| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hilfe! Savings Sidekick entfernen..aber wie?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.11.2012, 17:41
| #1 |
| |  Hilfe! Savings Sidekick entfernen..aber wie? Liebe Leute, seit ein paar Tagen ist mir beim Surfen über Mozilla Firefox aufgefallen, dass sich "Savings Sidekick" auf meinem Rechner befindet. In Texten auf etlichen Internetseiten sind einzelne Wörter markiert und zeigen Werbung über Savings Sidekick an. Ich habe hier im Forum bereits etwas darüber gelesen und habe mich an den Anleitungen orientiert und MalwareBytes, AdwCleaner, OTL durchlaufen lassen (den Code für OTL, den der User "cosinus" in einem anderen Beitrag für eine Userin gepostet hat, die ebenfalls das Problem hatte, habe ich nicht bei OTL eingegeben, da cosinus davor geraten hat, da der Code individuell auf das Problem und System der Userin war). Dazu muss ich sagen, dass ich mich ansonsten gar nicht mit dieser Materie auskenne. So wundert es auch nicht, dass das Problem weiterhin besteht und ich euch um eure Hilfe bitte. Hier die Code-Tags von AdwCleaner und OTL: AdwCleaner: Code:
ATTFilter # AdwCleaner v2.006 - Datei am 01/11/2012 um 17:19:41 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Claudia - CLAUDIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Claudia\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Claudia\Desktop\Savings Sidekick
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\024fe1h6.default\prefs.js
Gefunden : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1351783908);
Gefunden : user_pref("extensions.crossriderapp5060.5060.active", true);
Gefunden : user_pref("extensions.crossriderapp5060.5060.addressbar", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);
Gefunden : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);
Gefunden : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1351783908");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1351783908");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Thu Nov 01 2012 17:[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Thu Nov 08 2012 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22DE%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1351785614");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2245990%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1351783980261");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221265%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%22100886%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1351783960354");
Gefunden : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");
Gefunden : user_pref("extensions.crossriderapp5060.5060.domain", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.group", 0);
Gefunden : user_pref("extensions.crossriderapp5060.5060.homepage", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.iframe", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Thu Nov 01[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");
Gefunden : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");
Gefunden : user_pref("extensions.crossriderapp5060.5060.newtab", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.opensearch", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);
Gefunden : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");
Gefunden : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);
Gefunden : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.thankyou", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);
Gefunden : user_pref("extensions.crossriderapp5060.5060.ver", 37);
Gefunden : user_pref("extensions.crossriderapp5060.apps", "5060");
Gefunden : user_pref("extensions.crossriderapp5060.bic", "12ddb2fdefbe4dec5ef9394f340780a7");
Gefunden : user_pref("extensions.crossriderapp5060.cid", 5060);
Gefunden : user_pref("extensions.crossriderapp5060.firstrun", false);
Gefunden : user_pref("extensions.crossriderapp5060.hadappinstalled", true);
Gefunden : user_pref("extensions.crossriderapp5060.installationdate", 1351783908);
Gefunden : user_pref("extensions.crossriderapp5060.lastcheck", 22529732);
Gefunden : user_pref("extensions.crossriderapp5060.lastcheckitem", 22529761);
Gefunden : user_pref("extensions.crossriderapp5060.modetype", "production");
Gefunden : user_pref("extensions.crossriderapp5060.reportInstall", true);
Gefunden : user_pref("extensions.crossriderapp5060@crossrider.com.install-event-fired", true);
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v11.11.2109.0
Datei : C:\Users\Claudia\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [41477 octets] - [01/11/2012 14:57:10]
AdwCleaner[R1].txt - [12659 octets] - [01/11/2012 15:04:31]
AdwCleaner[S2].txt - [12593 octets] - [01/11/2012 15:09:38]
AdwCleaner[S3].txt - [12677 octets] - [01/11/2012 16:27:35]
AdwCleaner[R2].txt - [12650 octets] - [01/11/2012 17:19:41]
########## EOF - C:\AdwCleaner[R2].txt - [12711 octets] ##########
OTL: Code:
ATTFilter OTL logfile created on: 01.11.2012 16:35:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claudia\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,76% Memory free 3,98 Gb Paging File | 2,84 Gb Available in Paging File | 71,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,55 Gb Total Space | 15,36 Gb Free Space | 22,09% Space Free | Partition Type: NTFS Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.01 16:34:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Downloads\OTL.exe PRC - [2012.10.30 14:06:05 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 14:05:49 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.10.30 14:05:46 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 14:05:46 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.03 20:52:33 | 000,685,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.06.26 12:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.06.11 10:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.06.11 10:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2012.08.03 20:53:25 | 000,062,968 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll MOD - [2012.06.26 12:11:10 | 000,345,688 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2012.06.26 12:11:08 | 000,282,200 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2012.06.26 12:11:02 | 008,197,208 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2012.06.26 12:11:00 | 002,302,040 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2012.06.26 12:10:58 | 000,202,328 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2012.06.26 12:10:58 | 000,027,736 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.10.30 14:06:05 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 14:05:49 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.10.30 14:05:46 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.29 08:59:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - [2012.10.30 14:06:06 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.03 20:38:55 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012.08.03 20:38:05 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock) DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.12.07 19:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.07.26 21:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Programme\BatteryCare\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3465115012-114302479-16852889-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3465115012-114302479-16852889-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3465115012-114302479-16852889-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3465115012-114302479-16852889-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 F0 35 F6 81 47 CB 01 [binary data] IE - HKU\S-1-5-21-3465115012-114302479-16852889-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3465115012-114302479-16852889-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3465115012-114302479-16852889-1001\..\SearchScopes\{BD0B1D9C-70AE-47D3-B7D6-3E63A4581434}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VL^DE&apn_uid=3ef42da2-5e2f-4b19-a83a-754a7296b47b&apn_sauid=0EC8C0B0-AA78-4FF5-8594-CB51A73B9525 IE - HKU\S-1-5-21-3465115012-114302479-16852889-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.05 17:47:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.05 17:47:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 08:59:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 08:58:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.01.25 20:43:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 08:59:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 08:58:55 | 000,000,000 | ---D | M] [2012.10.29 08:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.29 08:58:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.29 08:58:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.29 08:58:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.29 08:59:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.24 06:57:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 16:50:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.24 06:57:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 06:57:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 06:57:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 06:57:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKU\S-1-5-21-3465115012-114302479-16852889-1001..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized File not found O4 - HKU\S-1-5-21-3465115012-114302479-16852889-1001..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKU\S-1-5-21-3465115012-114302479-16852889-1001..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3465115012-114302479-16852889-1001..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5F52C0F-CE2E-4315-B912-59A9F6199EA3}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CA79FD-C0A1-43E1-8575-5D9CF68BB0B9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB0A9383-4C84-4324-95B0-9D9B6E851D82}: NameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\Shell - "" = AutoRun O33 - MountPoints2\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\Shell - "" = AutoRun O33 - MountPoints2\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\Shell - "" = AutoRun O33 - MountPoints2\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - () MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.01 16:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE [2012.11.01 14:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.01 11:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.01 11:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.01 11:26:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.01 11:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.29 08:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.19 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.10.19 22:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.17 07:59:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.17 07:59:43 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.17 07:59:43 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.17 07:59:43 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.17 07:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.12 08:26:58 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Kalender-Excel-8.8.1 [2012.10.12 08:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalender-Excel-8.8.1 [1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.01 16:37:30 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 16:37:30 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 16:29:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.01 16:28:58 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2012.11.01 16:24:39 | 000,540,977 | ---- | M] () -- C:\Users\Claudia\Desktop\adwcleaner.exe [2012.11.01 14:56:05 | 000,538,941 | ---- | M] () -- C:\Users\Claudia\Desktop\AdwCleaner2005.exe [2012.11.01 14:37:51 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.01 14:37:42 | 000,658,824 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.01 14:37:42 | 000,620,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.01 14:37:42 | 000,134,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.01 14:37:42 | 000,109,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.30 14:06:06 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.19 22:21:39 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.10.09 16:13:08 | 000,234,777 | ---- | M] () -- C:\Users\Claudia\Desktop\kündigungsvormerkung.pdf [2012.10.03 17:04:24 | 001,088,454 | ---- | M] () -- C:\Users\Claudia\Desktop\IMG_0001.tif [1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.01 16:24:38 | 000,540,977 | ---- | C] () -- C:\Users\Claudia\Desktop\adwcleaner.exe [2012.11.01 14:56:02 | 000,538,941 | ---- | C] () -- C:\Users\Claudia\Desktop\AdwCleaner2005.exe [2012.10.19 22:21:39 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.10.19 22:21:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.10.17 08:02:12 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.09 16:13:04 | 000,234,777 | ---- | C] () -- C:\Users\Claudia\Desktop\kündigungsvormerkung.pdf [2012.10.03 17:04:33 | 001,088,454 | ---- | C] () -- C:\Users\Claudia\Desktop\IMG_0001.tif [2012.02.18 15:25:40 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2012.02.18 15:25:40 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2011.06.15 11:19:48 | 000,007,605 | ---- | C] () -- C:\Users\Claudia\AppData\Local\Resmon.ResmonCfg [2011.04.20 16:29:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.25 14:06:57 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2011.01.25 14:06:57 | 000,000,000 | RHS- | C] () -- \IO.SYS [2011.01.20 09:48:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.29 15:06:02 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2010.08.29 15:06:00 | 000,383,786 | RHS- | C] () -- \bootmgr [2010.08.29 14:07:03 | 1603,084,288 | -HS- | C] () -- \hiberfil.sys [2009.07.14 03:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009.07.14 03:04:04 | 000,000,010 | ---- | C] () -- \config.sys ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.08.29 14:29:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2011.01.13 15:43:46 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ [2011.02.03 19:24:25 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan [2012.09.04 13:34:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2010.08.29 14:29:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente [2010.08.29 14:29:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2012.08.08 11:38:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Installations [2012.08.08 11:42:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\PC Suite [2010.12.11 16:43:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoGenie [2012.02.18 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\SafeNet Sentinel [2012.02.18 15:30:27 | 000,000,000 | ---D | M] -- C:\Users\All Users\SPSS [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2010.08.29 14:29:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2011.06.01 22:19:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\TuneUp Software [2010.12.20 09:22:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\VirtualizedApplications [2010.08.29 14:29:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen [2011.06.01 22:10:41 | 000,000,000 | -HSD | M] -- C:\Users\All Users\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.04.11 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\Claudia\.pdfsam [2012.02.18 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Claudia\.spss [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Anwendungsdaten [2010.08.29 14:30:03 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData [2011.01.31 09:28:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\Application Data [2012.07.12 07:58:57 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Contacts [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Cookies [2012.11.01 16:24:54 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Desktop [2012.10.12 08:26:58 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Documents [2012.11.01 16:34:05 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Downloads [2012.11.01 16:29:52 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Dropbox [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Druckumgebung [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Eigene Dateien [2012.07.12 07:58:57 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Favorites [2012.07.12 07:58:58 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Links [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Lokale Einstellungen [2012.07.12 07:58:57 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Music [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Netzwerkumgebung [2012.07.12 07:58:57 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Pictures [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Recent [2012.07.12 07:58:57 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Saved Games [2012.07.12 07:58:57 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Searches [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\SendTo [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Startmenü [2012.07.12 07:58:57 | 000,000,000 | R--D | M] -- C:\Users\Claudia\Videos [2010.08.29 14:30:03 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\Vorlagen [2010.08.29 14:29:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten [2009.07.14 03:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2010.08.29 14:29:36 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2010.08.29 14:29:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung [2010.08.29 14:29:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien [2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2010.08.29 14:29:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen [2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2010.08.29 14:29:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung [2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009.07.14 03:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2010.08.29 14:29:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2010.08.29 14:29:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen [2012.11.01 16:21:39 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2010.08.29 14:29:37 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents [2009.07.14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009.07.14 03:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2010.08.29 14:29:40 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009.07.14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2009.07.14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2009.07.14 09:56:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV [2009.07.14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.31 15:27:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Adobe [2012.02.07 23:37:32 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Ahnenblatt [2010.12.27 09:52:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Auslogics [2012.10.17 08:07:49 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Avira [2012.01.31 15:28:22 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1 [2011.01.28 21:49:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\BatteryCare [2010.11.18 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\BitZipper [2011.02.03 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Canon [2010.11.27 19:09:18 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DivX [2012.11.01 16:30:07 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Dropbox [2012.08.31 13:30:39 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\dvdcss [2010.09.19 19:59:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoft [2010.09.19 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.24 19:13:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\EurekaLog [2012.02.25 19:39:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\FreeCall [2010.08.29 14:30:22 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Identities [2011.01.05 17:47:31 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Local [2010.08.30 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Macromedia [2012.11.01 11:26:51 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes [2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Media Center Programs [2011.09.28 22:16:57 | 000,000,000 | --SD | M] -- C:\Users\Claudia\AppData\Roaming\Microsoft [2010.08.29 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Mozilla [2012.08.08 11:42:50 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Nokia [2010.08.29 17:50:27 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org [2011.01.30 16:18:01 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Opera [2012.08.08 11:42:46 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\PC Suite [2012.08.10 16:56:13 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Skype [2011.11.01 18:47:57 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\skypePM [2012.11.01 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\SoftGrid Client [2010.12.09 20:56:22 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TP [2011.06.01 23:31:13 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software [2010.11.09 19:50:26 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\vlc [2012.02.24 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\VoipCheapCom [2010.09.12 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.01.19 17:10:40 | 000,717,322 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Ahnenblatt\unins000.exe [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.01.31 15:26:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Claudia\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.01.31 15:26:39 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Claudia\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.11.2012 16:35:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claudia\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,76% Memory free
3,98 Gb Paging File | 2,84 Gb Available in Paging File | 71,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,55 Gb Total Space | 15,36 Gb Free Space | 22,09% Space Free | Partition Type: NTFS
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3465115012-114302479-16852889-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34BBD741-06BA-444D-934F-7BD5B3550A8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D413CB3-48EC-4D8D-A2B7-58E265A1EA9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{53C732EB-0170-4106-9884-8CA1C16736C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{601C4CB1-F9ED-457A-82DF-F7ECDC506EF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{668AA7D3-52A6-4BE9-A1FE-96D6961C068E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DEAE8B8-67B6-439C-900E-55221BD1CA49}" = lport=10243 | protocol=6 | dir=in | app=system |
"{740C258B-09E7-458C-8315-1A74267BD95B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{783185EF-1820-46BB-A774-14B9FD40DD14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B1F09F5-89C7-4FE3-BF67-EE37FE625C79}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EF03231-4F69-409B-AD15-C9763D0158DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84328B37-4591-46C7-8309-FD5530CCA442}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B367F80-1380-4007-A702-15B22220E639}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A98D731-B0C4-4943-B544-5529EDDC88E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A3AFC302-33EA-49CC-A0D5-D20284918BC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B277DE9C-514E-40E8-8B64-07EDB389C801}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D458D4D8-760B-4AB8-A5C3-78CB37EAFA6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF94B02E-4EF9-4F93-AB40-E866E5925A09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E57D6730-2BE9-4B4F-9C0F-1FB3DE04395A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1BCC4AE-360E-43D4-8723-80E63BA2CCF7}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6AB8287-C859-46D9-A88B-C97B115BB57D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBD97EC6-BF26-4FAE-952D-4E8C56AC5400}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCF94EC4-CDCF-4DCD-88E3-94051F28BFDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEAD9307-20E7-49F7-A690-064FCA9FB165}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023CD076-3BFE-4917-9344-F6AA3D4F2BF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25A36ABE-F864-49EB-9FCA-1500A97173AD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{312EC1DF-629F-4B87-B33F-754CB7755A7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{325ADF8C-0B67-4569-81D7-DE82CD8B5DF2}" = protocol=6 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"{4733EFD5-8F0B-40E9-B6EE-78F0AB688649}" = protocol=6 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
"{512EEA69-A77B-4BED-98A4-3A7142BDA6A7}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"{53C113F1-051C-461B-80F2-27827469D409}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{665263D7-DCDF-4408-AD70-CC9217F7D4AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EC5AF86-548D-49A2-A6A0-666B2FA4BAE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7ADD3216-4745-4F52-AE46-31B177729BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85072F2B-7FDE-48BD-9F15-ABA5F3725640}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{86642B3B-5469-4ED4-B0CB-9694DA74AF2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{89E77322-25C0-4EF5-BEDF-FF524C97C9C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FBAE4BB-939B-4812-B245-C179355A0BED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90B1B361-B6AB-4C6F-A9D9-3D2F82F0190F}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"{AC7888EA-465B-4D94-A812-4A6D939AC316}" = protocol=6 | dir=out | app=system |
"{AC80312C-B195-4221-BEDE-1DED9A2ED306}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BABC7D4B-47EB-4C36-A49A-C7A4673CF50C}" = protocol=17 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"{BF885D66-ED83-49D2-845E-43ED2122A372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C5C83AB5-B65C-4693-9F17-D54A45BAA2AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1BA6A6A-B6DB-415B-8B2B-C911586A609B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D58318AF-51D5-4AB6-A279-0ABF1ECD0FC7}" = protocol=17 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
"{E3426AB9-476B-4160-AAA1-132F3F740AEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4452B7D-F4FA-4434-8FCF-2D68E85162F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EF89D727-A506-4898-89AE-051F9C14D7E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{03949771-DD8A-4838-A4CA-73897DBE23CA}C:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5AC46380-D7E8-4837-911C-098117C45AEF}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{B00ABACE-9F62-4D88-B7CA-40993FB99DBB}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"TCP Query User{BBDAAB76-EBD2-4023-9896-9DD9B96A4273}C:\program files\freecall.com\freecall\freecall.exe" = protocol=6 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
"UDP Query User{0D289ECF-7C04-41D8-A036-1887A1F9943D}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"UDP Query User{20B4E91A-45AC-4E72-B1FC-7E36AF614641}C:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D9FC6E9C-9120-4248-A22C-E49B9A74DAA2}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{E8872360-EEEB-423E-B209-CDB8A3951B89}C:\program files\freecall.com\freecall\freecall.exe" = protocol=17 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5200" = Canon iP5200
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6084D645-2101-926A-3DFF-26C1729089C6}" = Balsamiq Mockups For Desktop
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.8.5
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.70
"Avira AntiVir Desktop" = Avira Free Antivirus
"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
"BitZipper_is1" = BitZipper 2010
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Setup.divx.com" = DivX-Setup
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"Free Studio_is1" = Free Studio version 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Kalender-Excel-8.8.1_is1" = Kalender-Excel-8.8.1
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nokia PC Suite" = Nokia PC Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.11.2109" = Opera 11.11
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.4
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3465115012-114302479-16852889-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.12.2011 16:59:58 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
Zeitstempel: 0x4eb4a91a Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
Zeitstempel: 0x4e5d6c64 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001b8cf ID des fehlerhaften
Prozesses: 0x25c Startzeit der fehlerhaften Anwendung: 0x01ccbf5a50bc0b2e Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
92a83414-2b4d-11e1-b397-0016d32b2ec3
Error - 20.12.2011 17:00:10 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
Zeitstempel: 0x4eb4a91a Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
Zeitstempel: 0x4e5d6c64 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00001478 ID des fehlerhaften
Prozesses: 0xf10 Startzeit der fehlerhaften Anwendung: 0x01ccbf5a57425dc3 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
9a46d894-2b4d-11e1-b397-0016d32b2ec3
Error - 20.12.2011 17:00:24 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
Zeitstempel: 0x4eb4a91a Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
Zeitstempel: 0x4e5d6c64 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001e38f ID des fehlerhaften
Prozesses: 0x134 Startzeit der fehlerhaften Anwendung: 0x01ccbf5a5f05efee Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
a2599d57-2b4d-11e1-b397-0016d32b2ec3
Error - 31.01.2011 04:58:17 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.01.2011 04:58:36 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00746e65 ID des fehlerhaften
Prozesses: 0x8a8 Startzeit der fehlerhaften Anwendung: 0x01cbc124fa7bceb0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 494bde78-2d18-11e0-aef0-0016d32b2ec3
Error - 31.01.2011 04:58:38 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.01.2011 05:01:38 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.12.2011 05:34:27 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 21.12.2011 05:35:36 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.12.2011 05:37:02 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 01.11.2012 11:29:24 | Computer Name = Claudia-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 01.11.2012 11:29:27 | Computer Name = Claudia-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 01.11.2012 11:29:28 | Computer Name = Claudia-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1421 NULL object. Cannot establish a connection at this time.
Error - 01.11.2012 11:34:12 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 01.11.2012 11:34:12 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 01.11.2012 11:34:12 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
Error - 01.11.2012 11:34:25 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION
Error - 01.11.2012 11:34:25 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
Error - 01.11.2012 11:47:15 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION
Error - 01.11.2012 11:47:15 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
[ System Events ]
Error - 19.10.2012 11:28:05 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
ServiceLayer erreicht.
Error - 19.10.2012 11:28:05 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ServiceLayer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 19.10.2012 11:28:05 | Computer Name = Claudia-PC | Source = DCOM | ID = 10005
Description =
Error - 26.10.2012 02:49:17 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Software Protection erreicht.
Error - 26.10.2012 02:49:17 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.10.2012 05:38:26 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 30.10.2012 15:14:36 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
ServiceLayer erreicht.
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ServiceLayer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = DCOM | ID = 10005
Description =
< End of report >
Ich hoffe, dass ihr mir helfen könnt  Claudi2012 |
|
02.11.2012, 05:58
| #2 | |||
| /// Helfer-Team    | Hilfe! Savings Sidekick entfernen..aber wie? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. OTL wurde falsch platziert/gespeichert: OTL muss auf dem Desktop abgelegt werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen:-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. ** nachdem es gespeichert wurde auf dem Desktop in das Logfile von OTL, soll etwa so aussehen: Zitat:
Systemscan mit OTL
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
02.11.2012, 10:41
| #3 |
| | Hilfe! Savings Sidekick entfernen..aber wie? Vielen Dank erst mal!
__________________Zur Info: - OTL ist komischerweise bisher immer nach einer Zeit vom Desktop verschwunden..ich meine, es war immer nach einem Neustart, dass OTL vom Desktop weg war. - Ich habe die Logs erstellt, sehe aber nicht so recht, ob ich etwas davon unkenntlich für Außenstehende durch ein (*) machen sollte.. Hier nun die Logs: CCleaner (installierte Programme): Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 01.11.2012 3.1.0.4880 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 01.11.2012 6,00MB 10.3.183.5 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 01.11.2012 6,00MB 11.1.102.62 Adobe Reader XI - Deutsch Adobe Systems Incorporated 19.10.2012 127MB 11.0.00 Ahnenblatt 2.70 Dirk Boettcher 19.01.2012 10,9MB 2.70.0.0 Auslogics Disk Defrag Auslogics Software Pty Ltd 27.12.2010 9,15MB version 3.1 Avira Free Antivirus Avira 01.11.2012 122MB 13.0.0.2735 Balsamiq Mockups For Desktop Balsamiq, SRL 01.11.2012 2.1.13 BatteryCare 0.9.8.5 Filipe Lourenço 25.01.2011 3,03MB 0.9.8.5 BitZipper 2010 Bitberry Software 18.11.2010 Canon Inkjet Printer Driver Add-On Module 01.11.2012 Canon iP5200 01.11.2012 Canon MP Navigator EX 2.0 01.11.2012 Canon Utilities Solution Menu 01.11.2012 CanoScan LiDE 100 Scanner Driver 01.11.2012 CCleaner Piriform 24.10.2012 3.24 Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 04.09.2012 3.1.00495 Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 11.11.2010 11,5MB 5.0.6 DivX-Setup DivX, LLC 01.11.2012 2.2.1.2 Dropbox Dropbox, Inc. 12.06.2012 1.4.7 Free Studio version 4.9 DVDVideoSoft Limited. 19.09.2010 146MB IBM SPSS Statistics 20 IBM Corp 18.02.2012 800MB 20.0.0.0 Intel(R) Graphics Media Accelerator Driver Intel Corporation 01.11.2012 54,2MB 8.15.10.1867 Java 7 Update 9 Oracle 19.10.2012 128MB 7.0.90 Java(TM) 6 Update 20 Sun Microsystems, Inc. 29.08.2010 97,2MB 6.0.200 Java(TM) 6 Update 35 Oracle 30.07.2012 95,6MB 6.0.350 Kalender-Excel-8.8.1 MSDatec 12.10.2012 2,54MB 8.8.1 Lidl-Fotos 11.12.2010 Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 01.11.2012 19,4MB 1.65.1.1000 Mein Gutscheincode Finder 1.0.0.0 Conversion One GmbH 25.01.2011 1,90MB 1.0.0.0 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.11.2012 38,8MB 4.0.30319 Microsoft Office Home and Business 2010 - Deutsch Microsoft Corporation 01.11.2012 14.0.5128.5002 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 01.11.2012 14.0.4763.1000 Microsoft Silverlight Microsoft Corporation 13.05.2012 162MB 5.1.10411.0 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 598KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.02.2012 240KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.08.2010 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.10.2011 12,2MB 10.0.40219 Mobile Partner Huawei Technologies Co.,Ltd 01.11.2012 16.002.03.01.40 Mozilla Firefox 16.0.2 (x86 de) Mozilla 01.11.2012 43,1MB 16.0.2 Mozilla Maintenance Service Mozilla 01.11.2012 329KB 16.0.2 Nokia Connectivity Cable Driver Nokia 08.08.2012 3,35MB 7.1.78.0 Nokia PC Suite Nokia 01.11.2012 7.1.180.94 OpenOffice.org 3.2 OpenOffice.org 29.08.2010 378MB 3.2.9502 Opera 11.11 Opera Software ASA 01.11.2012 11.11.2109 Paint.NET v3.5.8 dotPDN LLC 05.02.2011 10,4MB 3.58.0 PC Connectivity Solution Nokia 08.08.2012 15,0MB 12.0.27.0 PDF24 Creator 3.0.0 PDF24.org 04.01.2011 33,2MB pdfsam 11.01.2011 2.2.0 PhotoCardMaker 1.0.4 Kigosoft Inc. 30.10.2011 7,66MB Skype Click to Call Skype Technologies S.A. 01.11.2011 12,5MB 5.6.8442 Skype™ 5.10 Skype Technologies S.A. 19.09.2012 19,4MB 5.10.116 Spybot - Search & Destroy Safer Networking Limited 29.08.2010 1.6.2 ThinkPad Modem 01.11.2012 7.62.00 ThinkPad Power Management Driver 01.11.2012 1.43 ThinkPad UltraNav Driver 01.11.2012 46,4MB 15.0.18.0 Uninstall 1.0.0.1 19.09.2010 10,5MB VLC media player 1.1.4 VideoLAN 01.11.2012 1.1.4 Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) Nokia 01.11.2012 02/25/2011 4.7 Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) Nokia 01.11.2012 02/25/2011 7.01.0.9 Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) Nokia 01.11.2012 05/31/2012 7.1.2.0 WinRAR 01.11.2012 OTL-Log: Code:
ATTFilter OTL logfile created on: 31.01.2011 10:02:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claudia\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 49,17% Memory free 3,98 Gb Paging File | 2,82 Gb Available in Paging File | 70,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,55 Gb Total Space | 15,36 Gb Free Space | 22,09% Space Free | Partition Type: NTFS Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Users\Claudia\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll () MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll () MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (WinRing0_1_2_0) -- C:\Programme\BatteryCare\WinRing0.sys (OpenLibSys.org) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 F0 35 F6 81 47 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{BD0B1D9C-70AE-47D3-B7D6-3E63A4581434}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VL^DE&apn_uid=3ef42da2-5e2f-4b19-a83a-754a7296b47b&apn_sauid=0EC8C0B0-AA78-4FF5-8594-CB51A73B9525 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.05 17:47:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.05 17:47:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 08:59:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 08:58:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.01.25 20:43:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 08:59:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 08:58:55 | 000,000,000 | ---D | M] [2012.10.29 08:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.29 08:58:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.29 08:58:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.29 08:58:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.29 08:59:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.24 06:57:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 16:50:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.24 06:57:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 06:57:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 06:57:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 06:57:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKCU..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized File not found O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5F52C0F-CE2E-4315-B912-59A9F6199EA3}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CA79FD-C0A1-43E1-8575-5D9CF68BB0B9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB0A9383-4C84-4324-95B0-9D9B6E851D82}: NameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\Shell - "" = AutoRun O33 - MountPoints2\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\Shell - "" = AutoRun O33 - MountPoints2\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\Shell - "" = AutoRun O33 - MountPoints2\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.01 17:17:14 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Problem_Savings Sidekick [2012.11.01 16:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE [2012.11.01 14:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.01 11:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.01 11:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.01 11:26:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.01 11:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.29 08:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.19 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.10.19 22:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.19 22:15:09 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.10.19 22:14:06 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.19 22:14:06 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.19 22:14:06 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.17 07:59:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.17 07:59:43 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.17 07:59:43 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.17 07:59:43 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.17 07:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.12 08:26:58 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Kalender-Excel-8.8.1 [2012.10.12 08:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalender-Excel-8.8.1 [2012.10.10 08:38:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 08:38:34 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 08:38:34 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 08:38:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 08:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 08:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 08:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 08:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 08:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 08:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 08:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 08:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 08:38:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 08:38:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 08:38:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 08:38:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 08:38:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 08:38:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 08:38:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 08:37:48 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 08:37:48 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.09.26 07:53:38 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012.09.22 10:17:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.22 10:17:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.22 10:17:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.22 10:17:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.22 10:17:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.22 10:17:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.22 10:17:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.12 21:14:15 | 000,000,000 | -HSD | C] -- C:\found.002 [2012.09.12 11:43:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2012.09.12 11:42:55 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.09.12 11:42:55 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.09.12 11:42:54 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.08.15 07:14:01 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.15 07:13:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.08.08 11:40:29 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2012.08.08 11:40:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.08.08 11:39:36 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2012.08.03 20:38:55 | 000,023,976 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\vpnva.sys [2012.07.30 19:13:17 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.06.13 10:30:42 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.06.13 10:30:42 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.06.13 10:30:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.06.07 16:24:23 | 000,087,976 | R--- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\acsock.sys [2012.05.10 10:11:24 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 09:50:51 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.01.25 18:26:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2012.01.15 18:57:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.15 18:57:26 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.15 18:57:26 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2011.11.20 23:58:35 | 000,000,000 | -HSD | C] -- C:\found.001 [2011.10.13 22:16:57 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.10.13 22:16:57 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.10.01 08:30:42 | 000,019,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Sftvollh.sys [2011.10.01 08:30:40 | 000,021,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Sftredirlh.sys [2011.10.01 08:30:38 | 000,194,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Sftplaylh.sys [2011.10.01 08:30:36 | 001,075,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sftldr.dll [2011.10.01 08:30:36 | 000,579,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Sftfslh.sys [2011.08.11 08:21:50 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll [2011.08.11 08:21:50 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll [2011.08.11 08:21:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll [2011.08.11 08:21:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll [2011.08.11 08:21:49 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll [2011.06.29 07:43:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.06.29 07:43:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011.06.29 07:43:11 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.06.29 07:43:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.06.29 07:43:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011.06.15 15:53:57 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.06.11 00:58:52 | 004,422,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100u.dll [2011.06.11 00:58:52 | 004,397,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100.dll [2011.06.11 00:58:52 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll [2011.06.11 00:58:52 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll [2011.06.11 00:58:52 | 000,138,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl100.dll [2011.06.11 00:58:52 | 000,081,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcm100u.dll [2011.06.11 00:58:52 | 000,081,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcm100.dll [2011.06.11 00:58:52 | 000,064,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100fra.dll [2011.06.11 00:58:52 | 000,064,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100deu.dll [2011.06.11 00:58:52 | 000,063,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100esn.dll [2011.06.11 00:58:52 | 000,062,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100ita.dll [2011.06.11 00:58:52 | 000,060,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100rus.dll [2011.06.11 00:58:52 | 000,055,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100enu.dll [2011.06.11 00:58:52 | 000,043,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100jpn.dll [2011.06.11 00:58:52 | 000,043,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100kor.dll [2011.06.11 00:58:52 | 000,036,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100cht.dll [2011.06.11 00:58:52 | 000,036,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100chs.dll [2011.06.01 23:13:08 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.04.13 11:22:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 11:22:40 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 11:22:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 11:21:40 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.13 11:21:33 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 11:21:32 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.02.03 19:09:03 | 000,585,728 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQ2413L.DLL [2011.02.03 19:09:03 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNQ2413O.DLL [2011.02.03 19:09:03 | 000,098,304 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQ2413I.DLL [2011.02.03 19:09:02 | 001,335,296 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQ2413C.DLL [2011.01.31 22:57:05 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.01.31 22:57:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.01.31 21:10:55 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011.01.31 09:14:18 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2011.01.31 09:14:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2011.01.31 09:14:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2011.01.28 09:11:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2011.01.28 09:10:53 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2011.01.28 09:10:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2011.01.20 09:58:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011.01.20 09:58:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.01.20 09:50:53 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2011.01.20 09:50:48 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.20 09:50:48 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.01.20 09:50:47 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.01.20 09:50:43 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.01.20 09:50:41 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.01.20 09:50:41 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.01.20 09:50:40 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.01.20 09:50:37 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll [2011.01.20 09:50:36 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.01.20 09:50:35 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2011.01.20 09:50:34 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2011.01.20 09:50:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.01.20 09:50:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.01.20 09:50:29 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll [2011.01.20 09:50:27 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll [2011.01.20 09:50:24 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011.01.20 09:50:22 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll [2011.01.20 09:50:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe [2011.01.20 09:50:18 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe [2011.01.20 09:50:18 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe [2011.01.20 09:50:16 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll [2011.01.20 09:50:15 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll [2011.01.20 09:50:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll [2011.01.20 09:50:11 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll [2011.01.20 09:50:10 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.01.20 09:50:08 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll [2011.01.20 09:50:06 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll [2011.01.20 09:50:06 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll [2011.01.20 09:50:06 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.01.20 09:50:05 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll [2011.01.20 09:50:05 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011.01.20 09:50:04 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2011.01.20 09:50:04 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll [2011.01.20 09:50:04 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2011.01.20 09:50:03 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe [2011.01.20 09:50:02 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll [2011.01.20 09:50:02 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.20 09:50:01 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll [2011.01.20 09:50:00 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe [2011.01.20 09:49:58 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll [2011.01.20 09:49:58 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll [2011.01.20 09:49:58 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll [2011.01.20 09:49:56 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll [2011.01.20 09:49:56 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll [2011.01.20 09:49:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe [2011.01.20 09:49:56 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2011.01.20 09:49:53 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2011.01.20 09:49:53 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.01.20 09:49:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.01.20 09:49:53 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll [2011.01.20 09:49:52 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll [2011.01.20 09:49:51 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe [2011.01.20 09:49:50 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll [2011.01.20 09:49:49 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe [2011.01.20 09:49:49 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll [2011.01.20 09:49:47 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll [2011.01.20 09:49:46 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll [2011.01.20 09:49:45 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2011.01.20 09:49:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe [2011.01.20 09:49:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll [2011.01.20 09:49:44 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2011.01.20 09:49:44 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys [2011.01.20 09:49:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe [2011.01.20 09:49:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll [2011.01.20 09:49:42 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll [2011.01.20 09:49:42 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL [2011.01.20 09:49:42 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2011.01.20 09:49:41 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.01.20 09:49:40 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll [2011.01.20 09:49:40 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll [2011.01.20 09:49:40 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll [2011.01.20 09:49:39 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll [2011.01.20 09:49:39 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll [2011.01.20 09:49:38 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll [2011.01.20 09:49:37 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2011.01.20 09:49:37 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll [2011.01.20 09:49:36 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL [2011.01.20 09:49:35 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll [2011.01.20 09:49:35 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll [2011.01.20 09:49:35 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2011.01.20 09:49:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe [2011.01.20 09:49:34 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.01.20 09:49:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll [2011.01.20 09:49:32 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe [2011.01.20 09:49:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll [2011.01.20 09:49:31 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll [2011.01.20 09:49:31 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe [2011.01.20 09:49:31 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2011.01.20 09:49:31 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2011.01.20 09:49:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe [2011.01.20 09:49:30 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe [2011.01.20 09:49:30 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll [2011.01.20 09:49:30 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe [2011.01.20 09:49:30 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2011.01.20 09:49:30 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll [2011.01.20 09:49:30 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll [2011.01.20 09:49:30 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2011.01.20 09:49:29 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll [2011.01.20 09:49:29 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2011.01.20 09:49:29 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll [2011.01.20 09:49:29 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll [2011.01.20 09:49:29 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2011.01.20 09:49:29 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys [2011.01.20 09:49:28 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll [2011.01.20 09:49:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2011.01.20 09:49:28 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.01.20 09:49:27 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll [2011.01.20 09:49:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011.01.20 09:49:27 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL [2011.01.20 09:49:27 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll [2011.01.20 09:49:24 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.20 09:49:24 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2011.01.20 09:49:24 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll [2011.01.20 09:49:23 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe [2011.01.20 09:49:22 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll [2011.01.20 09:49:22 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll [2011.01.20 09:49:21 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2011.01.20 09:49:21 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll [2011.01.20 09:49:20 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll [2011.01.20 09:49:20 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll [2011.01.20 09:49:19 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe [2011.01.20 09:49:19 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys [2011.01.20 09:49:19 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll [2011.01.20 09:49:19 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys [2011.01.20 09:49:19 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys [2011.01.20 09:49:18 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll [2011.01.20 09:49:18 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll [2011.01.20 09:49:18 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll [2011.01.20 09:49:18 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe [2011.01.20 09:49:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll [2011.01.20 09:49:18 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll [2011.01.20 09:49:18 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys [2011.01.20 09:49:17 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll [2011.01.20 09:49:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2011.01.20 09:49:16 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr [2011.01.20 09:49:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll [2011.01.20 09:49:15 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll [2011.01.20 09:49:14 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll [2011.01.20 09:49:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll [2011.01.20 09:49:14 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll [2011.01.20 09:49:14 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.01.20 09:49:13 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll [2011.01.20 09:49:13 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2011.01.20 09:49:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll [2011.01.20 09:49:13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll [2011.01.20 09:49:13 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll [2011.01.20 09:49:12 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll [2011.01.20 09:49:12 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe [2011.01.20 09:49:12 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe [2011.01.20 09:49:12 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll [2011.01.20 09:49:11 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll [2011.01.20 09:49:11 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll [2011.01.20 09:49:11 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll [2011.01.20 09:49:11 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2011.01.20 09:49:11 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll [2011.01.20 09:49:10 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll [2011.01.20 09:49:10 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl [2011.01.20 09:49:10 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL [2011.01.20 09:49:10 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll [2011.01.20 09:49:10 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll [2011.01.20 09:49:09 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll [2011.01.20 09:49:09 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2011.01.20 09:49:09 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll [2011.01.20 09:49:08 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll [2011.01.20 09:49:08 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll [2011.01.20 09:49:08 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll [2011.01.20 09:49:08 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2011.01.20 09:49:08 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll [2011.01.20 09:49:07 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe [2011.01.20 09:49:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll [2011.01.20 09:49:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll [2011.01.20 09:49:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll [2011.01.20 09:49:07 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll [2011.01.20 09:49:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2011.01.20 09:49:06 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl [2011.01.20 09:49:06 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll [2011.01.20 09:49:06 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl [2011.01.20 09:49:06 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll [2011.01.20 09:49:06 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll [2011.01.20 09:49:06 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll [2011.01.20 09:49:06 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe [2011.01.20 09:49:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll [2011.01.20 09:49:05 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll [2011.01.20 09:49:05 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll [2011.01.20 09:49:05 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll [2011.01.20 09:49:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll [2011.01.20 09:49:04 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll [2011.01.20 09:49:04 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe [2011.01.20 09:49:04 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe [2011.01.20 09:49:04 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll [2011.01.20 09:49:03 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll [2011.01.20 09:49:02 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2011.01.20 09:49:02 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll [2011.01.20 09:49:02 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll [2011.01.20 09:49:02 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe [2011.01.20 09:49:02 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2011.01.20 09:49:02 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe [2011.01.20 09:49:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll [2011.01.20 09:49:02 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe [2011.01.20 09:49:01 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax [2011.01.20 09:49:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll [2011.01.20 09:49:01 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL [2011.01.20 09:49:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll [2011.01.20 09:49:01 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll [2011.01.20 09:49:00 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll [2011.01.20 09:49:00 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll [2011.01.20 09:49:00 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll [2011.01.20 09:49:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe [2011.01.20 09:49:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.01.20 09:48:59 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe [2011.01.20 09:48:59 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll [2011.01.20 09:48:59 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe [2011.01.20 09:48:58 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll [2011.01.20 09:48:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll [2011.01.20 09:48:57 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll [2011.01.20 09:48:57 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe [2011.01.20 09:48:56 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr [2011.01.20 09:48:56 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll [2011.01.20 09:48:56 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe [2011.01.20 09:48:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2011.01.20 09:48:55 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll [2011.01.20 09:48:55 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe [2011.01.20 09:48:55 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.01.20 09:48:54 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2011.01.20 09:48:54 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe [2011.01.20 09:48:53 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2011.01.20 09:48:53 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe [2011.01.20 09:48:53 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll [2011.01.20 09:48:52 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2011.01.20 09:48:52 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll [2011.01.20 09:48:51 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL [2011.01.20 09:48:50 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll [2011.01.20 09:48:49 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll [2011.01.20 09:48:49 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe [2011.01.20 09:48:49 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll [2011.01.20 09:48:49 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe [2011.01.20 09:48:48 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.01.20 09:48:48 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2011.01.20 09:48:47 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll [2011.01.20 09:48:47 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll [2011.01.20 09:48:47 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2011.01.20 09:48:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll [2011.01.20 09:48:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe [2011.01.20 09:48:46 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 09:48:46 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr [2011.01.20 09:48:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll [2011.01.20 09:48:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe [2011.01.20 09:48:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll [2011.01.20 09:48:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll [2011.01.20 09:48:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll [2011.01.20 09:48:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll [2011.01.20 09:48:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr [2011.01.20 09:48:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll [2011.01.20 09:48:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl [2011.01.20 09:48:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe [2011.01.20 09:48:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL [2011.01.20 09:48:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax [2011.01.20 09:48:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe [2011.01.20 09:48:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll [2011.01.20 09:48:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe [2011.01.20 09:48:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll [2011.01.20 09:48:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe [2011.01.20 09:48:44 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr [2011.01.20 09:48:44 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll [2011.01.20 09:48:44 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll [2011.01.20 09:48:44 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll [2011.01.20 09:48:44 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll [2011.01.20 09:48:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll [2011.01.20 09:48:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll [2011.01.20 09:48:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011.01.20 09:48:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll [2011.01.20 09:48:43 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax [2011.01.20 09:48:42 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll [2011.01.20 09:48:42 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2011.01.20 09:48:42 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll [2011.01.20 09:48:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll [2011.01.20 09:48:42 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe [2011.01.20 09:48:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL [2011.01.20 09:48:42 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll [2011.01.20 09:48:41 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe [2011.01.20 09:48:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe [2011.01.20 09:48:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll [2011.01.20 09:48:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe [2011.01.20 09:48:40 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll [2011.01.20 09:48:40 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2011.01.20 09:48:40 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll [2011.01.20 09:48:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll [2011.01.20 09:48:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll [2011.01.20 09:48:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe [2011.01.20 09:48:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe [2011.01.20 09:48:40 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe [2011.01.20 09:48:39 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe [2011.01.20 09:48:39 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl [2011.01.20 09:48:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll [2011.01.20 09:48:39 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe [2011.01.20 09:48:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll [2011.01.20 09:48:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2011.01.20 09:48:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe [2011.01.20 09:48:38 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll [2011.01.20 09:48:38 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe [2011.01.20 09:48:38 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe [2011.01.20 09:48:37 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME [2011.01.20 09:48:37 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll [2011.01.20 09:48:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.01.20 09:48:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.01.20 09:48:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll [2011.01.20 09:48:37 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe [2011.01.20 09:48:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll [2011.01.20 09:48:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax [2011.01.20 09:48:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll [2011.01.20 09:48:36 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll [2011.01.20 09:48:36 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.01.20 09:48:36 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll [2011.01.20 09:48:36 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe [2011.01.20 09:48:36 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe [2011.01.20 09:48:36 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe [2011.01.20 09:48:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe [2011.01.20 09:48:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe [2011.01.20 09:48:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe [2011.01.20 09:48:35 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.01.20 09:48:35 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll [2011.01.20 09:48:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe [2011.01.20 09:48:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe [2011.01.20 09:48:34 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll [2011.01.20 09:48:34 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.01.20 09:48:34 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.01.20 09:48:34 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys [2011.01.20 09:48:34 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll [2011.01.20 09:48:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll [2011.01.20 09:48:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe [2011.01.20 09:48:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe [2011.01.20 09:48:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll [2011.01.20 09:48:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys [2011.01.20 09:48:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2011.01.20 09:48:33 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll [2011.01.20 09:48:32 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll [2011.01.20 09:48:32 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax [2011.01.20 09:48:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll [2011.01.20 09:48:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll [2011.01.20 09:48:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe [2011.01.20 09:48:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe [2011.01.20 09:48:32 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe [2011.01.20 09:48:31 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll [2011.01.20 09:48:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll [2011.01.20 09:48:30 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll [2011.01.20 09:48:30 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll [2011.01.20 09:48:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll [2011.01.20 09:48:29 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll [2011.01.20 09:48:29 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll [2011.01.20 09:48:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll [2011.01.20 09:48:28 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll [2011.01.20 09:48:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll [2011.01.20 09:48:27 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime [2011.01.20 09:48:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll [2011.01.20 09:48:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll [2011.01.20 09:48:26 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll [2011.01.20 09:48:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys [2011.01.20 09:48:23 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys [2011.01.20 09:48:23 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys [2011.01.20 09:48:22 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll [2011.01.20 09:48:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2011.01.20 09:48:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll [2011.01.20 09:48:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL [2011.01.20 09:48:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll [2011.01.20 09:48:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2011.01.20 09:48:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2011.01.20 09:48:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL [2011.01.20 09:48:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL [2011.01.20 09:48:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL [2011.01.20 09:48:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL [2011.01.20 09:48:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL [2011.01.20 09:48:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll [2011.01.20 09:48:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL [2011.01.20 09:48:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL [2011.01.20 09:48:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL [2011.01.20 09:48:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL [2011.01.20 09:48:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL [2011.01.20 09:48:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL [2011.01.20 09:48:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL [2011.01.20 09:48:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL [2011.01.20 09:48:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL [2011.01.20 09:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL [2011.01.20 09:48:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys [2011.01.20 09:48:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL [2011.01.20 09:48:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll [2011.01.20 09:48:17 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll [2011.01.20 09:48:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll [2011.01.20 09:48:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll [2011.01.20 09:48:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll [2011.01.20 09:47:38 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll [2011.01.20 09:47:34 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe [2011.01.20 09:46:46 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll [2011.01.20 09:46:46 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll [2011.01.16 01:37:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.13 15:43:21 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2011.01.13 15:42:43 | 000,197,632 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM79.DLL [2011.01.13 10:03:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.01.13 10:01:47 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011.01.13 10:01:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.12 19:25:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.12 19:20:09 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.01.12 19:20:09 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.01.12 19:20:09 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.01.12 19:20:09 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.01.12 19:20:09 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.01.12 19:20:09 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.01.12 19:20:09 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.01.12 19:20:09 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.01.12 19:20:09 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.01.12 19:20:09 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.01.12 19:20:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.01.12 19:20:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.01.12 19:20:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.01.12 19:20:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.01.12 19:20:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.01.12 19:20:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.01.12 19:20:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.01.12 19:20:09 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.01.12 19:20:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.01.12 19:20:08 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.01.12 19:20:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.01.12 19:20:08 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.01.12 19:20:08 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.01.12 19:20:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.01.12 19:20:08 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.01.12 19:20:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.01.12 19:20:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.01.12 19:20:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.01.12 08:57:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.01.11 17:20:44 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2011.01.11 17:20:43 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2011.01.09 12:48:37 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.09 12:48:36 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2011.01.09 12:48:35 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.01.09 12:48:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.02 08:29:33 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 08:29:33 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 08:21:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.02 08:21:01 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2012.11.01 17:58:21 | 000,658,824 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.01 17:58:21 | 000,620,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.01 17:58:21 | 000,134,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.01 17:58:21 | 000,109,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.01 16:24:39 | 000,540,977 | ---- | M] () -- C:\Users\Claudia\Desktop\adwcleaner.exe [2012.11.01 14:56:05 | 000,538,941 | ---- | M] () -- C:\Users\Claudia\Desktop\AdwCleaner2005.exe [2012.11.01 14:37:51 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.30 14:06:06 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.19 22:21:39 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.10.19 22:13:13 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.19 22:13:07 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.10.19 22:13:07 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.19 22:13:06 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.10.19 22:13:06 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.09 16:13:08 | 000,234,777 | ---- | M] () -- C:\Users\Claudia\Desktop\kündigungsvormerkung.pdf [2012.10.03 17:04:24 | 001,088,454 | ---- | M] () -- C:\Users\Claudia\Desktop\IMG_0001.tif [1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.01 16:24:38 | 000,540,977 | ---- | C] () -- C:\Users\Claudia\Desktop\adwcleaner.exe [2012.11.01 14:56:02 | 000,538,941 | ---- | C] () -- C:\Users\Claudia\Desktop\AdwCleaner2005.exe [2012.10.19 22:21:39 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.10.19 22:21:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.10.17 08:02:12 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.09 16:13:04 | 000,234,777 | ---- | C] () -- C:\Users\Claudia\Desktop\kündigungsvormerkung.pdf [2012.10.03 17:04:33 | 001,088,454 | ---- | C] () -- C:\Users\Claudia\Desktop\IMG_0001.tif [2012.02.18 15:25:40 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2012.02.18 15:25:40 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz [2012.02.18 15:25:40 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2012.02.18 15:25:40 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\servdat.slm [2011.06.15 11:19:48 | 000,007,605 | ---- | C] () -- C:\Users\Claudia\AppData\Local\Resmon.ResmonCfg [2011.04.20 16:29:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.25 14:06:57 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.01.25 14:06:57 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2011.01.25 14:06:57 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.01.25 14:06:57 | 000,000,000 | RHS- | C] () -- \IO.SYS [2011.01.20 09:57:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf [2011.01.20 09:57:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf [2011.01.20 09:48:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.20 09:48:30 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml [2011.01.20 09:48:16 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml [2011.01.12 19:29:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2011.01.12 19:20:09 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.08.29 15:06:02 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2010.08.29 15:06:00 | 000,383,786 | RHS- | C] () -- \bootmgr [2010.08.29 14:07:03 | 1603,084,288 | -HS- | C] () -- \hiberfil.sys [2009.07.14 09:47:43 | 000,658,824 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,134,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:33:53 | 000,295,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,620,060 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,109,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 03:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009.07.14 03:04:04 | 000,000,010 | ---- | C] () -- \config.sys [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== < End of report > OTL-Extras Log folgt |
|
02.11.2012, 10:43
| #4 |
| | Hilfe! Savings Sidekick entfernen..aber wie? OTL-Extras: Code:
ATTFilter OTL Extras logfile created on: 31.01.2011 10:02:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claudia\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 49,17% Memory free
3,98 Gb Paging File | 2,82 Gb Available in Paging File | 70,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,55 Gb Total Space | 15,36 Gb Free Space | 22,09% Space Free | Partition Type: NTFS
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34BBD741-06BA-444D-934F-7BD5B3550A8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D413CB3-48EC-4D8D-A2B7-58E265A1EA9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{53C732EB-0170-4106-9884-8CA1C16736C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{601C4CB1-F9ED-457A-82DF-F7ECDC506EF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{668AA7D3-52A6-4BE9-A1FE-96D6961C068E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DEAE8B8-67B6-439C-900E-55221BD1CA49}" = lport=10243 | protocol=6 | dir=in | app=system |
"{740C258B-09E7-458C-8315-1A74267BD95B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{783185EF-1820-46BB-A774-14B9FD40DD14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B1F09F5-89C7-4FE3-BF67-EE37FE625C79}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EF03231-4F69-409B-AD15-C9763D0158DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84328B37-4591-46C7-8309-FD5530CCA442}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B367F80-1380-4007-A702-15B22220E639}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A98D731-B0C4-4943-B544-5529EDDC88E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A3AFC302-33EA-49CC-A0D5-D20284918BC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B277DE9C-514E-40E8-8B64-07EDB389C801}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D458D4D8-760B-4AB8-A5C3-78CB37EAFA6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF94B02E-4EF9-4F93-AB40-E866E5925A09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E57D6730-2BE9-4B4F-9C0F-1FB3DE04395A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1BCC4AE-360E-43D4-8723-80E63BA2CCF7}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6AB8287-C859-46D9-A88B-C97B115BB57D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBD97EC6-BF26-4FAE-952D-4E8C56AC5400}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCF94EC4-CDCF-4DCD-88E3-94051F28BFDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEAD9307-20E7-49F7-A690-064FCA9FB165}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023CD076-3BFE-4917-9344-F6AA3D4F2BF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25A36ABE-F864-49EB-9FCA-1500A97173AD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{312EC1DF-629F-4B87-B33F-754CB7755A7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{325ADF8C-0B67-4569-81D7-DE82CD8B5DF2}" = protocol=6 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"{4733EFD5-8F0B-40E9-B6EE-78F0AB688649}" = protocol=6 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
"{512EEA69-A77B-4BED-98A4-3A7142BDA6A7}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"{53C113F1-051C-461B-80F2-27827469D409}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{665263D7-DCDF-4408-AD70-CC9217F7D4AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EC5AF86-548D-49A2-A6A0-666B2FA4BAE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7ADD3216-4745-4F52-AE46-31B177729BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85072F2B-7FDE-48BD-9F15-ABA5F3725640}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{86642B3B-5469-4ED4-B0CB-9694DA74AF2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{89E77322-25C0-4EF5-BEDF-FF524C97C9C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FBAE4BB-939B-4812-B245-C179355A0BED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90B1B361-B6AB-4C6F-A9D9-3D2F82F0190F}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"{AC7888EA-465B-4D94-A812-4A6D939AC316}" = protocol=6 | dir=out | app=system |
"{AC80312C-B195-4221-BEDE-1DED9A2ED306}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BABC7D4B-47EB-4C36-A49A-C7A4673CF50C}" = protocol=17 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"{BF885D66-ED83-49D2-845E-43ED2122A372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C5C83AB5-B65C-4693-9F17-D54A45BAA2AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1BA6A6A-B6DB-415B-8B2B-C911586A609B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D58318AF-51D5-4AB6-A279-0ABF1ECD0FC7}" = protocol=17 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
"{E3426AB9-476B-4160-AAA1-132F3F740AEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4452B7D-F4FA-4434-8FCF-2D68E85162F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EF89D727-A506-4898-89AE-051F9C14D7E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{03949771-DD8A-4838-A4CA-73897DBE23CA}C:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5AC46380-D7E8-4837-911C-098117C45AEF}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{B00ABACE-9F62-4D88-B7CA-40993FB99DBB}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"TCP Query User{BBDAAB76-EBD2-4023-9896-9DD9B96A4273}C:\program files\freecall.com\freecall\freecall.exe" = protocol=6 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
"UDP Query User{0D289ECF-7C04-41D8-A036-1887A1F9943D}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"UDP Query User{20B4E91A-45AC-4E72-B1FC-7E36AF614641}C:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D9FC6E9C-9120-4248-A22C-E49B9A74DAA2}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{E8872360-EEEB-423E-B209-CDB8A3951B89}C:\program files\freecall.com\freecall\freecall.exe" = protocol=17 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5200" = Canon iP5200
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6084D645-2101-926A-3DFF-26C1729089C6}" = Balsamiq Mockups For Desktop
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.8.5
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.70
"Avira AntiVir Desktop" = Avira Free Antivirus
"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
"BitZipper_is1" = BitZipper 2010
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Setup.divx.com" = DivX-Setup
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"Free Studio_is1" = Free Studio version 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Kalender-Excel-8.8.1_is1" = Kalender-Excel-8.8.1
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nokia PC Suite" = Nokia PC Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.11.2109" = Opera 11.11
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.4
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.12.2011 16:59:58 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
Zeitstempel: 0x4eb4a91a Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
Zeitstempel: 0x4e5d6c64 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001b8cf ID des fehlerhaften
Prozesses: 0x25c Startzeit der fehlerhaften Anwendung: 0x01ccbf5a50bc0b2e Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
92a83414-2b4d-11e1-b397-0016d32b2ec3
Error - 20.12.2011 17:00:10 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
Zeitstempel: 0x4eb4a91a Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
Zeitstempel: 0x4e5d6c64 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00001478 ID des fehlerhaften
Prozesses: 0xf10 Startzeit der fehlerhaften Anwendung: 0x01ccbf5a57425dc3 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
9a46d894-2b4d-11e1-b397-0016d32b2ec3
Error - 20.12.2011 17:00:24 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
Zeitstempel: 0x4eb4a91a Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
Zeitstempel: 0x4e5d6c64 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0001e38f ID des fehlerhaften
Prozesses: 0x134 Startzeit der fehlerhaften Anwendung: 0x01ccbf5a5f05efee Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
a2599d57-2b4d-11e1-b397-0016d32b2ec3
Error - 31.01.2011 04:58:17 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.01.2011 04:58:36 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00746e65 ID des fehlerhaften
Prozesses: 0x8a8 Startzeit der fehlerhaften Anwendung: 0x01cbc124fa7bceb0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 494bde78-2d18-11e0-aef0-0016d32b2ec3
Error - 31.01.2011 04:58:38 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.01.2011 05:01:38 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.12.2011 05:34:27 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 21.12.2011 05:35:36 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.12.2011 05:37:02 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 02.11.2012 03:26:15 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 02.11.2012 03:26:15 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 02.11.2012 03:26:15 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
Error - 02.11.2012 03:26:20 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION
Error - 02.11.2012 03:26:20 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
Error - 02.11.2012 03:31:15 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION
Error - 02.11.2012 03:31:15 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
Error - 31.01.2011 04:47:31 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertificate::verifyChainPolicy File: .\Certificates\CapiCertificate.cpp
Line:
2372 Invoked Function: CertVerifyCertificateChainPolicy Return Code: -2146762495
(0x800B0101) Description: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error - 31.01.2011 04:47:31 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertificate::verifyChainPolicy File: .\Certificates\CapiCertificate.cpp
Line:
2372 Invoked Function: CertVerifyCertificateChainPolicy Return Code: -2146762495
(0x800B0101) Description: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error - 31.01.2011 04:47:31 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1218 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391704
(0xFE210028) Description: CERTIFICATE_ERROR_VERIFY_SERVERCERT_FAILED_ASKUSER:Server
certificate verification failed, and the error was an askuser error server name:
vpn.uni-bremen.de
[ System Events ]
Error - 19.10.2012 11:28:05 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
ServiceLayer erreicht.
Error - 19.10.2012 11:28:05 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ServiceLayer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 19.10.2012 11:28:05 | Computer Name = Claudia-PC | Source = DCOM | ID = 10005
Description =
Error - 26.10.2012 02:49:17 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Software Protection erreicht.
Error - 26.10.2012 02:49:17 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.10.2012 05:38:26 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 30.10.2012 15:14:36 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
ServiceLayer erreicht.
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ServiceLayer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = DCOM | ID = 10005
Description =
< End of report >
Gruß Claudi |
|
02.11.2012, 18:10
| #5 | |||
| /// Helfer-Team | Hilfe! Savings Sidekick entfernen..aber wie? Systembereinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Zitat:
► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 2. Deinstalliere unter Systemsteuerung-> Software/Programme: Code:
ATTFilter Mein Gutscheincode Finder
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BD0B1D9C-70AE-47D3-B7D6-3E63A4581434}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VL^DE&apn_uid=3ef42da2-5e2f-4b19-a83a-754a7296b47b&apn_sauid=0EC8C0B0-AA78-4FF5-8594-CB51A73B9525
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\Shell - "" = AutoRun
O33 - MountPoints2\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\Shell - "" = AutoRun
O33 - MountPoints2\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\Shell - "" = AutoRun
O33 - MountPoints2\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
4. stammt von Dir?: C:\Users\Claudia\Desktop\Problem_Savings Sidekick 5. Java-Version prüfen ggf aktualisieren:-> klick hier! Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. -> Warum sollte ich ältere Java-Versionen aus dem System entfernen? 6. Aktualisieren: Code:
ATTFilter OpenOffice.org
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 8. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
9. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
10. adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
11. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (02.11.2012 um 18:52 Uhr) |
|
03.11.2012, 21:20
| #6 |
| | Hilfe! Savings Sidekick entfernen..aber wie? Ich habe jetzt alles erledigt. zu Punkt 3 - "Fixen mit OTL" Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BD0B1D9C-70AE-47D3-B7D6-3E63A4581434}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD0B1D9C-70AE-47D3-B7D6-3E63A4581434}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8eb6e324-e521-11df-91b8-0016d32b2ec3}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8eb6e336-e521-11df-91b8-0016d32b2ec3}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab084e6f-e77e-11df-987b-0016d32b2ec3}\ not found.
File E:\AutoRun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Claudia\Desktop\cmd.bat deleted successfully.
C:\Users\Claudia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Claudia
->Temp folder emptied: 14333346 bytes
->Temporary Internet Files folder emptied: 95304537 bytes
->Java cache emptied: 4052764 bytes
->FireFox cache emptied: 649451259 bytes
->Opera cache emptied: 33870211 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17819273 bytes
RecycleBin emptied: 2134597198 bytes
Total Files Cleaned = 2.813,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11022012_185302
Files\Folders moved on Reboot...
File\Folder C:\Users\Claudia\AppData\Local\Temp\OICE_E8D2DBFE-0C1B-497E-A203-0A35F00BE791.0\E57B4368. not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
zu 9 - ESET Log Code:
ATTFilter C:\Users\Claudia\Downloads\SoftonicDownloader_fuer_freecall.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\Claudia\Downloads\SoftonicDownloader_fuer_jahreskalender-2012-fur-excel.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
F:\August 2010\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
Code:
ATTFilter # AdwCleaner v2.006 - Datei am 03/11/2012 um 20:32:09 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Claudia - CLAUDIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Claudia\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\024fe1h6.default\prefs.js
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1351783908);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.active", true);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.addressbar", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1351783908");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1351783908");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Fri Nov 02 2012 19:[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Thu Nov 08 2012 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22DE%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1351879581");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2245990%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1351783980261");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221265%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%22100886%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1351783960354");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.domain", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.group", 0);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.homepage", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.iframe", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Sat Nov 03[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.newtab", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.opensearch", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.thankyou", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.ver", 37);
Gelöscht : user_pref("extensions.crossriderapp5060.apps", "5060");
Gelöscht : user_pref("extensions.crossriderapp5060.bic", "12ddb2fdefbe4dec5ef9394f340780a7");
Gelöscht : user_pref("extensions.crossriderapp5060.cid", 5060);
Gelöscht : user_pref("extensions.crossriderapp5060.firstrun", false);
Gelöscht : user_pref("extensions.crossriderapp5060.hadappinstalled", true);
Gelöscht : user_pref("extensions.crossriderapp5060.installationdate", 1351783908);
Gelöscht : user_pref("extensions.crossriderapp5060.lastcheck", 22531326);
Gelöscht : user_pref("extensions.crossriderapp5060.lastcheckitem", 22531358);
Gelöscht : user_pref("extensions.crossriderapp5060.modetype", "production");
Gelöscht : user_pref("extensions.crossriderapp5060.reportInstall", true);
Gelöscht : user_pref("extensions.crossriderapp5060@crossrider.com.install-event-fired", true);
Gelöscht : user_pref("extensions.enabledAddons", "crossriderapp5060@crossrider.com:0.85.36,netvideohunter@netvi[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v11.11.2109.0
Datei : C:\Users\Claudia\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [41477 octets] - [01/11/2012 14:57:10]
AdwCleaner[R1].txt - [12659 octets] - [01/11/2012 15:04:31]
AdwCleaner[S2].txt - [12593 octets] - [01/11/2012 15:09:38]
AdwCleaner[S3].txt - [12677 octets] - [01/11/2012 16:27:35]
AdwCleaner[R2].txt - [12781 octets] - [01/11/2012 17:19:41]
AdwCleaner[S4].txt - [12933 octets] - [03/11/2012 20:32:09]
########## EOF - C:\AdwCleaner[S4].txt - [12994 octets] ##########
zu 11 - OTL Logs OTL Text Log Code:
ATTFilter OTL logfile created on: 03.11.2012 20:37:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claudia\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,04% Memory free 3,98 Gb Paging File | 2,92 Gb Available in Paging File | 73,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,55 Gb Total Space | 19,28 Gb Free Space | 27,72% Space Free | Partition Type: NTFS Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.30 14:06:05 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 14:05:49 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.10.30 14:05:46 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 14:05:46 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.03 20:52:33 | 000,685,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.06.26 12:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.06.11 10:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.06.11 10:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.31 09:57:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2012.08.03 20:53:25 | 000,062,968 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll MOD - [2012.06.26 12:11:10 | 000,345,688 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2012.06.26 12:11:08 | 000,282,200 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2012.06.26 12:11:02 | 008,197,208 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2012.06.26 12:11:00 | 002,302,040 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2012.06.26 12:10:58 | 000,202,328 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2012.06.26 12:10:58 | 000,027,736 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.10.30 14:06:05 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 14:05:49 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.10.30 14:05:46 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.29 08:59:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - [2012.10.30 14:06:06 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.03 20:38:55 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012.08.03 20:38:05 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock) DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.12.07 19:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.07.26 21:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Programme\BatteryCare\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 F0 35 F6 81 47 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.05 17:47:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.05 17:47:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 08:59:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 08:58:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 08:59:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 08:58:55 | 000,000,000 | ---D | M] [2012.11.02 19:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.29 08:58:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.29 08:58:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.29 08:59:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.24 06:57:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 16:50:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.24 06:57:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 06:57:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 06:57:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 06:57:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5F52C0F-CE2E-4315-B912-59A9F6199EA3}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CA79FD-C0A1-43E1-8575-5D9CF68BB0B9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB0A9383-4C84-4324-95B0-9D9B6E851D82}: NameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.02 19:32:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.11.02 19:27:06 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2012.11.02 19:16:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.11.02 19:13:55 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.02 19:13:38 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.02 19:13:38 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.02 19:13:38 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.02 18:53:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.02 18:53:02 | 000,000,000 | ---D | C] -- \_OTL [2012.11.02 10:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.02 10:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.01 16:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE [2012.11.01 14:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.01 11:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.01 11:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.01 11:26:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.01 11:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.29 08:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.19 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.10.19 22:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.17 07:59:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.17 07:59:43 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.17 07:59:43 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.17 07:59:43 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.17 07:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.12 08:26:58 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Kalender-Excel-8.8.1 [2012.10.12 08:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalender-Excel-8.8.1 [2012.10.10 08:38:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 08:38:34 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 08:38:34 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 08:38:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 08:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 08:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 08:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 08:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 08:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 08:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 08:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 08:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 08:38:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 08:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 08:38:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 08:38:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 08:38:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 08:38:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 08:38:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 08:38:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 08:37:48 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 08:37:48 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 20:41:24 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 20:41:24 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 20:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 20:33:24 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2012.11.02 23:45:21 | 000,658,824 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.02 23:45:21 | 000,620,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.02 23:45:21 | 000,134,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.02 23:45:21 | 000,109,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.02 22:43:57 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012.11.02 19:43:50 | 000,300,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.02 19:32:25 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.11.02 19:13:03 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.02 19:12:55 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.02 19:12:55 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.02 19:12:54 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2012.11.02 19:12:54 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.02 19:12:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.02 10:27:27 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.01 16:24:39 | 000,540,977 | ---- | M] () -- C:\Users\Claudia\Desktop\adwcleaner.exe [2012.11.01 14:37:51 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.30 14:06:06 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.19 22:21:39 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.02 21:15:12 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012.11.02 21:15:12 | 000,001,441 | ---- | C] () -- \scu.dat [2012.11.02 19:32:25 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.11.02 10:27:27 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.01 16:24:38 | 000,540,977 | ---- | C] () -- C:\Users\Claudia\Desktop\adwcleaner.exe [2012.10.19 22:21:39 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.10.19 22:21:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.10.17 08:02:12 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.18 15:25:40 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2012.02.18 15:25:40 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2011.06.15 11:19:48 | 000,007,605 | ---- | C] () -- C:\Users\Claudia\AppData\Local\Resmon.ResmonCfg [2011.04.20 16:29:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.25 14:06:57 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2011.01.25 14:06:57 | 000,000,000 | RHS- | C] () -- \IO.SYS [2011.01.20 09:48:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.29 15:06:02 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2010.08.29 15:06:00 | 000,383,786 | RHS- | C] () -- \bootmgr [2010.08.29 14:07:03 | 1603,084,288 | -HS- | C] () -- \hiberfil.sys [2009.07.14 03:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009.07.14 03:04:04 | 000,000,010 | ---- | C] () -- \config.sys ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== < End of report > OTL Extras Log Code:
ATTFilter OTL Extras logfile created on: 03.11.2012 20:37:20 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claudia\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,04% Memory free
3,98 Gb Paging File | 2,92 Gb Available in Paging File | 73,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,55 Gb Total Space | 19,28 Gb Free Space | 27,72% Space Free | Partition Type: NTFS
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34BBD741-06BA-444D-934F-7BD5B3550A8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D413CB3-48EC-4D8D-A2B7-58E265A1EA9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{53C732EB-0170-4106-9884-8CA1C16736C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{601C4CB1-F9ED-457A-82DF-F7ECDC506EF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{668AA7D3-52A6-4BE9-A1FE-96D6961C068E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DEAE8B8-67B6-439C-900E-55221BD1CA49}" = lport=10243 | protocol=6 | dir=in | app=system |
"{740C258B-09E7-458C-8315-1A74267BD95B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{783185EF-1820-46BB-A774-14B9FD40DD14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B1F09F5-89C7-4FE3-BF67-EE37FE625C79}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EF03231-4F69-409B-AD15-C9763D0158DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84328B37-4591-46C7-8309-FD5530CCA442}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B367F80-1380-4007-A702-15B22220E639}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A98D731-B0C4-4943-B544-5529EDDC88E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A3AFC302-33EA-49CC-A0D5-D20284918BC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B277DE9C-514E-40E8-8B64-07EDB389C801}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D458D4D8-760B-4AB8-A5C3-78CB37EAFA6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF94B02E-4EF9-4F93-AB40-E866E5925A09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E57D6730-2BE9-4B4F-9C0F-1FB3DE04395A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1BCC4AE-360E-43D4-8723-80E63BA2CCF7}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6AB8287-C859-46D9-A88B-C97B115BB57D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBD97EC6-BF26-4FAE-952D-4E8C56AC5400}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCF94EC4-CDCF-4DCD-88E3-94051F28BFDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEAD9307-20E7-49F7-A690-064FCA9FB165}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023CD076-3BFE-4917-9344-F6AA3D4F2BF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25A36ABE-F864-49EB-9FCA-1500A97173AD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{312EC1DF-629F-4B87-B33F-754CB7755A7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{325ADF8C-0B67-4569-81D7-DE82CD8B5DF2}" = protocol=6 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"{53C113F1-051C-461B-80F2-27827469D409}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{665263D7-DCDF-4408-AD70-CC9217F7D4AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EC5AF86-548D-49A2-A6A0-666B2FA4BAE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7ADD3216-4745-4F52-AE46-31B177729BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85072F2B-7FDE-48BD-9F15-ABA5F3725640}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{86642B3B-5469-4ED4-B0CB-9694DA74AF2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{89E77322-25C0-4EF5-BEDF-FF524C97C9C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FBAE4BB-939B-4812-B245-C179355A0BED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC7888EA-465B-4D94-A812-4A6D939AC316}" = protocol=6 | dir=out | app=system |
"{AC80312C-B195-4221-BEDE-1DED9A2ED306}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BABC7D4B-47EB-4C36-A49A-C7A4673CF50C}" = protocol=17 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"{BF885D66-ED83-49D2-845E-43ED2122A372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C5C83AB5-B65C-4693-9F17-D54A45BAA2AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1BA6A6A-B6DB-415B-8B2B-C911586A609B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3426AB9-476B-4160-AAA1-132F3F740AEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4452B7D-F4FA-4434-8FCF-2D68E85162F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EF89D727-A506-4898-89AE-051F9C14D7E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{03949771-DD8A-4838-A4CA-73897DBE23CA}C:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5AC46380-D7E8-4837-911C-098117C45AEF}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{20B4E91A-45AC-4E72-B1FC-7E36AF614641}C:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D9FC6E9C-9120-4248-A22C-E49B9A74DAA2}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5200" = Canon iP5200
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6084D645-2101-926A-3DFF-26C1729089C6}" = Balsamiq Mockups For Desktop
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.8.5
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.70
"Avira AntiVir Desktop" = Avira Free Antivirus
"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
"BitZipper_is1" = BitZipper 2010
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Setup.divx.com" = DivX-Setup
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"Free Studio_is1" = Free Studio version 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Kalender-Excel-8.8.1_is1" = Kalender-Excel-8.8.1
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nokia PC Suite" = Nokia PC Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.11.2109" = Opera 11.11
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.4
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.01.2011 04:58:36 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00746e65 ID des fehlerhaften
Prozesses: 0x8a8 Startzeit der fehlerhaften Anwendung: 0x01cbc124fa7bceb0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 494bde78-2d18-11e0-aef0-0016d32b2ec3
Error - 31.01.2011 04:58:38 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.01.2011 05:01:38 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.12.2011 05:34:27 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 21.12.2011 05:35:36 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.12.2011 05:37:02 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 23.12.2011 12:29:11 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
Zeitstempel: 0x4eb4a91a Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
Zeitstempel: 0x4e5d6c64 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00014141 ID des fehlerhaften
Prozesses: 0x91c Startzeit der fehlerhaften Anwendung: 0x01ccc18fdd0c1710 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
3e59d9f8-2d83-11e1-a40c-0016d32b2ec3
Error - 25.12.2011 07:50:05 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 25.12.2011 07:51:09 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.12.2011 07:52:24 | Computer Name = Claudia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 03.11.2012 15:33:54 | Computer Name = Claudia-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 03.11.2012 15:33:55 | Computer Name = Claudia-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 03.11.2012 15:33:56 | Computer Name = Claudia-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1421 NULL object. Cannot establish a connection at this time.
Error - 03.11.2012 15:38:37 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 03.11.2012 15:38:37 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 03.11.2012 15:38:37 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
Error - 03.11.2012 15:38:37 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION
Error - 03.11.2012 15:38:37 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
Error - 03.11.2012 15:43:37 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION
Error - 03.11.2012 15:43:37 | Computer Name = Claudia-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
[ System Events ]
Error - 26.10.2012 05:38:26 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 30.10.2012 15:14:36 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
ServiceLayer erreicht.
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ServiceLayer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 01.11.2012 09:32:35 | Computer Name = Claudia-PC | Source = DCOM | ID = 10005
Description =
Error - 02.11.2012 13:53:02 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ThinkPad PM Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.11.2012 14:45:28 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 02.11.2012 14:45:28 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 02.11.2012 14:47:50 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 02.11.2012 14:47:50 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
< End of report >
--> Ich habe leider immer noch das Problem, wenn ich Firefox benutze, dass auf diversen Internetseiten in den Texten einzelne Wörter unterstrichen sind und wenn man mit der Maus darüber fährt, erscheint fragliche Werbung über Savings Sidekick. Danke für die Hilfe! Gruß, Claudi |
|
03.11.2012, 22:39
| #7 | ||
| /// Helfer-Team | Hilfe! Savings Sidekick entfernen..aber wie? 1. Zitat:
► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 2. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Reinige dein System mit *SUPERAntiSpyware*<- Download & Anleitung
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
04.11.2012, 10:39
| #8 |
| | Hilfe! Savings Sidekick entfernen..aber wie? Nachfolgend die neuen Logs 2. Fixen mit OTL: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Claudia\Desktop\cmd.bat deleted successfully.
C:\Users\Claudia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Claudia
->Temp folder emptied: 1619106 bytes
->Temporary Internet Files folder emptied: 8779017 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13031893 bytes
->Opera cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 640128 bytes
RecycleBin emptied: 204504 bytes
Total Files Cleaned = 23,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11042012_083203
Files\Folders moved on Reboot...
File\Folder C:\Users\Claudia\AppData\Local\Temp\OICE_E8D2DBFE-0C1B-497E-A203-0A35F00BE791.0\E57B4368. not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 11/04/2012 bei 10:27 AM
Version der Applikation : 5.6.1012
Version der Kern-Datenbank : 9525
Version der Spur-Datenbank : 7337
Scan Art : kompletter Scann
Totale Scann-Zeit : 01:36:13
Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Gescannte Speicherelemente : 740
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 37342
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 96201
Erfasste Datei-Elemente : 0
|
|
04.11.2012, 12:07
| #9 |
| /// Helfer-Team | Hilfe! Savings Sidekick entfernen..aber wie? ► Hast du die Probleme immer noch?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
04.11.2012, 13:37
| #10 |
| | Hilfe! Savings Sidekick entfernen..aber wie? Habe leider immer noch das Problem, dass wenn ich auf Internetseiten gehe, einzelne Wörter unterstrichen sind und auf Savings Sidekick verlinkt wird. Es sind jedoch keine Bilder mit pornografischer Werbung mehr zu sehen. Was soll ich jetzt machen? Vielleicht ist die Frage blöd, aber wäre das Problem gelöst, wenn ich Firefox deinstalliere und bspw auf Chrome wechsele? Gruß, Claudi |
|
05.11.2012, 06:20
| #11 |
| /// Helfer-Team | Hilfe! Savings Sidekick entfernen..aber wie? SUPERAntiSpyware kannst deinstallieren im Firefox unter Erweiterungen (Add- On) nachschauen, ob da noch Reste vorhanden sind
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (05.11.2012 um 06:48 Uhr) |
|
05.11.2012, 09:10
| #12 |
| | Hilfe! Savings Sidekick entfernen..aber wie? Unter Erweiterungen von Firefox war tatsächlich noch Savings Sidekick. Habe es gelöscht und jetzt wird auf Internetseiten nichts mehr unterstrichen und mit Savings Sidekick verlinkt Vielen, vielen Dank für die Hilfe. |
|
05.11.2012, 13:24
| #13 | ||
| /// Helfer-Team | Hilfe! Savings Sidekick entfernen..aber wie? ** Lass dein System in der nächste Zeit noch unter Beobachtung! wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes: 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! -> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Hilfe! Savings Sidekick entfernen..aber wie? |
| .com, 4d36e972-e325-11ce-bfc1-08002be10318, antivir, avira, bho, browser, converter, desktop, error, failed, feedback, firefox, flash player, google, helper, iexplore.exe, internet browser, jquery, logfile, mp3, object, outbound, plug-in, problem, registrierungsdatenbank, richtlinie, safer networking, savings, savings sidekick, scan, sidekick, software, svchost.exe, system, werbung, windows, wörter |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
