| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei-Tojaner / OTL und Malwarebytes LogfilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.11.2011, 21:42
| #1 |
 |  Bundespolizei-Tojaner / OTL und Malwarebytes Logfiles Hallo liebes Trojaner-Board, ich habe nun auch diesen Bundespolizei-Trojaner auf meinem Rechner...  Ich war so froh, als ich diesen Forum gefunden habe und habe mich erstmal durch die anderen Beiträge gelesen. Ich habe nun meinen PC (Windows XP, Service Pack 3) im abgesichertem Modus gestartet, dann Malwarebytes und OTL installiert, um die Logs zu erstellen. Bei dem Versuch Malwarebytes zu aktualisieren, habe ich immer eine Fehlermeldung erhalten, somit ist die Software nicht auf dem neuesten Stand und die Überprüfung ergab keinerlei Meldung. Die log-Files habe ich auch angehängt. Vielen, vielen Dank für eure Hilfe! Claudia OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.11.2011 21:03:36 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Claudia\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 84,16% Memory free 5,29 Gb Paging File | 4,98 Gb Available in Paging File | 94,06% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,67 Gb Total Space | 171,28 Gb Free Space | 73,62% Space Free | Partition Type: NTFS Drive E: | 277,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,45 Gb Total Space | 7,12 Gb Free Space | 95,47% Space Free | Partition Type: FAT32 Computer Name: CLAUDIASLAPTOP | User Name: Claudia | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.15 21:01:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe PRC - [2011.08.31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.09.22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.03.19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.22 10:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2009.04.10 12:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager) SRV - [2009.04.09 14:02:50 | 000,447,264 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2009.03.17 02:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV) SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.01.22 10:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009.01.22 10:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009.01.16 13:12:22 | 000,074,392 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2008.12.29 11:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32) SRV - [2008.12.12 09:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2008.11.12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008.10.19 13:30:02 | 000,222,456 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.10.02 11:26:42 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.02 11:06:56 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2008.10.02 10:56:44 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.06.27 02:30:04 | 001,221,952 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Stopped] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2008.04.17 09:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.04.19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent) SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.03.09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.07 19:13:40 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.22 16:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009.10.22 16:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2009.06.15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2009.05.28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.22 14:15:58 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2009.04.15 17:49:48 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID) DRV - [2009.04.03 05:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.30 01:28:44 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2009.03.30 01:28:42 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2009.03.30 01:28:40 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx) DRV - [2009.03.24 15:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009.03.17 02:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2009.03.17 02:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2009.02.26 22:08:52 | 000,109,568 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2009.02.22 23:59:26 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R) DRV - [2009.02.22 22:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.22 10:16:14 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2008.09.25 07:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008.08.04 11:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008.06.04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV) DRV - [2008.04.17 09:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2008.02.20 21:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2007.04.19 05:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt) DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005.01.26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.msn.com/sphome.aspx IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USREL/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/sphome.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Search-Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/" FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.22 12:25:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.22 15:48:47 | 000,000,000 | ---D | M] [2009.11.11 16:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Extensions [2011.09.09 11:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\o1kpygj3.default\extensions [2010.04.29 14:01:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\o1kpygj3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.08 17:32:08 | 000,003,367 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\o1kpygj3.default\searchplugins\search-results.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\o1kpygj3.default\searchplugins\startsear.xml [2011.05.20 09:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.11.01 15:23:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.19 23:31:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.11.01 15:23:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.10.22 12:25:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Programme\mozilla firefox\plugins\npvsharetvplg.dll [2011.10.22 12:25:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.22 12:25:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.22 12:25:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.22 12:25:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.22 12:25:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.22 12:25:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\2.0.31005.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: vshare plugin = C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ChangeTPMAuth] C:\Programme\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellConnectionManager] C:\Programme\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) O4 - HKLM..\Run: [DellControlPoint] C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Programme\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [mtgwk2lbh1mg68wuu1wz5exn2e65y237jagk894094zihfkvmtw2lbh] C:\WINDOWS\SYSTEM32\mtgwk2lbh1mg68wuu1wz5exn2e65y237jagk894094zihfkvmtw2lbh.vbs File not found O4 - HKLM..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Programme\Gemeinsame Dateien\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) O4 - HKLM..\Run: [SecureUpgrade] C:\Programme\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKCU..\Run: [vasja] C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Temp\upd.exe (NEC Computers International) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Dell ControlPoint System Manager.lnk = C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico () O4 - Startup: C:\Dokumente und Einstellungen\Claudia\Startmenü\Programme\Autostart\CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) O4 - Startup: C:\Dokumente und Einstellungen\Claudia\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Claudia\Startmenü\Programme\Autostart\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 16:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.10.31 02:34:55 | 000,000,175 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{24cc6e92-ecdc-11de-9318-0024d605bca6}\Shell - "" = AutoRun O33 - MountPoints2\{24cc6e92-ecdc-11de-9318-0024d605bca6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{24cc6e92-ecdc-11de-9318-0024d605bca6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe rxk1p5ng8l2hqrlbgz613ad192s7t367cnfdtbbm9qee84nko0rp5ng8l2hqrlbgz61.vbs O33 - MountPoints2\{401978a2-04f6-11df-9338-0024d605bca6}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe O33 - MountPoints2\{57ab5981-59ab-11df-940f-00059a3c7800}\Shell\AutoRun\command - "" = E:\DUPLI//blizanko.exe O33 - MountPoints2\{57ab5981-59ab-11df-940f-00059a3c7800}\Shell\open\command - "" = E:\DUPLI//blizanko.exe O33 - MountPoints2\{9b651764-ce20-11de-92d2-0024d605bca6}\Shell - "" = AutoRun O33 - MountPoints2\{9b651764-ce20-11de-92d2-0024d605bca6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9b651764-ce20-11de-92d2-0024d605bca6}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c785530c-ba79-11de-92b3-0024d605bca6}\Shell - "" = AutoRun O33 - MountPoints2\{c785530c-ba79-11de-92b3-0024d605bca6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c785530c-ba79-11de-92b3-0024d605bca6}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c785530e-ba79-11de-92b3-0024d605bca6}\Shell - "" = AutoRun O33 - MountPoints2\{c785530e-ba79-11de-92b3-0024d605bca6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c785530e-ba79-11de-92b3-0024d605bca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.15 21:02:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe [2011.11.15 20:48:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Malwarebytes [2011.11.15 20:48:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.11.15 20:48:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.11.15 20:48:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.11.15 20:48:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.11.15 20:48:25 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Claudia\Desktop\mbam-setup-1.51.2.1300.exe [2011.11.14 19:38:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Claudia\Desktop\Topics in MSL [2011.11.12 21:54:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2011.11.05 20:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2011.10.22 15:48:47 | 000,000,000 | ---D | C] -- C:\Programme\vShare.tv plugin [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.15 21:01:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe [2011.11.15 20:48:43 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.15 20:46:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Claudia\Desktop\mbam-setup-1.51.2.1300.exe [2011.11.15 20:37:52 | 000,485,586 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.11.15 20:37:52 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.11.15 20:37:52 | 000,095,432 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.11.15 20:37:52 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.11.15 20:34:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.11.15 20:33:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.15 20:33:08 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat [2011.11.15 20:33:05 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.11.15 20:29:49 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2011.11.15 20:12:55 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.11.12 21:54:57 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011.11.11 13:15:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.11.08 19:14:37 | 000,097,540 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\20110622_Intership_Market_Research_Interviews.pdf [2011.11.05 20:30:29 | 000,000,693 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2011.10.27 19:13:15 | 000,001,779 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2011.10.24 07:22:59 | 000,048,359 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\zhs.pdf [2011.10.22 14:17:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.10.21 15:24:56 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.15 20:48:43 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.08 19:14:37 | 000,097,540 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\20110622_Intership_Market_Research_Interviews.pdf [2011.11.05 20:30:29 | 000,000,693 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2011.10.24 07:22:59 | 000,048,359 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\zhs.pdf [2011.10.10 16:53:50 | 000,027,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.07.11 12:36:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2011.07.11 12:36:43 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2010.11.26 18:37:23 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.06.06 15:20:02 | 000,065,344 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll [2010.01.29 10:47:16 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\winscp.rnd [2010.01.25 09:55:55 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009.12.22 18:09:57 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll [2009.12.22 18:09:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll [2009.12.19 22:13:15 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.28 19:53:52 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.11.11 16:54:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.10.17 20:08:58 | 000,019,554 | ---- | C] () -- C:\WINDOWS\hpoins01.dat [2009.10.17 20:08:58 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat [2009.10.02 13:10:48 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat [2009.10.02 13:08:50 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.10.02 13:08:50 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat [2009.09.29 06:11:56 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2009.09.29 06:11:56 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009.09.29 06:11:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe [2009.09.29 06:10:45 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2009.09.28 22:12:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.09.28 22:04:16 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys [2009.09.28 21:50:06 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll [2009.09.28 21:47:42 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll [2009.04.22 09:58:30 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\DTMessageLib.dll [2009.04.10 12:01:12 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll [2009.02.26 16:54:52 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll [2009.02.26 16:54:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll [2009.02.26 16:54:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll [2009.02.26 16:54:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll [2009.02.26 16:54:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll [2009.02.26 16:54:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll [2009.02.26 16:54:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll [2009.02.26 16:54:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll [2009.02.26 16:54:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll [2009.02.26 16:54:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll [2009.02.26 16:54:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll [2009.02.26 16:54:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll [2009.02.26 16:54:34 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll [2009.02.26 16:54:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll [2009.02.26 16:54:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll [2009.02.26 16:54:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll [2009.02.26 16:54:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll [2009.02.26 16:54:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll [2009.02.26 16:54:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll [2009.02.26 16:54:26 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll [2009.02.26 16:54:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll [2009.02.26 16:54:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll [2009.02.26 16:54:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll [2009.02.26 16:54:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll [2009.02.17 09:51:28 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll [2009.02.17 09:51:28 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll [2009.02.17 09:51:26 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll [2009.02.17 09:51:24 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll [2009.02.17 09:51:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll [2009.02.17 09:51:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll [2009.02.17 09:51:22 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll [2009.02.17 09:51:22 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll [2009.02.17 09:51:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll [2009.02.17 09:51:20 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll [2009.02.17 09:51:20 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll [2009.02.17 09:51:18 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll [2009.02.17 09:51:16 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll [2009.02.17 09:51:16 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll [2009.02.17 09:51:16 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll [2009.02.17 09:51:14 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll [2009.02.17 09:51:04 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll [2009.02.17 09:51:04 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll [2009.02.17 09:51:02 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll [2009.02.17 09:51:02 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll [2009.02.17 09:51:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll [2009.02.17 09:51:00 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll [2009.02.17 09:50:58 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll [2009.02.17 09:50:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll [2009.02.17 08:46:36 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll [2009.01.06 16:25:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll [2008.12.22 14:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll [2008.10.06 18:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.04.25 16:02:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.04.25 15:57:56 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.04.25 15:57:02 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008.04.25 10:46:09 | 000,485,586 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.25 10:46:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.25 10:46:09 | 000,095,432 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.25 10:46:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.25 10:45:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.25 10:45:56 | 000,442,894 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.25 10:45:56 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.25 10:45:56 | 000,072,160 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.25 10:45:56 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.25 10:45:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008.04.25 10:45:55 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008.04.25 10:45:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008.04.25 10:45:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.25 10:45:50 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.25 10:45:46 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.25 10:45:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.04.25 02:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.04.25 02:51:36 | 000,147,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.04.17 09:08:56 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008.04.17 09:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2008.03.25 09:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll [2007.04.19 05:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll [2007.04.19 05:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll [2006.06.30 12:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll [2006.06.30 12:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll [2006.06.12 08:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll [2004.09.10 13:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll [2004.09.10 13:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll [2003.03.09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll ========== LOP Check ========== [2009.09.28 22:02:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AT&T [2010.01.25 09:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009.10.09 17:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.10.28 21:19:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\JCreator [2009.09.28 21:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTRU Cryptosystems [2010.08.04 13:37:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security [2011.06.10 12:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF reDirect [2011.06.10 09:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet [2010.08.09 16:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.09.28 22:04:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2009.11.15 21:44:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wave Systems Corp [2010.04.24 14:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.10.05 15:49:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.12.21 12:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Arduino [2009.09.28 21:57:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Broadcom [2010.01.25 09:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Canneverbe_Limited [2011.11.15 20:27:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Dropbox [2009.12.07 23:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\iCopyExpert [2010.08.20 19:16:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\ICQ [2010.10.28 21:19:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\JCreator [2010.08.04 13:39:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Panda Security [2011.06.10 12:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\PDF reDirect [2011.06.10 09:27:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\PixelPlanet [2011.07.08 08:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Systweak [2010.08.06 09:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Visum [2009.09.28 22:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Wave Systems Corp [2009.09.28 21:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Windows Desktop Search [2010.06.20 19:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Windows Live Writer [2009.10.04 15:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Windows Search [2010.01.17 21:12:11 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1255806682.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A2947BEA < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.11.2011 21:03:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Claudia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,45 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 84,16% Memory free
5,29 Gb Paging File | 4,98 Gb Available in Paging File | 94,06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,67 Gb Total Space | 171,28 Gb Free Space | 73,62% Space Free | Partition Type: NTFS
Drive E: | 277,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,45 Gb Total Space | 7,12 Gb Free Space | 95,47% Space Free | Partition Type: FAT32
Computer Name: CLAUDIASLAPTOP | User Name: Claudia | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Programme\WinSCP\WinSCP.exe" = C:\Programme\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)
"C:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe" = C:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate -- (PixelPlanet GmbH)
"C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0639F993-7F7E-4BA5-BEC7-53CAC2E5B973}" = Dell ControlPoint System Manager
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2484631E-A7B3-4847-ACBB-4D881E6E9D5A}" = Dell ControlPoint Connection Manager
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer
"{88CFEF4F-3BA5-4B1F-BAD9-0C8F82026C96}" = CodeMeter Runtime Kit v3.30b
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8CB7F4E6-73AE-4D8F-86A2-EAE39CE72FD1}" = Intel(R) PROSet/Wireless WiFi-Software
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Intel(R) PROSet/Wireless WiFi-Software
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF25AEFA-F76B-48A7-A709-C69AD56AED51}" = CodeMeter Runtime Kit v3.20c
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6 (32bit)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19796D5-E477-40A1-8C78-DF2EB439D99B}" = LINDO 6.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (32bit)
"{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper
"{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP PSC 2200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 2200 series
"iCopyExpert_is1" = iCopyExpert 3.1.2
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"JCreator LE_is1" = JCreator LE 5.00
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MatlabR2007b" = MATLAB R2007b
"matplotlib-py2.5" = Python 2.5 matplotlib-0.90.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"numarray-py2.5" = Python 2.5 numarray-1.5.2
"numpy-py2.5" = Python 2.5 numpy-1.0.3.1
"PDF reDirect" = PDF reDirect (remove only)
"ProInst" = Intel PROSet Wireless
"pywin32-py2.5" = Python 2.5 pywin32-210.5
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"VISPRO" = Microsoft Office Visio Professional 2007
"VisumPy-py2.5" = Python 2.5 VisumPy-1.5
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.5
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.6.0 (ansi) for Python 2.5
"wxPython2.8-docs-demos_is1" = wxPython Docs and Demos 2.8.6.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2011 15:51:30 | Computer Name = CLAUDIASLAPTOP | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\CLAUDIA\DESKTOP\TOPICS IN
MSL\LITERATURRECHERCHE\NEUER ORDNER> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 14.11.2011 18:30:28 | Computer Name = CLAUDIASLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.11.2011 18:30:28 | Computer Name = CLAUDIASLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2282
Error - 14.11.2011 18:30:28 | Computer Name = CLAUDIASLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2282
Error - 15.11.2011 15:13:14 | Computer Name = CLAUDIASLAPTOP | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 15.11.2011 15:13:14 | Computer Name = CLAUDIASLAPTOP | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 15.11.2011 15:24:45 | Computer Name = CLAUDIASLAPTOP | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 15.11.2011 15:24:46 | Computer Name = CLAUDIASLAPTOP | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 15.11.2011 15:29:57 | Computer Name = CLAUDIASLAPTOP | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 15.11.2011 15:29:57 | Computer Name = CLAUDIASLAPTOP | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
[ OSession Events ]
Error - 10.11.2011 17:14:35 | Computer Name = CLAUDIASLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 948 seconds with 840 seconds of active time. This session ended with a crash.
Error - 10.11.2011 17:27:23 | Computer Name = CLAUDIASLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 510 seconds with 360 seconds of active time. This session ended with a crash.
Error - 13.11.2011 10:40:22 | Computer Name = CLAUDIASLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3338 seconds with 3300 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 15.11.2011 15:35:29 | Computer Name = CLAUDIASLAPTOP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.11.2011 15:35:29 | Computer Name = CLAUDIASLAPTOP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.11.2011 15:35:29 | Computer Name = CLAUDIASLAPTOP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.11.2011 15:35:29 | Computer Name = CLAUDIASLAPTOP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.11.2011 15:35:29 | Computer Name = CLAUDIASLAPTOP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.11.2011 15:35:29 | Computer Name = CLAUDIASLAPTOP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
Error - 15.11.2011 15:48:19 | Computer Name = CLAUDIASLAPTOP | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 15.11.2011 15:48:44 | Computer Name = CLAUDIASLAPTOP | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 15.11.2011 16:02:39 | Computer Name = CLAUDIASLAPTOP | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 15.11.2011 16:02:42 | Computer Name = CLAUDIASLAPTOP | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
[/CODE] Geändert von Claudia1 (15.11.2011 um 21:51 Uhr) |
| Themen zu Bundespolizei-Tojaner / OTL und Malwarebytes Logfiles |
| 0x00000001, aktualisieren, alternate, andere, anderen, beiträge, c:\windows\system32\rundll32.exe, cdburnerxp, device driver, document, erhalte, erhalten, fehlermeldung, forum, gestartet, hoffe, installiert, logfile, logfiles, malwarebytes, mbamservice.exe, microsoft office word, modus, neues, neueste, plug-in, sched.exe, schlimm, service, service pack 3, shell32.dll, software, sttray.exe, troja, trojaner-board, upd.exe, version=1.0, windows, windows internet, windows xp, wscript.exe |
Baum-Darstellung