users\*****\NTUSER.DAT [2010.08.25 22:24:49 | 000,083,438 | ---- | M] () -- C:\Users\*****\AppData\Roaming\nvModes.001 [2010.08.25 22:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.25 21:42:31 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job [2010.08.25 21:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.25 21:21:38 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.08.25 21:19:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.25 21:19:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.25 21:19:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.25 21:19:10 | 000,000,202 | ---- | M] () -- C:\Windows\System32\PSLOG [2010.08.25 21:19:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.25 21:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.25 11:07:21 | 000,007,692 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.25 11:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{632c543c-546a-11df-92c9-00027875610f}.TMContainer00000000000000000001.regtrans-ms [2010.08.25 11:07:01 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{632c543c-546a-11df-92c9-00027875610f}.TM.blf [2010.08.25 11:06:26 | 003,947,799 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.08.24 21:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job [2010.08.18 23:36:28 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.18 15:12:22 | 000,122,241 | ---- | M] () -- C:\Users\*****\Desktop\Adecco Senior Persona....pdf [2010.08.17 20:46:50 | 000,001,702 | ---- | M] () -- C:\Users\*****\Desktop\Defraggler.lnk [2010.08.17 20:32:53 | 000,027,296 | ---- | M] () -- C:\Users\*****\Documents\cc_20100817_203240.reg [2010.08.17 20:26:03 | 000,000,804 | ---- | M] () -- C:\Users\*****\Desktop\CCleaner.lnk [2010.08.17 19:08:04 | 000,083,438 | ---- | M] () -- C:\Users\*****\AppData\Roaming\nvModes.dat [2010.08.16 23:24:26 | 000,142,935 | ---- | M] () -- C:\Windows\hppins23.dat [2010.08.12 21:01:16 | 000,396,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.12 19:46:57 | 000,000,186 | ---- | M] () -- C:\Users\*****\Desktop\Synchronisierungsergebnisse - Verknüpfung.lnk [2010.07.30 11:54:54 | 001,867,652 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.30 11:54:54 | 000,788,886 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.30 11:54:54 | 000,738,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.30 11:54:54 | 000,185,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.30 11:54:54 | 000,156,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.30 10:38:35 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2010.07.30 10:38:35 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.18 23:36:28 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.18 15:12:22 | 000,122,241 | ---- | C] () -- C:\Users\*****\Desktop\Adecco Senior Persona....pdf [2010.08.17 20:46:50 | 000,001,702 | ---- | C] () -- C:\Users\*****\Desktop\Defraggler.lnk [2010.08.17 20:32:47 | 000,027,296 | ---- | C] () -- C:\Users\*****\Documents\cc_20100817_203240.reg [2010.08.17 20:26:03 | 000,000,804 | ---- | C] () -- C:\Users\*****\Desktop\CCleaner.lnk [2010.08.12 19:46:57 | 000,000,186 | ---- | C] () -- C:\Users\*****\Desktop\Synchronisierungsergebnisse - Verknüpfung.lnk [2010.08.07 13:55:48 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.08.07 13:55:48 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.08.07 13:55:48 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2009.06.13 17:01:56 | 000,022,016 | ---- | C] () -- C:\Windows\System32\msdri32.dll [2009.06.07 16:29:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.12.06 23:44:36 | 000,000,938 | ---- | C] () -- C:\Windows\WISO.INI [2008.07.12 16:15:08 | 000,000,669 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\vispa.ini [2008.05.17 09:38:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2008.04.13 16:08:16 | 000,000,037 | ---- | C] () -- C:\Windows\easyprint.INI [2007.12.08 19:59:57 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2007.11.03 19:05:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\Bot.dll [2007.11.03 19:05:49 | 000,000,101 | ---- | C] () -- C:\Windows\PSXLPR.INI [2007.09.03 11:57:34 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.04 01:12:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2007.08.02 08:15:56 | 000,024,206 | ---- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png [2007.07.22 21:25:35 | 000,001,356 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2007.07.22 17:19:50 | 000,083,438 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.001 [2007.07.22 00:31:09 | 000,083,438 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.dat [2007.07.21 21:31:24 | 000,019,456 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.04.26 21:37:33 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2007.04.26 21:37:33 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2007.04.26 21:36:39 | 000,003,062 | ---- | C] () -- C:\Programme\MSetup.xml [2007.04.26 21:36:39 | 000,002,010 | ---- | C] () -- C:\Programme\MSetup.ini [2007.04.26 03:53:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.26 03:52:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.12.20 05:00:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2006.09.20 09:34:10 | 000,000,186 | ---- | C] () -- C:\Windows\Buhl.ini [2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2008.02.19 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\aignes [2008.12.11 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo [2009.04.07 23:53:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BOM [2008.12.06 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service [2008.12.15 15:57:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service GmbH [2010.08.13 21:33:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon [2007.07.29 14:42:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CopyTrans [2007.11.25 00:47:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DataDesign [2009.06.06 00:14:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Foxit [2010.04.22 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GARMIN [2009.02.11 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GlarySoft [2009.02.21 23:34:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView [2008.11.10 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\KeePass [2010.02.15 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LetsTrade [2010.03.15 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia [2010.03.15 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite [2008.11.15 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2009.05.02 21:18:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite [2008.04.13 14:25:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Pixum [2007.10.13 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung [2009.02.22 01:49:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TerraTec [2009.06.11 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software [2010.08.25 22:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.08.25 11:07:24 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.25 21:42:31 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job [2010.08.24 21:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job ========== Purity Check ========== < End of report > Und hier der 2. OTL LogFile:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.08.2010 22:26:58 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 30,33 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 49,25 Gb Free Space | 55,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
h**p [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
h**ps [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [Pixum EasyBook.exe] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19076740-DDD5-4B5E-BAEA-490EA2676657}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{1CDA0482-07F9-4CF5-95FC-0793643CACBB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{485C1223-398B-4B2E-9430-2CF3D66E8FB2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{7C19A52B-6CD8-47BE-81A3-163FDCC2FAF9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{E0CD1A15-0050-48F7-9956-B2DE4E77DED2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0469BC87-F742-4E2F-A59C-6DA85E526EFB}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{13EB55C5-29D3-4D46-984D-E9E7B867F049}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{16D370B8-1B1B-40D9-B1B3-649CDCB2B38C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20111CF3-786A-4F4D-8A84-F7EF5D817CE2}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{21874EB7-8AFE-4523-B419-738AB1170B60}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{22053988-B2D0-44DA-8299-699DB30E98CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2461A41F-5647-403B-8181-33C07A705C79}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\a6lezjwd.orc\npzezq0n.7zl\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{2F5D5C3D-C0BA-49BC-808B-38D36443812A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{36581106-7CE2-4880-9732-8B9BC04F0114}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{3D9AA6B1-B17B-41E1-A1B4-DB55D3BB50B1}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{43BF04D5-2979-4C85-8A70-07F7F8C7ED08}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5F11DDB2-3452-43C5-8BAF-55BFC24ED4EA}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{68A6F5CE-6A8A-4A5A-B173-09C0EC18CCEC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87AD2AE4-02B9-433F-A39F-76EC29E78526}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{90BEF2A9-46EC-4B22-AA13-1B7ADA797246}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{91621E5D-8236-421C-926B-F4694D8A665A}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\a6lezjwd.orc\npzezq0n.7zl\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{9A9D55DF-B2B9-428B-A23B-C84A9BDC21F2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6B89DF6-5104-48FF-BB56-3A697947D567}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5B31BDE-32F2-4BD3-8D13-7C7D2E2C8316}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BBA94029-BB11-49C2-B339-2EF0463C666A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C3088EE2-2FD5-413E-879A-9592DE0A8DC5}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{D1F97D5D-B5A6-488F-8B6B-DD09B2BC746B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DCF9452D-9B23-431F-8262-3A51260E44DF}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{E1DDEE71-BB06-4BB2-84C5-19CE28B8B55A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{E586CCB6-6F09-4A2A-90EA-98331485675A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{00B8E278-E260-43F9-A2A1-9705578D5294}" = Microsoft Web Farm Framework Version 1 for IIS 7
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{16376CAE-A46A-40a5-BD8D-A272F690A2E0}" = 8200
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1CE975D2-718E-465d-BBCB-8655F097C120}" = SF_CDD_Software
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{215C2536-35C7-4602-9612-A8833FBE0E20}" = SF_CDD_ProductContext
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}" = Internet Information Services (IIS) 7.0 Manager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{370BBA05-01E7-4BCC-9B38-E85DB8E13E11}" = Microsoft Silverlight 2 SDK
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{44061C54-0775-4AE1-B433-79BCC6431817}" = WISO Mein Geld 2009 Professional
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{596A8F65-C705-4e68-B85E-CE0B45490712}" = HP Photosmart Appliance Printer Driver Software 8.0.D
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729EC8B-AC5F-47A9-B825-C2BFB19A295C}" = Microsoft External Cache Version 1 for IIS 7
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{971CB542-EB91-45D1-8D47-593A2F945BD4}" = Microsoft URL Rewrite Module for IIS 7.0
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A6D39A1D-1797-44FF-91AD-66698188764F}" = IIS Media Pack 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB4EDC19-3B5E-4838-80E7-92454323B0FE}" = Garmin VoiceStudio v2.10
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE40A626-2967-40F3-9D6B-810511AF76BE}" = Microsoft Dynamic IP Restrictions for IIS 7 - Beta
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1DBECBB-6A81-483C-9D27-D9F121D12EBC}" = Web Deployment Tool Release Candidate 1
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA544957-00CB-4A5F-9A34-F49662C7DD5F}" = Microsoft Web Platform Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09B6E1D-2AFE-4EAA-A439-6389353B0780}" = Microsoft Application Request Routing Version 1 for IIS 7
"{E27DEAFD-1339-4D58-955D-06F6F7A35690}" = IIS Smooth Streaming - Beta
"{E36EE103-D2AA-41AD-81C4-0117A45B95AE}" = Microsoft Silverlight Tools for Visual Web Developer Express 2008 SP1 - ENU
"{E59555E2-6572-4BA5-90A9-3D2327739979}" = WebDAV 7.5 For IIS 7.0
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F992232D-9989-484f-8419-6D5CBD462615}" = 8200_Help
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"aignesamdeadlink" = AM-DeadLink 3.3
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Biet-O-Matic v2.10.0" = Biet-O-Matic v2.10.0
"CCleaner" = CCleaner
"Cities of Earth 3D Screensaver_is1" = Cities of Earth 3D Screensaver v. 2.1
"Defraggler" = Defraggler
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download 2.3
"FreePDF_XP" = FreePDF XP (Remove only)
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"Google Updater" = Google Updater
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"KeePass-1.11" = KeePass-1.11
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee AntiVirus Plus
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Pixum EasyBook" = Pixum EasyBook
"Pixum EasyPrint" = Pixum EasyPrint 1.2
"PrintServer Utilities" = PrintServer Utilities
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"VistaGlazz_is1" = VistaGlazz 2.0
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.08.2010 16:07:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1974333
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1975877
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1975877
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1977468
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1977468
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1978935
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1978935
[ System Events ]
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 25.08.2010 05:06:50 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.08.2010 15:21:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
[ TuneUp Events ]
Error - 18.08.2010 17:36:38 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:36:37', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','332',0)
Error - 18.08.2010 17:37:18 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:37:18', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3376',0)
Error - 18.08.2010 17:57:08 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:57:08', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2196',0)
Error - 18.08.2010 17:57:18 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:57:18', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4248',0)
< End of report >
Ich würde mich sehr freuen, wenn mir jemand helfen könnte, den Rechner wieder auf Trab zu bringen. Schon jetzt vielen Dank im Voraus Grüße Geändert von intrus (25.08.2010 um 22:28 Uhr) |
| Themen zu PC läuft sehr langsam, svchost.exe lastet das System extrem aus |
| 32 bit, agere systems, autorun, bonjour, components, corp./icp, defender, desktop, device driver, ebay, error, explorer, firefox, firefox.exe, format, google, home, home premium, install.exe, kb973917, langsam, location, logfile, microsoft office 2003, mozilla, nvidia, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl.exe, pc läuft, picasa, plug-in, problem, programdata, realtek, registry, rundll, saver, search.hijacker, searchplugins, searchscopes, security, security update, sehr langsam, server, shell32.dll, skype.exe, software, staropen, start menu, studio, svchost.exe, system, torrent.exe, vista, visual studio |
Baum-Darstellung