| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SecurityTool richtig entfernt? - System langsam und instabilWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.08.2010, 21:23
| #1 |
| |  SecurityTool richtig entfernt? - System langsam und instabil Hallo liebe Helfer! Ich habe gestern Bekanntschaft mit dem SecurityToll gemacht. Indem ich die Anleitung hier im Forum ganz genau befolgt habe, habe ich das Vieh entfernt. Antivir und Malwarebytes finden nichts mehr und die Einträge und Dateien, die das Ding anlegt (wie sie in der Anleitung stehen) sind auch nicht mehr da. Allerdings krückt mein Rechner seitdem extrem, und es treten vermehrt Programmabstürze auf. Nun möchte ich bitten, mal zu schauen, ob ich alles richtig gemacht habe, oder was da los ist. Performance Probleme hauptsächlich mit den Adobe CS Programmen, Outlook und 2x irgendein Problem mit dem Grafiktreiber (Screen wird schwarz, danach alles normal, Windows hat 1x ein Problem gemeldet, aber keine weiteren Infos). Arbeite mit Windows 7 Home Premium 64 Bit. Aus meinen Ausführungen dürfte hervorgehen, dass ich kein Experte bin. Das bitte ich vorsorglich zu entschuldigen  Log- und Info von RSIT folgen. Schon einmal herzlichen Dank und Grüße RSIT Info: info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-17 20:27:35
======Uninstall list======
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI others-->MsiExec.exe /I{47C6F987-685A-41AE-B092-E75B277AEE39}
Adobe Flash CS4 STI-other-->MsiExec.exe /I{BD3374D3-C2E6-42B7-A80B-E850B6886246}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Alien Skin Blow Up 2-->C:\PROGRA~2\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\PROGRA~2\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\BLOWUP~1\INSTALL.LOG
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Canon IJ Network Scan Utility-->"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\uninst.ini
Canon IJ Network Tool-->C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator EX 3.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 3.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 3.0\uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll
Catalyst Control Center - Branding-->MsiExec.exe /I{87323561-58BA-4D5B-BADA-A791B69D1705}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files (x86)\CDBurnerXP\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Elster-Export 1.8-->"C:\Program Files (x86)\EasyCash&Tax\Plugins\Elster-Export\unins000.exe"
ElsterFormular-->C:\Program Files (x86)\ElsterFormular\uninstall.exe
Extensis Suitcase Fusion 2-->MsiExec.exe /X{FB8BD91F-DC90-4770-AE33-8AA6AA2E691B}
FileZilla Client 3.3.3-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
IsoBuster 2.8-->"C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.6)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
OpenOffice.org 3.2-->MsiExec.exe /I{8D1E61D1-1395-4E97-997F-D002DB3A5074}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Stifttablett-->C:\Program Files (x86)\Tablet\Pen\Remove.exe /u
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
The Whispered World-->"C:\Program Files (x86)\InstallShield Installation Information\{BD009869-6498-4CF9-9016-E9EA6E3742B2}\SETUP.EXE" -runfromtemp -l0x0007 -removeonly
VLC media player 1.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
VTV digital 06-->"C:\Program Files (x86)\VTV digital 06\unins000.exe"
Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{CAFA57E8-8927-4912-AFCF-B0AA3837E989}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
WISO Sparbuch 2010-->"C:\Program Files (x86)\InstallShield Installation Information\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}\Setup.exe" -runfromtemp -l0x0007 -removeonly
======Hosts File======
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
======System event log======
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Cryptographic Services" befindet sich jetzt im Status "stopped".
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "stopped".
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Software Protection" befindet sich jetzt im Status "stopped".
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Windows Event Log" befindet sich jetzt im Status "stopped".
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Volume Shadow Copy" befindet sich jetzt im Status "stopped".
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: 37L4247E29-32
Event Code: 1001
Message: Fehlerbucket , Typ 0
Ereignisname: PnPDriverNotFound
Antwort: Nicht verfügbar
CAB-Datei-ID: 0
Problemsignatur:
P1: x64
P2: PCI\VEN_8086&DEV_24D5&SUBSYS_12F2103C&REV_02
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
Angefügte Dateien:
C:\Windows\Temp\DMI5D0A.tmp.log.xml
Diese Dateien befinden sich möglicherweise hier:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_e3f1627be0372a3227ccccb6dcbea71d49e7f30_cab_056a5d87
Analysesymbol:
Es wird erneut nach einer Lösung gesucht: 0
Berichts-ID: 801143ca-1993-11df-95ef-8388ea536d56
Berichtstatus: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100214180515.000000-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100214180409.000000-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100214180405.000000-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100214180400.296875-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: 37L4247E29-32
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100214180400.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100214180345.328125-000
Event Type: Überwachung erfolgreich
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: 37L4247E29-32$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x1b8
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100214180345.328125-000
Event Type: Überwachung erfolgreich
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.
Anzahl von Elementen: 0
Richtlinienkennung: 0x333f4
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100214180339.250000-000
Event Type: Überwachung erfolgreich
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-0-0
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0
Anmeldetyp: 0
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x4
Prozessname:
Netzwerkinformationen:
Arbeitsstationsname: -
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: -
Authentifizierungspaket: -
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100214180336.656250-000
Event Type: Überwachung erfolgreich
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows wird gestartet.
Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100214180336.546875-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Extensis\Suitcase Fusion 2\;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=1
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=Intel64 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
RSIT Log: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-08-17 20:27:14 Microsoft Windows 7 Home Premium System drive C: has 26 GB (34%) free of 76 GB Total RAM: 4096 MB (73% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:27:27, on 17.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Extensis\Suitcase Fusion 2\FMCore.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\***\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [FMCore.exe] "C:\Program Files (x86)\Extensis\Suitcase Fusion 2\FMCore.exe" -standalone O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AST HighEnd Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe -- End of file - 10992 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3346609910-2137552162-720105615-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3346609910-2137552162-720105615-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}] ContributeBHO Class - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-02-14 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-07-16 141608] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304] "Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232] ""= [] "Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376] "AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168] "AdobeBridge"= [] "FMCore.exe"=C:\Program Files (x86)\Extensis\Suitcase Fusion 2\FMCore.exe [2009-10-29 8520704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1" ======List of files/folders created in the last 1 months====== 2010-08-17 20:27:17 ----D---- C:\Program Files (x86)\trend micro 2010-08-17 20:27:14 ----D---- C:\rsit 2010-08-17 14:49:29 ----D---- C:\Program Files (x86)\QuickTime 2010-08-16 16:39:42 ----D---- C:\Program Files (x86)\CCleaner 2010-08-16 12:16:52 ----D---- C:\ProgramData\IntelliPDF 2010-08-16 12:16:43 ----A---- C:\Windows\iun6002.exe 2010-08-12 16:53:24 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-08-12 02:14:43 ----D---- C:\Users\***\AppData\Roaming\gSyncit 2010-08-11 22:54:30 ----A---- C:\Windows\WORDPAD.INI 2010-08-11 22:12:20 ----D---- C:\Windows\PCHEALTH 2010-08-11 22:12:19 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-08-11 22:10:45 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8 2010-08-11 22:09:37 ----D---- C:\Program Files (x86)\Microsoft Analysis Services 2010-08-11 22:09:05 ----D---- C:\Program Files (x86)\Microsoft Office 2010-08-11 22:07:57 ----RHD---- C:\MSOCache 2010-08-11 17:54:28 ----D---- C:\ProgramData\Microsoft Help 2010-08-11 13:22:00 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-11 13:21:57 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-11 13:21:56 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-11 13:21:55 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-11 13:21:55 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-11 13:21:55 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-11 13:21:55 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-11 13:21:55 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-11 13:21:55 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-11 13:21:55 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-11 13:21:55 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-11 13:20:33 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-08-11 13:19:11 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-08-11 13:19:10 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-08-11 13:18:37 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-11 13:18:36 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-11 13:18:24 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-09 20:38:55 ----D---- C:\ProgramData\ATI 2010-08-09 20:38:52 ----D---- C:\Program Files (x86)\Common Files\ATI Technologies 2010-08-03 10:45:32 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-08-02 01:52:23 ----D---- C:\Program Files (x86)\Microsoft 2010-08-02 01:51:47 ----D---- C:\Program Files (x86)\Windows Live 2010-08-02 01:49:05 ----D---- C:\Program Files (x86)\Common Files\Windows Live 2010-07-27 14:57:14 ----A---- C:\Windows\SysWOW64\nlssrv32.exe 2010-07-27 13:16:50 ----D---- C:\Users\***\AppData\Roaming\Alien Skin 2010-07-27 13:15:16 ----A---- C:\Windows\SysWOW64\ASTSRV.EXE 2010-07-27 13:15:09 ----D---- C:\Program Files (x86)\Alien Skin 2010-07-27 10:27:05 ----D---- C:\Program Files (x86)\Google 2010-07-20 12:28:14 ----D---- C:\Program Files (x86)\iTunes ======List of files/folders modified in the last 1 months====== 2010-08-17 20:27:27 ----D---- C:\Windows\Prefetch 2010-08-17 20:27:19 ----D---- C:\Windows\Temp 2010-08-17 20:27:17 ----RD---- C:\Program Files (x86) 2010-08-17 20:26:54 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-08-17 20:23:44 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-08-17 19:39:56 ----SHD---- C:\System Volume Information 2010-08-17 14:49:53 ----SHD---- C:\Windows\Installer 2010-08-17 14:49:29 ----D---- C:\Windows\SysWOW64 2010-08-17 14:37:40 ----D---- C:\Users\***\AppData\Roaming\WTablet 2010-08-17 14:36:41 ----D---- C:\Users\***\AppData\Roaming\Adobe 2010-08-16 18:43:54 ----RSD---- C:\Windows\Fonts 2010-08-16 18:42:16 ----D---- C:\Windows\SysWOW64\drivers 2010-08-16 18:38:27 ----D---- C:\AdobeTemp 2010-08-16 18:38:06 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-08-16 18:17:30 ----AD---- C:\Windows 2010-08-16 18:06:42 ----D---- C:\Windows\System32 2010-08-16 17:27:43 ----RD---- C:\Users 2010-08-16 17:20:56 ----HD---- C:\ProgramData\CanonIJScan 2010-08-16 17:20:54 ----D---- C:\Users\***\AppData\Roaming\Azureus 2010-08-16 17:20:54 ----D---- C:\ProgramData\FLEXnet 2010-08-16 17:20:53 ----D---- C:\Windows\Tasks 2010-08-16 17:20:53 ----D---- C:\Windows\inf 2010-08-16 17:20:37 ----D---- C:\Windows\registration 2010-08-16 16:52:48 ----D---- C:\Users\***\AppData\Roaming\FileZilla 2010-08-16 16:41:00 ----D---- C:\Windows\debug 2010-08-16 12:16:52 ----HD---- C:\ProgramData 2010-08-15 13:37:34 ----D---- C:\Program Files (x86)\JDownloader 2010-08-12 22:35:01 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-08-12 20:19:46 ----D---- C:\Windows\Microsoft.NET 2010-08-12 20:19:36 ----RSD---- C:\Windows\assembly 2010-08-12 19:34:01 ----D---- C:\Windows\winsxs 2010-08-12 17:15:27 ----D---- C:\Windows\SysWOW64\de-DE 2010-08-12 16:56:50 ----D---- C:\Windows\SysWOW64\en-US 2010-08-12 16:54:12 ----SD---- C:\ProgramData\Microsoft 2010-08-12 14:16:10 ----RD---- C:\Program Files 2010-08-12 04:02:01 ----D---- C:\Windows\SysWOW64\migration 2010-08-12 04:02:01 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-11 22:18:05 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-08-11 22:17:18 ----D---- C:\Windows\ShellNew 2010-08-11 22:13:22 ----D---- C:\Program Files (x86)\MSBuild 2010-08-11 22:09:53 ----A---- C:\Windows\win.ini 2010-08-11 21:46:15 ----D---- C:\Users\***\AppData\Roaming\vlc 2010-08-11 18:18:59 ----D---- C:\Program Files (x86)\TabletPlugins 2010-08-11 18:09:17 ----D---- C:\Program Files (x86)\Common Files 2010-08-11 18:08:28 ----D---- C:\Program Files (x86)\Common Files\System 2010-08-10 00:35:40 ----A---- C:\Windows\wiso.ini 2010-08-07 23:01:55 ----D---- C:\Program Files (x86)\Mozilla Thunderbird 2010-08-02 23:35:12 ----D---- C:\Program Files (x86)\Common Files\Acronis 2010-08-02 19:47:26 ----D---- C:\Program Files (x86)\Canon 2010-08-02 19:46:51 ----D---- C:\Program Files (x86)\EasyCash&Tax 2010-08-02 19:36:02 ----D---- C:\Program Files (x86)\Buhl 2010-08-02 19:32:26 ----D---- C:\Program Files (x86)\Elaborate Bytes 2010-07-27 13:52:19 ----D---- C:\Program Files (x86)\OpenOffice.org 3 2010-07-20 12:28:14 ----D---- C:\Program Files (x86)\Common Files\Apple ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MDFSYSNT;MacDrive file system driver; C:\Windows\SysWOW64\drivers\MDFSYSNT.sys [] R0 MDPMGRNT;MacDrive Partition Driver; C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys [2009-03-11 73312] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [] R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] S3 KoneFltr;ROCCAT Kone; C:\Windows\system32\drivers\Kone.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] S3 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys [2009-11-12 7168] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [] S3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [] S3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 ASTSRV;AST HighEnd Service; C:\Windows\system32\ASTSRV.EXE [2008-05-19 57344] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 M4LIC;Mediafour M4LIC service; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312] R2 MacDrive8Service;MacDrive 8 service; C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 165376] R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\system32\nlssrv32.exe [2009-12-09 57344] R2 NMSAccess;NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096] R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [] R2 WTouchService;WTouch Service; C:\Program Files\WTouch\WTouchService.exe [2009-11-23 127784] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-07-16 654112] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-03-12 288112] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-16 1038088] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-15 655624] S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] -----------------EOF----------------- |
|
18.08.2010, 11:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | SecurityTool richtig entfernt? - System langsam und instabil Poste bitte alle Logfiles von Malwarebytes und AntiVir. Ich brauch die mit den Funden!
__________________V.a. die von Malwarebytes brauch ich!
__________________ |
|
18.08.2010, 13:05
| #3 |
| | SecurityTool richtig entfernt? - System langsam und instabil Malwarebytes' Anti-Malware 1.46
__________________www.malwarebytes.org Datenbank Version: 4160 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 16.08.2010 15:34:33 mbam-log-2010-08-16 (15-34-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 324235 Laufzeit: 53 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. Geändert von mymiezmiez (18.08.2010 um 13:12 Uhr) Grund: Dammit, hab die sauberen gepostet. Das ist es. Von Antivir hab ich keins mit Fund, war beim Scan schon entfernt. |
|
18.08.2010, 14:20
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SecurityTool richtig entfernt? - System langsam und instabil Sind da noch mehr Logs gewesen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2010, 14:30
| #5 |
| | SecurityTool richtig entfernt? - System langsam und instabil Nur ein Quick-Scan davor mit dem selben Ergebnis. Habe vorhin versehentlich die Logs von den Scans nach der Bereinigung gepostet, die ohne Funde. |
|
18.08.2010, 14:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SecurityTool richtig entfernt? - System langsam und instabil Also mehr wurde nicht gefunden? Wie auch immer, ich brauch OTL-Logs: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> SecurityTool richtig entfernt? - System langsam und instabil |
|
18.08.2010, 17:04
| #7 |
| | SecurityTool richtig entfernt? - System langsam und instabil Nein, das war alles. Es könnte sein, dass ich den Scan nicht als Admin ausgeführt habe. Macht das einen Unterschied? Jedenfalls hier das OTL Log: OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 18.08.2010 17:36:29 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 29,03 Gb Free Space | 38,96% Space Free | Partition Type: NTFS Drive D: | 149,04 Gb Total Space | 89,38 Gb Free Space | 59,97% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 100,00 Gb Total Space | 69,76 Gb Free Space | 69,76% Space Free | Partition Type: HFSJ Drive I: | 831,31 Gb Total Space | 264,89 Gb Free Space | 31,86% Space Free | Partition Type: FAT32 Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\Extensis\Suitcase Fusion 2\FMCore.exe (Extensis a division of Celartem, Inc.) PRC - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (nlsX86cc) -- C:\Windows\SysNative\nlssrv32.exe File not found SRV:64bit: - (ASTSRV) -- C:\Windows\SysNative\ASTSRV.EXE File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.) SRV:64bit: - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) SRV - (WTouchService) -- C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.) SRV - (M4LIC) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (ASTSRV) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MDPMGRNT) -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS (Mediafour Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (smwdm) -- C:\Windows\SysNative\drivers\smwdm.sys (Analog Devices, Inc.) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 15 4E B6 B6 AD CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.17 14:49:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.17 14:49:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.08.17 14:49:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.02.23 16:13:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.02.15 01:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.31 22:58:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kbf3trby.default\extensions [2010.02.23 16:12:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.16 19:00:11 | 000,001,651 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 4 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [FMCore.exe] C:\Program Files (x86)\Extensis\Suitcase Fusion 2\FMCore.exe (Extensis a division of Celartem, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.18 15:56:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.18 14:36:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.17 20:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010.08.17 20:27:14 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.17 14:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.08.16 18:06:42 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2010.08.16 18:05:27 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\autoruns [2010.08.16 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.08.16 12:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IntelliPDF [2010.08.16 12:16:43 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2010.08.12 17:17:05 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMA0.DLL [2010.08.12 16:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.08.12 14:16:10 | 000,000,000 | ---D | C] -- C:\Programme\gSyncit [2010.08.12 02:14:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gSyncit [2010.08.12 01:32:14 | 000,000,000 | ---D | C] -- C:\Programme\Google [2010.08.11 23:26:17 | 000,127,232 | ---- | C] (Microsoft Corporation) -- C:\Users\***\AppData\Local\osppc.dll [2010.08.11 23:26:16 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Users\***\AppData\Local\cscript.exe [2010.08.11 22:17:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2010.08.11 22:13:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services [2010.08.11 22:12:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.08.11 22:12:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework [2010.08.11 22:12:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2010.08.11 22:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.08.11 22:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010.08.11 22:09:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services [2010.08.11 22:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2010.08.11 22:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010.08.11 22:08:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.08.11 22:07:57 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.08.11 17:54:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2010.08.11 17:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.08.11 13:21:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.08.11 13:21:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.08.11 13:21:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.08.11 13:21:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.08.11 13:21:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.08.11 13:21:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.08.11 13:19:11 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.08.11 13:19:11 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.08.11 13:19:10 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.08.11 13:18:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.08.11 13:18:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.08.11 13:18:36 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.08.10 18:59:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cooliris [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2010.08.09 20:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.08.09 20:38:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2010.08.09 20:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2010.08.07 20:02:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\CAW_AG_305_EB_Regionen [2010.08.07 20:02:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\CAW_AG_296_TB_Umweltdienstleistungen [2010.08.02 23:08:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Alcohol.120_0 [2010.08.02 01:55:32 | 000,000,000 | R-SD | C] -- C:\Users\***\Documents\My Stationery [2010.08.02 01:52:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.08.02 01:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.07.27 14:57:14 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe [2010.07.27 13:39:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2010.07.27 13:16:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Alien Skin [2010.07.27 13:15:16 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\ASTSRV.EXE [2010.07.27 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alien Skin [2010.07.27 10:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.07.20 12:28:15 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.20 12:28:14 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.07.20 12:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes ========== Files - Modified Within 30 Days ========== [2010.08.18 17:36:04 | 004,718,592 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.18 16:59:07 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3346609910-2137552162-720105615-1000UA.job [2010.08.18 15:56:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.18 14:49:05 | 000,000,528 | ---- | M] () -- C:\Users\***\Documents\cc_20100818_144859.reg [2010.08.18 14:48:14 | 000,001,538 | ---- | M] () -- C:\Users\***\Documents\cc_20100818_144805.reg [2010.08.18 14:47:18 | 000,017,290 | ---- | M] () -- C:\Users\***\Documents\cc_20100818_144657.reg [2010.08.18 14:35:47 | 000,143,064 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.18 11:07:57 | 000,092,209 | ---- | M] () -- C:\Users\***\Desktop\Fantasywelt Erste Rechnung.jpg [2010.08.18 10:59:36 | 000,334,000 | ---- | M] () -- C:\Users\***\Desktop\fantasywelt_start_logout_01.jpg [2010.08.18 10:19:31 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.18 10:19:31 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.18 10:10:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.18 10:10:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.18 10:10:02 | 3220,889,600 | -HS- | M] () -- C:\hiberfil.sys [2010.08.17 22:37:56 | 002,009,741 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.17 20:25:20 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe [2010.08.17 14:36:18 | 003,386,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.16 23:59:04 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3346609910-2137552162-720105615-1000Core.job [2010.08.16 22:46:34 | 000,119,638 | ---- | M] () -- C:\Users\***\Desktop\Di Lena1.pdf [2010.08.16 22:46:26 | 000,120,070 | ---- | M] () -- C:\Users\***\Desktop\Di Lena0.pdf [2010.08.16 19:00:11 | 000,001,651 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.08.16 16:43:02 | 000,097,500 | ---- | M] () -- C:\Users\***\Documents\cc_20100816_164237.reg [2010.08.16 12:16:22 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2010.08.15 13:12:39 | 000,013,844 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat [2010.08.13 11:13:50 | 000,004,507 | ---- | M] () -- C:\Users\***\Desktop\IKEA_Bestellbestaetigung.pdf [2010.08.12 17:13:24 | 001,535,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.12 17:13:24 | 000,662,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.12 17:13:24 | 000,622,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.12 17:13:24 | 000,133,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.12 17:13:24 | 000,108,978 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.11 23:26:32 | 002,945,485 | ---- | M] () -- C:\Users\***\AppData\Local\tokensall.dat [2010.08.11 23:26:32 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Local\cscript.exe [2010.08.11 23:26:32 | 000,151,552 | ---- | M] () -- C:\Users\***\AppData\Local\KMService.exe [2010.08.11 23:26:32 | 000,143,360 | ---- | M] () -- C:\Users\***\AppData\Local\PortQry.exe [2010.08.11 23:26:32 | 000,127,232 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Local\osppc.dll [2010.08.11 23:26:32 | 000,052,704 | ---- | M] () -- C:\Users\***\AppData\Local\regall.reg [2010.08.11 23:26:32 | 000,049,377 | ---- | M] () -- C:\Users\***\AppData\Local\ospp.vbs [2010.08.11 23:26:32 | 000,033,019 | ---- | M] () -- C:\Users\***\AppData\Local\slerror.xml [2010.08.11 23:26:32 | 000,032,256 | ---- | M] () -- C:\Users\***\AppData\Local\instsrv.exe [2010.08.11 23:26:32 | 000,014,176 | ---- | M] () -- C:\Users\***\AppData\Local\ospprearm.exe [2010.08.11 23:26:32 | 000,008,192 | ---- | M] () -- C:\Users\***\AppData\Local\srvany.exe [2010.08.11 23:26:32 | 000,001,012 | ---- | M] () -- C:\Users\***\AppData\Local\service.inf [2010.08.11 23:26:32 | 000,000,796 | ---- | M] () -- C:\Users\***\AppData\Local\hs_message.vbs [2010.08.11 23:26:32 | 000,000,148 | ---- | M] () -- C:\Users\***\AppData\Local\DisableService.reg [2010.08.11 22:54:30 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2010.08.11 22:09:53 | 000,000,626 | ---- | M] () -- C:\Windows\win.ini [2010.08.11 21:36:17 | 000,389,305 | ---- | M] () -- C:\Users\***\Desktop\SL-4411-SBK_view.idml [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2010.08.10 00:35:40 | 000,000,460 | ---- | M] () -- C:\Windows\wiso.ini [2010.08.07 17:28:15 | 013,834,464 | ---- | M] () -- C:\Users\***\Desktop\D.psd [2010.08.06 19:22:35 | 000,013,734 | ---- | M] () -- C:\Users\***\AppData\Roaming\UserTile.png [2010.08.02 23:27:58 | 000,000,514 | ---- | M] () -- C:\Users\***\Documents\ax_files.xml [2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll ========== Files Created - No Company Name ========== [2010.08.18 14:49:01 | 000,000,528 | ---- | C] () -- C:\Users\***\Documents\cc_20100818_144859.reg [2010.08.18 14:48:08 | 000,001,538 | ---- | C] () -- C:\Users\***\Documents\cc_20100818_144805.reg [2010.08.18 14:47:03 | 000,017,290 | ---- | C] () -- C:\Users\***\Documents\cc_20100818_144657.reg [2010.08.18 11:07:51 | 000,092,209 | ---- | C] () -- C:\Users\***\Desktop\Fantasywelt Erste Rechnung.jpg [2010.08.18 10:59:32 | 000,334,000 | ---- | C] () -- C:\Users\***\Desktop\fantasywelt_start_logout_01.jpg [2010.08.17 20:25:06 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2010.08.16 22:45:49 | 000,119,638 | ---- | C] () -- C:\Users\***\Desktop\Di Lena1.pdf [2010.08.16 22:45:28 | 000,120,070 | ---- | C] () -- C:\Users\***\Desktop\Di Lena0.pdf [2010.08.16 16:42:46 | 000,097,500 | ---- | C] () -- C:\Users\***\Documents\cc_20100816_164237.reg [2010.08.13 11:13:50 | 000,004,507 | ---- | C] () -- C:\Users\***\Desktop\IKEA_Bestellbestaetigung.pdf [2010.08.11 23:26:18 | 002,945,485 | ---- | C] () -- C:\Users\***\AppData\Local\tokensall.dat [2010.08.11 23:26:18 | 000,052,704 | ---- | C] () -- C:\Users\***\AppData\Local\regall.reg [2010.08.11 23:26:18 | 000,033,019 | ---- | C] () -- C:\Users\***\AppData\Local\slerror.xml [2010.08.11 23:26:18 | 000,032,256 | ---- | C] () -- C:\Users\***\AppData\Local\instsrv.exe [2010.08.11 23:26:18 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\srvany.exe [2010.08.11 23:26:17 | 000,151,552 | ---- | C] () -- C:\Users\***\AppData\Local\KMService.exe [2010.08.11 23:26:17 | 000,143,360 | ---- | C] () -- C:\Users\***\AppData\Local\PortQry.exe [2010.08.11 23:26:17 | 000,049,377 | ---- | C] () -- C:\Users\***\AppData\Local\ospp.vbs [2010.08.11 23:26:17 | 000,014,176 | ---- | C] () -- C:\Users\***\AppData\Local\ospprearm.exe [2010.08.11 23:26:17 | 000,001,012 | ---- | C] () -- C:\Users\***\AppData\Local\service.inf [2010.08.11 23:26:16 | 000,000,796 | ---- | C] () -- C:\Users\***\AppData\Local\hs_message.vbs [2010.08.11 23:26:16 | 000,000,148 | ---- | C] () -- C:\Users\***\AppData\Local\DisableService.reg [2010.08.11 22:54:30 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.08.11 21:36:17 | 000,389,305 | ---- | C] () -- C:\Users\***\Desktop\SL-4411-SBK_view.idml [2010.08.07 16:38:47 | 013,834,464 | ---- | C] () -- C:\Users\***\Desktop\D.psd [2010.08.06 19:20:34 | 000,013,734 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2010.07.25 14:36:24 | 000,013,844 | ---- | C] () -- C:\Windows\SysNative\Pen_Tablet.dat [2010.07.10 14:16:25 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.07.06 12:38:38 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.06.01 17:27:33 | 000,000,158 | ---- | C] () -- C:\Windows\EasyCT.INI [2010.06.01 17:03:46 | 000,000,460 | ---- | C] () -- C:\Windows\wiso.ini [2010.05.31 22:09:50 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\052575210198102.xxe [2010.05.31 22:09:29 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\048102515610049.xxe [2010.05.31 22:09:10 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\0535049569854.xxe [2010.03.01 19:51:06 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2010.02.15 02:11:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.08.2010 17:36:29 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 29,03 Gb Free Space | 38,96% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 89,38 Gb Free Space | 59,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 100,00 Gb Total Space | 69,76 Gb Free Space | 69,76% Space Free | Partition Type: HFSJ
Drive I: | 831,31 Gb Total Space | 264,89 Gb Free Space | 31,86% Space Free | Partition Type: FAT32
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03186933-85EF-47A6-8B36-8A459138DEA7}" = gSyncit
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{19648082-62FE-4F97-9A8C-B0870977449F}" = MacDrive 8
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{8F790958-2107-48F2-88E0-B352A0C225AB}" = iTunes
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB8BD91F-DC90-4770-AE33-8AA6AA2E691B}" = Extensis Suitcase Fusion 2
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blow Up 2" = Alien Skin Blow Up 2
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Elster-Export Plugin für EasyCash&Tax_is1" = Elster-Export 1.8
"ElsterFormular 11.1.3.3887" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.3.3
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"Pen Tablet Driver" = Stifttablett
"VLC media player" = VLC media player 1.0.5
"VTV digital_is1" = VTV digital 06
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.08.2010 16:09:02 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2010 04:17:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2010 05:04:15 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2010 06:14:46 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2010 07:13:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2010 08:08:43 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2010 08:44:34 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 18.08.2010 09:14:17 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2010 10:14:03 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2010 11:03:16 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 16.08.2010 09:47:29 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 16.08.2010 09:47:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.08.2010 09:47:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.08.2010 09:47:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.08.2010 09:47:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.08.2010 09:47:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.08.2010 09:47:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.08.2010 09:52:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.08.2010 11:23:58 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 16.08.2010 14:44:08 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
|
|
18.08.2010, 18:41
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SecurityTool richtig entfernt? - System langsam und instabilZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2010, 19:16
| #9 |
| | SecurityTool richtig entfernt? - System langsam und instabil Master Collection, Quelle kenne ich leider nicht. |
|
18.08.2010, 20:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SecurityTool richtig entfernt? - System langsam und instabil Und wer hat's installiert? Sieht mir nach einer gecrackten Variante aus  denn bei einer legalen Version machen diese Einträge in den Hosts keinen Sinn! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2010, 20:48
| #11 |
| | SecurityTool richtig entfernt? - System langsam und instabil Danke für den Hinweis. Und nun? |
|
18.08.2010, 20:58
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SecurityTool richtig entfernt? - System langsam und instabil Also ist es eine legale Version oder was möchtest Du sagen? Wer hats denn nun installiert, hast Du die Originalmedien vorliegen? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2010, 21:44
| #13 |
| | SecurityTool richtig entfernt? - System langsam und instabil Ein Freund hat's installiert, von dem ich den Rechner hab. Mit ziemlicher Sicherheit ist das keine legale Version. Ich hab schlicht und einfach nicht gefragt. Installationsdisks in Kopie hab ich bekommen. Worum geht es denn jetzt? Wenn es daran hängt, schmeiß ich's runter. |
|
19.08.2010, 10:02
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SecurityTool richtig entfernt? - System langsam und instabil Das Problem ist, dass gecrackte Versionen illegal und meistens verseucht sind. Ich kann Dir daher leider nur noch den Hinweis auf format c: plus Neuinstallation von Windows geben.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.08.2010, 12:35
| #15 |
| | SecurityTool richtig entfernt? - System langsam und instabil Auch wenn bis zum Schädlingsbefall alles dufte war? Na gut, trotzdem danke für's Kümmern. Ich hab spaßeshalber diese seltsamen Host-Einträge gelöscht und geschaut, was passiert. Nix passiert, alles wie immer. Haha, hätt ich das mal vorher gewusst, oh mann ... Danke und beste Grüße Miez |
|
| Themen zu SecurityTool richtig entfernt? - System langsam und instabil |
| adobe, analysis, anleitung, antivir, avgntflt.sys, benutzerprofildienst, dateien, document, einträge, entfernt, entfernt?, folge, forum, home, home premium, indesign, infos, langsam, location, malwarebytes, msiexec, msiexec.exe, nicht mehr, nichts, notepad.exe, plug-ins, probleme, programdata, programme, rechner, rsit, schwarz, screen, security, sptd.sys, staropen, studio, system, system langsam, syswow64, tablet, third party, usbaapl64, vermehrt, visual studio, windows, windows 7, windows 7 home, windows 7 home premium |
Linear-Darstellung
