| |
| |||||||
Log-Analyse und Auswertung: Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.08.2012, 15:17
| #1 |
 |  Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus" Hi, Nachdem der Rechner mit dem "Polizei-Virus" abgestürzt ist habe ich das Gerät mit der Kaspersky Rescue Disk 10 durchlaufen lassen. Es wurden diverse Verseuchungen entdeckt. Anschließend startet Windows wieder soweit normal, doch mit ein paar diversen DLL Fehlern etc. Ich habe schonmal vorrab Malwarebytes und OTL genutzt. Logs: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.14.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 *** :: KUTSCHER_NEU [Administrator] 14.08.2012 14:14:35 mbam-log-2012-08-14 (14-14-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 396256 Laufzeit: 1 Stunde(n), 33 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\Recycle.Bin\470BA27FA10F346 (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Code:
ATTFilter OTL logfile created on: 14.08.2012 16:06:52 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\kutsche\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,46 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 78,54% Memory free 5,29 Gb Paging File | 4,46 Gb Available in Paging File | 84,18% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,77 Gb Total Space | 161,92 Gb Free Space | 69,56% Space Free | Partition Type: NTFS Drive D: | 1,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUTSCHER_NEU | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\kutsche\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2011\ApVxdWin.exe (Panda Security, S.L.) PRC - C:\Programme\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe (BISS GmbH) PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2011\psksvc.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2011\AVENGINE.EXE (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2011\WebProxy.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2011\PsCtrlS.exe (Panda Security, S.L.) PRC - C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) PRC - c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) PRC - C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) PRC - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - c:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - c:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - c:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe (Panda Security S.L.) PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.) PRC - C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) PRC - C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Nokia\MPAPI\MPAPI3s.exe (Nokia Corporation) PRC - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe (Nokia.) PRC - C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Programme\Google\Chrome\Application\21.0.1180.77\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\21.0.1180.77\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\21.0.1180.77\avutil-51.dll () MOD - C:\Programme\Google\Chrome\Application\21.0.1180.77\avformat-54.dll () MOD - C:\Programme\Google\Chrome\Application\21.0.1180.77\avcodec-54.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMBIOSController.dll () MOD - C:\Programme\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll () MOD - C:\WINDOWS\system32\Wavx_ESC_Logging.dll () MOD - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll () MOD - C:\WINDOWS\system32\wxvault.dll () MOD - C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll () MOD - c:\Programme\Intel\WiFi\bin\iWMSProv.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.lde () MOD - C:\WINDOWS\system32\WibuCm32.lde () MOD - C:\Programme\Panda Security\Panda Antivirus Pro 2011\MiniCrypto.dll () MOD - C:\Programme\Panda Security\Panda Antivirus Pro 2011\APIcr.dll () MOD - C:\Programme\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_ger.NLR () MOD - C:\Programme\Panda Security\Panda Antivirus Pro 2011\LIBXML2.DLL () MOD - C:\WINDOWS\system32\pdfcmnnt.dll () ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (JavaQuickStarterService) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WinRiskXASmClSoftwareUpdate) -- C:\Programme\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe (BISS GmbH) SRV - (TPSrv) -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe (Panda Security, S.L.) SRV - (PAVFNSVR) -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe (Panda Security, S.L.) SRV - (PskSvcRetail) -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\psksvc.exe (Panda Security, S.L.) SRV - (PAVSRV) -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe (Panda Security, S.L.) SRV - (Panda Software Controller) -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PsCtrlS.exe (Panda Security, S.L.) SRV - (SMManager) -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (dcpsysmgrsvc) -- c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (TdmService) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (SecureStorageService) -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) SRV - (buttonsvc32) -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (stllssvr) -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (tcsd_win32.exe) -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (EvtEng) -- c:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- c:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- c:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SentinelProtectionServer) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (SentinelKeysServer) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (PSIMSVC) -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe (Panda Security S.L.) SRV - (PavPrSrv) -- C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (PavTPK.sys) -- C:\WINDOWS\system32\PavTPK.sys File not found DRV - (PavSRK.sys) -- C:\WINDOWS\system32\PavSRK.sys File not found DRV - (NvtSp50) -- System32\Drivers\NvtSp50.sys File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (AvFlt) -- C:\WINDOWS\system32\drivers\av5flt.sys (Panda Security, S.L.) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (AmFSM) -- C:\WINDOWS\system32\drivers\amm8651.sys (Panda Security, S.L.) DRV - (ShldDrv) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security, S.L.) DRV - (PavProc) -- C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security, S.L.) DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys () DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation) DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\sentinel.sys (SafeNet, Inc.) DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.) DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc) DRV - (Nokia USB Phone Parent) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia) DRV - (Nokia USB Modem) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia) DRV - (Nokia USB Generic) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.msn.com/sphome.aspx IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.live.com/sphome.aspx IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ottersbach-assekuranz.de/ IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\..\SearchScopes,DefaultScope = {D4D7E040-AD5B-4880-8395-53C2B7B5F30E} IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\..\SearchScopes\{D4D7E040-AD5B-4880-8395-53C2B7B5F30E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=302398" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2010.01.14 14:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Mozilla\Firefox\Profiles\0n19mbw0.default\extensions [2010.01.14 14:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Mozilla\Firefox\Profiles\0n19mbw0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.14 14:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Mozilla\Firefox\Profiles\0n19mbw0.default\extensions\ChoiceGuard@Microsoft ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.77\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.77\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.77\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [APVXDWIN] C:\Programme\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [ChangeTPMAuth] C:\Programme\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.) O4 - HKLM..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [DellConnectionManager] C:\Programme\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) O4 - HKLM..\Run: [DellControlPoint] c:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SCANINICIO] C:\Programme\Panda Security\Panda Antivirus Pro 2011\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKU\S-1-5-21-2208252630-454779037-4060696214-1005..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\kutsche\Startmenü\Programme\Autostart\CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-2208252630-454779037-4060696214-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344944685781 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3799DCA6-E629-4085-8F19-5701F51AB21F}: DhcpNameServer = 192.168.20.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.26 07:57:17 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{709d2175-0102-11df-aafa-002564664201}\Shell - "" = AutoRun O33 - MountPoints2\{709d2175-0102-11df-aafa-002564664201}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{709d2175-0102-11df-aafa-002564664201}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.14 14:15:27 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\kutsche\Desktop\OTL.exe [2012.08.14 13:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2012.08.14 13:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell [2012.08.14 13:56:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2012.08.14 13:56:07 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2012.08.14 13:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2012.08.14 13:48:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Malwarebytes [2012.08.14 13:48:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.08.14 13:48:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.14 13:48:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.14 13:48:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.08.14 13:44:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2012.08.14 13:44:11 | 000,000,000 | ---D | C] -- C:\Programme\Oracle [2012.08.14 13:44:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Oracle [2012.08.14 13:43:56 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.08.14 13:43:56 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.08.14 13:43:55 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.08.14 13:43:47 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.08.14 13:43:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.08.14 13:42:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2012.08.14 13:42:45 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2012.08.14 13:42:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2012.08.14 13:36:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.14 12:14:39 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.08.14 08:58:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7 [2012.08.14 08:58:51 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer [2012.08.13 16:42:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Nixi [2012.08.13 16:42:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Gufeam [2012.08.13 16:42:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Etecoc [2012.08.13 15:28:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.08.13 12:37:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mkasilfyktldnla [2012.08.13 12:24:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\kutsche\Recent [2012.07.31 08:40:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Search Settings [2012.07.31 08:40:13 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2012.07.31 08:40:13 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2012.07.31 08:40:13 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2012.07.16 18:38:03 | 000,180,608 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8187.SYS [2012.07.16 18:37:42 | 000,013,532 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\SjyPkt.sys [2012.07.16 18:37:41 | 000,000,000 | ---D | C] -- C:\Programme\REALTEK RTL8187 Wireless LAN Driver and Utility [2012.07.16 18:37:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\REALTEK RTL8187 Wireless LAN Driver and Utility [2012.07.16 18:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\kutsche\*.tmp files -> C:\Dokumente und Einstellungen\kutsche\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.14 15:56:27 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat [2012.08.14 15:56:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.14 15:56:20 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.14 15:56:01 | 000,105,088 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\av5flt.sys [2012.08.14 15:55:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.14 15:55:51 | 000,001,024 | ---- | M] () -- C:\.rnd [2012.08.14 15:55:48 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys [2012.08.14 15:31:38 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC [2012.08.14 15:18:01 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.14 14:15:29 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\kutsche\Desktop\OTL.exe [2012.08.14 14:12:51 | 000,558,002 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.08.14 14:12:51 | 000,507,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.08.14 14:12:51 | 000,117,760 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.08.14 14:12:51 | 000,090,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.08.14 14:10:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.14 13:56:02 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\kutsche\Desktop\Windows Media Player.lnk [2012.08.14 13:56:01 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012.08.14 13:56:01 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012.08.14 13:54:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012.08.14 13:48:02 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.14 13:45:33 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.08.14 13:43:30 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.08.14 13:43:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.08.14 09:19:47 | 000,001,779 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.08.14 08:58:53 | 000,000,789 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk [2012.08.13 15:22:02 | 000,000,073 | ---- | M] () -- C:\WINDOWS\KMSTMVM.ini [2012.08.13 15:13:10 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\kutsche\Desktop\Microsoft Office Word 2007.lnk [2012.08.13 12:38:04 | 000,008,627 | ---- | M] () -- C:\Dokumente und Einstellungen\kutsche\PAV_FOG.OPC [2012.08.13 12:37:58 | 000,000,051 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jkabhyxlakmuykm [2012.08.13 12:31:26 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\kutsche\Desktop\Arbeitsplatz.lnk [2012.08.13 12:31:24 | 000,000,354 | ---- | M] () -- C:\Dokumente und Einstellungen\kutsche\Desktop\Eigene Dateien.lnk [2012.08.13 09:42:01 | 000,002,505 | ---- | M] () -- C:\Dokumente und Einstellungen\kutsche\Desktop\Microsoft Office Excel 2007.lnk [2012.08.10 16:40:09 | 000,000,093 | ---- | M] () -- C:\Dokumente und Einstellungen\kutsche\btFrame.prop [2012.08.10 09:35:26 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\lbj.ini [2012.08.09 13:15:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.08.08 10:40:43 | 000,000,935 | ---- | M] () -- C:\WINDOWS\VPMS.INI [2012.08.06 12:56:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.07.27 13:41:50 | 000,016,594 | ---- | M] () -- C:\WINDOWS\VFRAME32.INI [2012.07.27 11:10:34 | 000,000,667 | ---- | M] () -- C:\WINDOWS\VFORTSCH.INI [2012.07.16 18:37:42 | 000,001,727 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\REALTEK RTL8187 Wireless LAN Utility.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\kutsche\*.tmp files -> C:\Dokumente und Einstellungen\kutsche\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.14 15:55:51 | 000,001,024 | ---- | C] () -- C:\.rnd [2012.08.14 13:54:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012.08.14 13:51:07 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb [2012.08.14 13:48:02 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.14 13:45:33 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2012.08.14 13:45:33 | 000,001,716 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.08.14 08:58:53 | 000,000,789 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk [2012.08.13 12:37:52 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jkabhyxlakmuykm [2012.08.13 12:31:26 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Desktop\Arbeitsplatz.lnk [2012.08.13 12:31:24 | 000,000,354 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Desktop\Eigene Dateien.lnk [2012.07.16 18:37:42 | 000,001,727 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\REALTEK RTL8187 Wireless LAN Utility.lnk [2012.04.16 10:15:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.03.23 20:28:42 | 000,962,364 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2208252630-454779037-4060696214-1005-0.dat [2012.03.23 20:28:40 | 000,299,918 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.03.15 18:11:32 | 000,000,093 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\btFrame.prop [2012.03.15 17:32:16 | 000,000,080 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\axa-bt.ini [2012.02.16 09:30:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.07 14:08:51 | 000,000,219 | ---- | C] () -- C:\WINDOWS\BBU.INI [2012.02.07 12:30:18 | 000,000,481 | ---- | C] () -- C:\WINDOWS\BTI.INI [2012.02.07 12:29:54 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE [2012.02.07 12:29:54 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL [2012.02.07 12:29:54 | 000,101,888 | ---- | C] () -- C:\WINDOWS\BUTIL.DLL [2012.02.07 12:29:54 | 000,100,864 | ---- | C] () -- C:\WINDOWS\WDBUUI32.DLL [2012.02.07 12:29:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\WDBUMK32.DLL [2012.02.07 12:29:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\BUTIL.EXE [2012.02.07 12:29:54 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\r32.exe [2012.02.07 12:29:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\REGOCX32.EXE [2012.02.07 12:29:53 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL [2011.12.03 12:04:58 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lbj.ini [2011.07.04 11:25:56 | 000,005,345 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\BWSmartClientAppRes.WinRisk_Login.html [2011.07.04 11:25:56 | 000,000,037 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\bullet.gif [2011.07.04 11:25:55 | 000,070,098 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\WinRisk_Background.jpg [2011.07.04 11:25:55 | 000,001,961 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\IR_LoginBtn.gif [2011.07.04 11:25:55 | 000,000,360 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\WinRisk_Smile.gif [2011.03.21 17:15:11 | 000,104,614 | ---- | C] () -- C:\WINDOWS\arj.exe [2011.02.11 11:25:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MD5.DLL [2011.02.11 11:25:01 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll [2011.02.11 11:25:01 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2011.01.26 17:52:38 | 000,000,242 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat [2010.12.01 18:19:23 | 000,008,627 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\PAV_FOG.OPC [2010.11.22 16:10:20 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.01 16:38:16 | 000,067,024 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.01 09:03:37 | 000,190,655 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Enke, Marga - Erfassungsbogen Haftpflichtversicherung Details.pdf [2010.04.01 09:03:37 | 000,164,954 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Enke, Marga - Erfassungsbogen Hausratversicherung Details.pdf [2010.04.01 09:03:37 | 000,138,291 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Enke, Marga - Erfassungsbogen Haftpflichtversicherung.pdf [2010.04.01 09:03:37 | 000,125,093 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Enke, Marga - Erfassungsbogen Hausratversicherung.pdf [2010.03.29 09:34:18 | 000,185,430 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Birkel, Vitali - Erfassungsbogen Haftpflichtversicherung Details.pdf [2010.03.29 09:34:18 | 000,133,075 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Birkel, Vitali - Erfassungsbogen Haftpflichtversicherung.pdf [2010.03.29 09:17:07 | 000,159,732 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Birkel, Vitali - Erfassungsbogen Hausratversicherung Details.pdf [2010.03.29 09:17:07 | 000,125,093 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Birkel, Vitali - Erfassungsbogen Hausratversicherung.pdf [2010.02.25 16:17:56 | 000,000,027 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\version.ini [2010.01.14 14:25:20 | 000,001,136 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html [2010.01.14 11:36:11 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.01.14 11:36:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat ========== LOP Check ========== [2009.12.12 14:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Broadcom [2009.12.12 14:10:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Wave Systems Corp [2009.12.12 13:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search [2010.01.14 14:05:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AmisAVW [2009.12.12 14:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AT&T [2012.07.25 14:39:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firebird [2012.05.30 10:02:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\JanitosTarifrechner [2012.08.14 14:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mkasilfyktldnla [2009.12.12 14:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTRU Cryptosystems [2010.03.18 12:09:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuernberger [2011.01.26 17:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security [2012.03.26 17:24:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Software [2010.01.14 14:05:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Releasing [2009.12.12 14:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2009.12.12 14:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wave Systems Corp [2010.08.27 15:09:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.12.12 14:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Backup\Anwendungsdaten\Broadcom [2009.12.12 14:10:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Backup\Anwendungsdaten\Wave Systems Corp [2009.12.12 13:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Backup\Anwendungsdaten\Windows Desktop Search [2009.12.12 14:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Broadcom [2009.12.12 14:10:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Wave Systems Corp [2009.12.12 13:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Windows Desktop Search [2010.01.14 15:15:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\AMS [2009.12.12 14:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Broadcom [2012.01.10 13:17:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Daisy [2010.05.21 14:19:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\DataLayer [2012.08.14 14:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Etecoc [2012.08.13 16:42:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Gufeam [2011.08.23 11:58:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Morgen&Morgen [2010.01.14 14:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\MSNInstaller [2012.08.14 08:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Nixi [2010.03.26 15:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Nokia [2010.01.14 14:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Nokia Multimedia Player [2012.08.14 13:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Oracle [2011.01.26 17:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Panda Security [2010.01.14 14:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\PC Suite [2010.03.30 16:49:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\pdfforge [2010.01.14 14:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Pixum [2012.07.31 08:40:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Search Settings [2012.08.14 08:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\TeamViewer [2009.12.12 14:10:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Wave Systems Corp [2009.12.12 13:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Windows Desktop Search [2010.01.14 14:26:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kutsche\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.08.2012 16:06:52 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\kutsche\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,46 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 78,54% Memory free
5,29 Gb Paging File | 4,46 Gb Available in Paging File | 84,18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,77 Gb Total Space | 161,92 Gb Free Space | 69,56% Space Free | Partition Type: NTFS
Drive D: | 1,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KUTSCHER_NEU | User Name: kutsche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~2\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~2\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~2\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~2\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~2\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~2\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2479:TCP" = 2479:TCP:*:Enabled:Services
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"52344:TCP" = 52344:TCP:*:Enabled:Services
"65533:TCP" = 65533:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2479:TCP" = 2479:TCP:*:Enabled:Services
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"52344:TCP" = 52344:TCP:*:Enabled:Services
"65533:TCP" = 65533:TCP:*:Enabled:Services
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe:*:Enabled:VHV Java Virtual Machine -- ()
"C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe:*:Enabled:VHV Java Virtual Machine -- (Sun Microsystems, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"\\server\Programme\ams4\AmsWin.EXE" = \\server\Programme\ams4\AmsWin.EXE:*:Enabled:AmsWin.EXE
"C:\ARAG\java\j2re1.4.2_04\bin\java.exe" = C:\ARAG\java\j2re1.4.2_04\bin\java.exe:*:Enabled:java
"C:\colserv2\Colserv\jre\bin\javaw.exe" = C:\colserv2\Colserv\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\usmt\migwiz.exe" = C:\Dokumente und Einstellungen\kutsche\Lokale Einstellungen\Temp\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe" = C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Programme\NuernbergerBT\Vers0309\Bin\btVerUpd.exe" = C:\Programme\NuernbergerBT\Vers0309\Bin\btVerUpd.exe:*:Enabled:btVerUpd
"C:\Programme\Sybase\SQLAnywhere8\win32\dbeng8.exe" = C:\Programme\Sybase\SQLAnywhere8\win32\dbeng8.exe:*:Enabled:Adaptive Server Anywhere Database Engine
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Oracle Corporation)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Programme\Panda Security\Panda Antivirus Pro 2011\ApVxdWin.exe" = C:\Programme\Panda Security\Panda Antivirus Pro 2011\ApVxdWin.exe:*:Enabled:Panda permanent protection -- (Panda Security, S.L.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe:*:Enabled:VHV Java Virtual Machine -- ()
"C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe:*:Enabled:VHV Java Virtual Machine -- (Sun Microsystems, Inc.)
"C:\Programme\Fairware24\JanitosTarifrechner\zebedee.exe" = C:\Programme\Fairware24\JanitosTarifrechner\zebedee.exe:*:Enabled:zebedee -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1267949C-73FC-4692-AA22-176F5E909647}" = Nokia PC Suite
"{14237138-900C-4C0A-AF63-1888F2671F9D}" = SO32MMWrapper
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{277432A0-E97F-11D1-93BE-006067307125}" = NAFI-Kfz-Programme
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3872C2B2-1C00-4742-83F5-D0797278E9EF}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{454DF264-12FF-4F82-9B2C-9D4E0B1EEA77}}_is1" = Daisy 12.0.10_rev3831
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62C0C0B7-0779-4A40-937A-14A930B6F4A6}" = Dell ControlPoint Connection Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F00DA5-D21D-4245-8FC1-85849BBAD00D}" = Dell ControlPoint System Manager
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7369BCBA-E412-49FB-82CB-EF0BA2ABE68B}" = InterRisk WinRisk Smart-Client 4.8.1
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75729BD7-F978-4C18-AF98-C0A682BF17D0}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{7B088773-4913-46E1-813E-CD1A0FA9CB03}" = DCP32MMWrapper
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{88CFEF4F-3BA5-4B1F-BAD9-0C8F82026C96}" = CodeMeter Runtime Kit v3.30b
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8CB7F4E6-73AE-4D8F-86A2-EAE39CE72FD1}" = Intel(R) PROSet/Wireless WiFi-Software
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Intel(R) PROSet/Wireless WiFi-Software
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA259E30-3918-4AE2-A969-3D155A5112A8}" = NÜRNBERGER Beratungstechnologie Version 03.2010 Einzelplatz
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}" = VHV-Tarifprogramm
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B37B0F29-81B9-40B1-A6C2-8416E2586C43}" = Panda Antivirus Pro 2011
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6110525-A762-11D5-B03E-BE10F5683A07}" = TABULARASA
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7FFE9D8-1F43-4007-8826-0314E3921FC9}" = CV-WIN
"{B8381511-3832-4449-B33A-763931D2590B}" = BB-Euro-Tarifrechner
"{B8B66BEA-ADC1-407B-8004-CCB66DBB3E6D}" = AXA Beratungstechnologie
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2011
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BPiText" = Bonnprint/iText
"CV-WIN" = CV-WIN
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"Google Chrome" = Google Chrome
"gv20112_is1" = Grundeigentümer-Versicherung Serviceunterlagen 2011
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{1267949C-73FC-4692-AA22-176F5E909647}" = Nokia PC Suite
"InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.5.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MORGEN & MORGEN PDF-Drucker" = MORGEN & MORGEN PDF-Drucker
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Olivetti d-Color P221/d-Color P221 Special/d-Color P226 Product Library" = Olivetti d-Color P221/d-Color P221 Special/d-Color P226 Product Library
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"TeamViewer 7" = TeamViewer 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2208252630-454779037-4060696214-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d7d997e86766123f" = Business plus+
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2012 06:03:28 | Computer Name = KUTSCHER_NEU | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x019d5947.
Error - 13.08.2012 06:24:21 | Computer Name = KUTSCHER_NEU | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 13.08.2012 06:25:27 | Computer Name = KUTSCHER_NEU | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\KUTSCHE\RECENT\DESKTOP.INI>
in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 13.08.2012 06:35:24 | Computer Name = KUTSCHER_NEU | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 13.08.2012 09:27:03 | Computer Name = KUTSCHER_NEU | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 14.08.2012 02:50:25 | Computer Name = KUTSCHER_NEU | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 14.08.2012 03:28:54 | Computer Name = KUTSCHER_NEU | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 14.08.2012 07:33:50 | Computer Name = KUTSCHER_NEU | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 14.08.2012 09:53:58 | Computer Name = KUTSCHER_NEU | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
Error - 14.08.2012 09:56:41 | Computer Name = KUTSCHER_NEU | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM
[ OSession Events ]
Error - 20.08.2010 05:34:00 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 10806
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 06.09.2010 11:08:16 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11860
seconds with 780 seconds of active time. This session ended with a crash.
Error - 10.09.2010 03:02:37 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 626
seconds with 120 seconds of active time. This session ended with a crash.
Error - 28.09.2010 09:41:07 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1652
seconds with 1380 seconds of active time. This session ended with a crash.
Error - 05.10.2010 11:01:30 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3905
seconds with 180 seconds of active time. This session ended with a crash.
Error - 08.02.2011 12:03:50 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 24606
seconds with 4680 seconds of active time. This session ended with a crash.
Error - 28.02.2011 07:13:09 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2164
seconds with 1980 seconds of active time. This session ended with a crash.
Error - 03.01.2012 11:28:04 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28437
seconds with 5040 seconds of active time. This session ended with a crash.
Error - 26.01.2012 05:11:52 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1446
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 28.02.2012 05:46:52 | Computer Name = KUTSCHER_NEU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4388
seconds with 1440 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.08.2012 09:52:52 | Computer Name = KUTSCHER_NEU | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 14.08.2012 09:52:52 | Computer Name = KUTSCHER_NEU | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 14.08.2012 09:53:27 | Computer Name = KUTSCHER_NEU | Source = Service Control Manager | ID = 7034
Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 14.08.2012 09:55:57 | Computer Name = KUTSCHER_NEU | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 14.08.2012 09:55:57 | Computer Name = KUTSCHER_NEU | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sentinel" ist vom Dienst "Treiber für parallelen Anschluss"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 14.08.2012 09:55:57 | Computer Name = KUTSCHER_NEU | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 14.08.2012 09:55:58 | Computer Name = KUTSCHER_NEU | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 14.08.2012 09:55:58 | Computer Name = KUTSCHER_NEU | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 14.08.2012 09:55:58 | Computer Name = KUTSCHER_NEU | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 14.08.2012 09:56:35 | Computer Name = KUTSCHER_NEU | Source = Service Control Manager | ID = 7034
Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
< End of report >
|
| Themen zu Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus" |
| antivirus, bho, bingbar, bonjour, desktop.ini, device driver, document, entfernen, error, excel, fehler, firefox, flash player, format, google, google earth, helper, homepage, iexplore.exe, kaspersky, logfile, office 2007, pdfforge toolbar, plug-in, polizei-virus, realtek, recycle.bin, registry, remote control, rundll, scan, security, server, software, sttray.exe, udp, virtual machine, windows, windows internet |
Baum-Darstellung