| |
| |||||||
Mülltonne: Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstelltWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
19.05.2010, 09:56
| #1 |
| |  Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Hallo an alle!  Da ich schon seit Tagen nach einer Lösung im WEB suche, aber nichts gefunden habe, muss ich mein Problem hier posten und hoffen dass mir hier geholfen wird. Angefangen hat alles seit Antivir: Dieser meldet immer wieder diesen Fund der auch immer automatisch in die Quarantäne verschoben wird. Die Datei 'C:\Users\***\AppData\Local\Temp\AdA5BA8.tmp' enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.55296.BB' [trojan]. Infos zum Virus findet man bei Avira leider keine  Dann stellte sich heraus, dass das Temp Verzeichniss --> C:\Users\***\AppData\Local\Temp\ ständig mit *.tmp files regelrecht überflutet wird. Es werden ca. alle 5 Sekunden ca. 30MB von diesen *.tmp Files erstellt, dies aber auch nur wenn Outlook 2007 geöffnet ist! Ich habe keine Infizierte Mail entdeckt. Die *.pst habe ich mittlerweile komprimiert, brachte auch keinen Erfolg Ich fange mal mit den Systeminfos an: Code:
ATTFilter Betriebsystemname Microsoft Windows 7 Professional
Version 6.1.7600 Build 7600
Weitere Betriebsystembeschreibung Nicht verfügbar
Betriebsystemhersteller Microsoft Corporation
Systemname ***
Systemhersteller System manufacturer
Systemmodell System Product Name
Systemtyp x64-basierter PC
Prozessor Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz, 2668 MHz, 4 Kern(e), 8 logische(r) Prozessor(en)
BIOS-Version/-Datum American Megatrends Inc. 0805, 24.02.2010
SMBIOS-Version 2.5
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume1
Gebietsschema Österreich
Hardwareabstraktionsebene Version = "6.1.7600.16385"
Benutzername ***i
Zeitzone Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM) 6,00 GB
Gesamter realer Speicher 5,99 GB
Verfügbarer realer Speicher 3,93 GB
Gesamter virtueller Speicher 12,0 GB
Verfügbarer virtueller Speicher 9,45 GB
Größe der Auslagerungsdatei 5,99 GB
Auslagerungsdatei C:\pagefile.sys
ASUS P6T SE i7 920 6 GB Ram ATI 5770 zusammengebaut von mir im Februar. Bis jetzt lief alles immer Problemlos. Normalerweise setze ich Avira Antivir, Ad Aware die Firewall von Windows 7 und Sphinx Firewall Control ein. Hier das Hijack Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:41:22, on 19.05.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\palmOne\HOTSYNC.EXE C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [HotSwap! Applet] "C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSwap!.EXE" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: HotSwap!.EXE O4 - Startup: HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: QuatoCalibrationLoader.lnk = C:\Program Files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Windows7FirewallService - Sphinx Software - C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12277 bytes Antivir, Win 7, Outlook, Ad Aware, SUPERAntiSpyware, Malwarebytes' Anti-Malware, Spybot S&D sind aktuell und finden nichts. Ad Aware lief im Abgesicherten Modus auch schon fand aber auch nichts. HILFE! MfG Wolfgang |
|
19.05.2010, 14:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
19.05.2010, 21:17
| #3 |
| | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt So hier sind die Log´s:
__________________Malwarebytes' Anti-Malware Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4117
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
19.05.2010 21:09:30
mbam-log-2010-05-19 (21-09-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|)
Durchsuchte Objekte: 522572
Laufzeit: 2 Stunde(n), 20 Minute(n), 11 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL.TXT Code:
ATTFilter OTL logfile created on: 19.05.2010 21:09:42 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\SilviaundWolfi\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 23,00% Memory free 12,00 Gb Paging File | 7,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 150,29 Gb Total Space | 85,86 Gb Free Space | 57,13% Space Free | Partition Type: NTFS Drive D: | 1712,63 Gb Total Space | 85,67 Gb Free Space | 5,00% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 83,01 Gb Total Space | 82,92 Gb Free Space | 99,89% Space Free | Partition Type: NTFS Drive H: | 848,50 Gb Total Space | 19,59 Gb Free Space | 2,31% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: WOLFIPC Current User Name: SilviaundWolfi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\SilviaundWolfi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe () PRC - C:\Program Files\ASUS\TurboV\TurboV.exe () PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe () PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe () PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\SilviaundWolfi\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV:64bit: - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (SiSoftware) SRV:64bit: - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (Irmon) -- C:\Windows\SysNative\irmon.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (MSSQL$SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV:64bit: - (SQLAgent$SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (PCLEPCI) -- C:\Windows\SysWOW64\drivers\Pclepci.sys (Pinnacle Systems GmbH) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (hhdserial64) -- C:\Windows\SysNative\drivers\hhdserial64.sys (HHD Software Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\sandra.sys (SiSoftware) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (RsFx0103) -- C:\Windows\SysNative\drivers\RsFx0103.sys (Microsoft Corporation) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (MosIrUsb) -- C:\Windows\SysNative\drivers\MosIrUsb.sys () DRV:64bit: - (X-Rite) -- C:\Windows\SysNative\drivers\XrUsb64.sys (X-Rite, Inc.) DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH) DRV - (CSC) -- C:\Windows\CSC [2010.06.02 00:40:46 | 000,000,000 | ---D | M] DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (WinI2C-DDC) -- C:\Program Files (x86)\Quato\iColorDisplay\DDCDrv.sys (Nicomsoft Ltd.) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys () DRV - (NDMSHLP) -- C:\Program Files (x86)\Common Files\HHD Software\Device Monitor\ndmshlp.sys (HHD Software) DRV - (ASPI32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 6B 38 A6 DC 01 CB 01 [binary data] IE - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.at | hxxp://www.psd-tutorials.de/" FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.18 14:47:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.18 15:03:56 | 000,000,000 | ---D | M] [2010.02.17 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\SilviaundWolfi\AppData\Roaming\mozilla\Extensions [2010.02.17 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\SilviaundWolfi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.05.18 19:26:22 | 000,000,000 | ---D | M] -- C:\Users\SilviaundWolfi\AppData\Roaming\mozilla\Firefox\Profiles\a10pka2q.default\extensions [2010.06.02 00:55:16 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\SilviaundWolfi\AppData\Roaming\mozilla\Firefox\Profiles\a10pka2q.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010.05.18 18:43:10 | 000,000,000 | ---D | M] -- C:\Users\SilviaundWolfi\AppData\Roaming\mozilla\Firefox\Profiles\a10pka2q.default\extensions\fsonlinescanner@f-secure.com [2010.05.18 15:03:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.18 15:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.18 15:03:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.04.03 18:31:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.03 18:31:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.04.03 18:31:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.03 18:31:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.03 18:31:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.08 00:09:39 | 000,000,736 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000..\Run: [HotSwap! Applet] C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSwap!.EXE (Kazuyuki Nakayama) O4 - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-3541148088-3564942511-4207434260-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSwap!.EXE (Kazuyuki Nakayama) O4 - Startup: C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.31 11:53:24 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.02 11:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\palmOne [2010.06.02 11:04:56 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\CD-LabelPrint [2010.06.02 11:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2010.06.02 11:00:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010.06.02 11:00:46 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2010.06.02 11:00:38 | 000,279,040 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM9C.DLL [2010.06.02 11:00:36 | 001,354,240 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC630C.DLL [2010.06.02 11:00:36 | 000,292,864 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC630L.DLL [2010.06.02 11:00:36 | 000,229,888 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC630O.DLL [2010.06.02 11:00:36 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC630I.DLL [2010.06.02 11:00:30 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2010.06.02 11:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD-LabelPrint [2010.06.02 10:58:57 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Nero [2010.06.02 10:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010.06.02 10:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2010.06.02 10:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010.06.02 10:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010.06.02 10:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010.06.02 10:17:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.06.02 10:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.06.02 10:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010.06.02 10:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010.06.02 10:15:53 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Local\Microsoft Help [2010.06.02 10:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010.06.02 10:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.06.02 10:15:44 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.06.02 10:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl [2010.06.02 09:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2010.06.02 09:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware [2010.06.02 09:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.06.02 09:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.06.02 09:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.06.02 09:37:18 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Local\Adobe [2010.06.02 09:35:25 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.06.02 09:35:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\SysWow64\drivers\ssmdrv.sys [2010.06.02 09:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.06.02 09:35:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.06.02 08:51:32 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.06.02 08:51:31 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.06.02 08:51:31 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.06.02 08:51:31 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.06.02 08:51:30 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.06.02 08:51:30 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.06.02 08:51:30 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.06.02 08:51:30 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.06.02 08:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles [2010.06.02 08:49:07 | 000,000,000 | -H-D | C] -- C:\temp [2010.06.02 08:49:03 | 000,000,000 | -H-D | C] -- C:\ASUS.000 [2010.06.02 08:48:57 | 000,000,000 | -H-D | C] -- C:\ASUS.SYS [2010.06.02 08:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations [2010.06.02 08:43:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.06.02 08:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2010.06.02 08:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2010.06.02 08:42:46 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difx55c.rra [2010.06.02 08:42:45 | 001,970,176 | R--- | C] (JMicron Technology Corp.) -- C:\Windows\SysWow64\xRaidSetup.exe [2010.06.02 08:42:45 | 000,151,552 | R--- | C] (JMicron Technology Corp.) -- C:\Windows\SysWow64\xRaidAPI.dll [2010.06.02 08:42:41 | 000,104,408 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\jraid.sys [2010.06.02 08:42:38 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2010.06.02 08:38:35 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll [2010.06.02 08:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2010.06.02 08:38:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010.06.02 08:38:22 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2010.06.02 08:38:22 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2010.06.02 08:38:22 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2010.06.02 08:38:21 | 000,417,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2010.06.02 08:38:21 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2010.06.02 08:38:21 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2010.06.02 08:38:21 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2010.06.02 08:38:20 | 001,603,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2010.06.02 08:38:20 | 001,277,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2010.06.02 08:38:20 | 001,163,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2010.06.02 08:38:19 | 000,611,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2010.06.02 08:38:19 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2010.06.02 08:38:19 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2010.06.02 08:38:19 | 000,058,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2010.06.02 08:38:17 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2010.06.02 08:38:16 | 000,176,640 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2010.06.02 08:38:15 | 000,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2010.06.02 08:38:15 | 000,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2010.06.02 08:38:14 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.06.02 08:38:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.06.02 08:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.06.02 08:37:25 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys [2010.06.02 08:36:47 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\InstallShield [2010.06.02 01:39:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.06.02 01:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010.06.02 01:28:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.06.02 01:26:58 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2010.06.02 01:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2010.06.02 01:26:24 | 000,000,000 | ---D | C] -- C:\Intel [2010.06.02 01:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2010.06.02 01:21:23 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Macromedia [2010.06.02 01:21:23 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Adobe [2010.06.02 01:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2010.06.02 01:21:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.06.02 01:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.06.02 01:18:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.06.02 01:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2010.06.02 01:14:21 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\DAEMON Tools Lite [2010.06.02 01:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.06.02 00:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune [2010.06.02 00:53:34 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Mozilla [2010.06.02 00:53:34 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Local\Mozilla [2010.06.02 00:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.06.02 00:46:30 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Searches [2010.06.02 00:46:23 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Identities [2010.06.02 00:46:22 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Contacts [2010.06.02 00:46:21 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Local\VirtualStore [2010.06.02 00:46:15 | 000,000,000 | --SD | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Videos [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Saved Games [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Pictures [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Music [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Links [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Favorites [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Downloads [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Documents [2010.06.02 00:46:15 | 000,000,000 | R--D | C] -- C:\Users\SilviaundWolfi\Desktop [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Vorlagen [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\AppData\Local\Verlauf [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\AppData\Local\Temporary Internet Files [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Startmenü [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\SendTo [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Recent [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Netzwerkumgebung [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Lokale Einstellungen [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Documents\Eigene Videos [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Documents\Eigene Musik [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Eigene Dateien [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Documents\Eigene Bilder [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Druckumgebung [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Cookies [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\AppData\Local\Anwendungsdaten [2010.06.02 00:46:15 | 000,000,000 | -HSD | C] -- C:\Users\SilviaundWolfi\Anwendungsdaten [2010.06.02 00:46:15 | 000,000,000 | -H-D | C] -- C:\Users\SilviaundWolfi\AppData [2010.06.02 00:46:15 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Local\Temp [2010.06.02 00:46:15 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Local\Microsoft [2010.06.02 00:46:15 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Media Center Programs [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\Programme [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.06.02 00:46:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.06.02 00:46:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.06.02 00:40:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.06.02 00:40:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.05.19 18:41:02 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\SilviaundWolfi\Desktop\OTL.exe [2010.05.18 19:01:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.05.18 18:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2010.05.18 18:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010.05.18 18:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010.05.18 17:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.05.18 17:04:45 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\SUPERAntiSpyware.com [2010.05.18 17:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware [2010.05.18 15:03:56 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.05.18 15:03:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.05.18 15:03:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.05.18 15:03:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.05.18 14:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.05.18 14:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.05.18 14:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.05.18 14:46:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.05.17 17:43:35 | 000,000,000 | ---D | C] -- C:\Wolf32 [2010.05.16 08:50:58 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010.05.08 07:36:47 | 000,000,000 | -H-D | C] -- C:\dvmexp [2010.05.08 00:06:48 | 000,000,000 | ---D | C] -- C:\AV-CLS [2010.05.07 23:41:04 | 000,000,000 | ---D | C] -- C:\VundoFix Backups [2010.05.07 18:48:24 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2010.05.07 18:48:24 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2010.05.06 13:37:03 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.05.06 13:34:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.05.06 13:01:09 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2010.05.06 13:01:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2010.05.06 13:01:09 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2010.05.06 13:01:09 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2010.05.06 13:00:12 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2010.05.06 13:00:11 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2010.05.06 13:00:10 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2010.05.06 13:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2010.05.06 13:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2010.05.06 12:55:53 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Download Manager [2010.05.05 10:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.05.05 10:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.05.04 20:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.05.04 20:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.05.04 17:32:45 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Malwarebytes [2010.05.04 17:32:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.05.04 17:32:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.05.04 17:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.05.04 17:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.28 11:17:55 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010.04.28 11:17:51 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010.04.28 11:17:51 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys [2010.04.20 09:37:41 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Local\assembly [2010.04.20 08:58:17 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft Corporation [2010.04.20 08:57:07 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft FxCop [2010.04.20 08:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio [2010.04.20 08:17:48 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2010.04.20 08:17:48 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2010.04.20 08:17:46 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2010.04.20 08:17:46 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2010.04.20 08:17:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx [2010.04.20 08:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2010.04.20 08:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.04.20 08:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2010.04.20 08:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2010.04.20 08:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2010.04.20 08:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2010.04.20 08:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2010.04.20 08:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2010.04.20 08:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010.04.20 08:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.04.20 08:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET [2010.04.20 08:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\IIS [2010.04.20 08:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS [2010.04.20 08:13:00 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\Documents\Visual Studio 2008 [2010.04.20 08:12:38 | 000,000,000 | ---D | C] -- C:\Users\SilviaundWolfi\Documents\Visual Studio 2010 [2010.04.20 08:10:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033 [2010.04.20 08:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2010.04.20 08:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2010.04.20 08:08:12 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2010.04.20 08:08:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033 [2010.04.20 08:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2010.04.20 08:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2010.04.20 08:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.02 11:08:54 | 000,001,843 | ---- | M] () -- C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk [2010.06.02 11:08:51 | 000,001,748 | ---- | M] () -- C:\Users\Public\Desktop\Palm Desktop.lnk [2010.06.02 11:02:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.06.02 10:54:21 | 000,000,026 | ---- | M] () -- C:\Windows\Irremote.ini [2010.06.02 10:17:44 | 000,002,795 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\Microsoft Office Outlook 2007.lnk [2010.06.02 09:35:26 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.06.02 08:55:29 | 000,031,768 | ---- | M] () -- C:\Windows\Ascd_log.ini [2010.06.02 08:49:04 | 000,000,057 | -H-- | M] () -- C:\splash.idx [2010.06.02 08:43:03 | 000,000,670 | ---- | M] () -- C:\Windows\setup.iss [2010.06.02 01:14:56 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.06.02 01:07:16 | 000,524,288 | -HS- | M] () -- C:\Users\SilviaundWolfi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.06.02 01:07:16 | 000,524,288 | -HS- | M] () -- C:\Users\SilviaundWolfi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.06.02 01:07:16 | 000,065,536 | -HS- | M] () -- C:\Users\SilviaundWolfi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.06.02 00:58:30 | 000,000,930 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\HD Tune.lnk [2010.06.02 00:53:32 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.06.02 00:46:15 | 000,000,020 | -HS- | M] () -- C:\Users\SilviaundWolfi\ntuser.ini [2010.06.02 00:42:46 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.06.02 00:42:46 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.06.02 00:41:49 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010.05.19 21:11:42 | 008,126,464 | -HS- | M] () -- C:\Users\SilviaundWolfi\NTUSER.DAT [2010.05.19 20:51:55 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2010.05.19 20:14:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.19 18:41:17 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\SilviaundWolfi\Desktop\OTL.exe [2010.05.19 17:14:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.19 13:13:25 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.19 13:13:25 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.19 13:12:29 | 001,803,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.05.19 13:12:29 | 000,766,828 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.05.19 13:12:29 | 000,720,204 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.05.19 13:12:29 | 000,173,474 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.05.19 13:12:29 | 000,146,166 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.05.19 13:06:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.19 13:05:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.19 13:05:53 | 529,854,463 | -HS- | M] () -- C:\hiberfil.sys [2010.05.19 13:04:36 | 002,008,078 | -H-- | M] () -- C:\Users\SilviaundWolfi\AppData\Local\IconCache.db [2010.05.18 19:53:47 | 012,267,520 | ---- | M] () -- C:\ProgramData\sandra.mda [2010.05.18 19:05:33 | 040,564,488 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\cureit.exe [2010.05.18 18:34:33 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.05.18 17:04:46 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.18 15:03:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.05.18 15:03:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.05.18 15:03:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.05.18 15:03:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.05.18 14:58:29 | 000,001,267 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\Spybot - Search & Destroy.lnk [2010.05.18 14:47:43 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.05.18 14:46:22 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.05.17 17:46:46 | 000,000,770 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\WOLF Hydraulikschemen.lnk [2010.05.17 17:43:41 | 000,000,575 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\WOLF Energiesparprogramm.lnk [2010.05.17 17:43:41 | 000,000,575 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\WOLF Datanorm.lnk [2010.05.16 08:50:48 | 003,689,423 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\ComboFix.exe [2010.05.08 00:16:10 | 067,019,544 | ---- | M] () -- C:\Users\SilviaundWolfi\Documents\pinfect.zip [2010.05.08 00:09:39 | 000,000,736 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak [2010.05.08 00:09:39 | 000,000,736 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.05.08 00:07:13 | 001,122,224 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\Multi_AV.exe [2010.05.07 21:07:09 | 000,001,179 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\Ad-Aware.lnk [2010.05.07 18:48:24 | 000,000,052 | ---- | M] () -- C:\Windows\Lic.xxx [2010.05.06 13:36:58 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2010.05.06 13:34:17 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.06 13:09:39 | 023,957,922 | ---- | M] () -- C:\Windows\REGBK00.ZIP [2010.05.06 13:00:11 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2010.05.06 13:00:10 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2010.05.06 13:00:09 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2010.05.06 12:58:09 | 086,349,632 | ---- | M] () -- C:\Users\SilviaundWolfi\Documents\mwav.exe [2010.05.05 14:58:00 | 000,073,718 | ---- | M] () -- C:\Users\SilviaundWolfi\Documents\IMG_1894.jpg [2010.05.05 10:37:35 | 000,000,000 | ---- | M] () -- C:\ntuser.dat [2010.05.05 10:24:38 | 000,003,015 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\HiJackThis.lnk [2010.05.05 10:13:28 | 000,001,894 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\CCleaner.lnk [2010.05.04 17:32:40 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.01 09:24:14 | 000,303,542 | ---- | M] () -- C:\Users\SilviaundWolfi\AppData\Roaming\mdbu.bin [2010.04.30 19:09:18 | 000,000,940 | ---- | M] () -- C:\Users\SilviaundWolfi\Desktop\DVDFab 6.lnk [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.27 14:26:57 | 000,460,970 | ---- | M] () -- C:\Users\SilviaundWolfi\Documents\dkw.pdf [2010.04.26 17:02:24 | 003,131,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.04.25 09:37:00 | 000,156,208 | ---- | M] () -- C:\Users\SilviaundWolfi\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.25 08:54:37 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.02 11:08:54 | 000,001,843 | ---- | C] () -- C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk [2010.06.02 11:08:51 | 000,001,748 | ---- | C] () -- C:\Users\Public\Desktop\Palm Desktop.lnk [2010.06.02 11:02:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.06.02 10:54:21 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2010.06.02 10:54:16 | 000,001,024 | ---- | C] () -- C:\Users\SilviaundWolfi\.rnd [2010.06.02 10:35:00 | 000,002,795 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\Microsoft Office Outlook 2007.lnk [2010.06.02 09:46:37 | 012,267,520 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.06.02 09:35:26 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.06.02 08:59:16 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx [2010.06.02 08:43:00 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.06.02 08:43:00 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.06.02 08:42:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.06.02 08:42:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.06.02 08:42:49 | 000,000,670 | ---- | C] () -- C:\Windows\setup.iss [2010.06.02 08:36:16 | 000,031,768 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010.06.02 08:35:15 | 000,020,845 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.06.02 01:14:56 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.06.02 00:58:30 | 000,000,930 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\HD Tune.lnk [2010.06.02 00:53:32 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.06.02 00:46:15 | 008,126,464 | -HS- | C] () -- C:\Users\SilviaundWolfi\NTUSER.DAT [2010.06.02 00:46:15 | 000,524,288 | -HS- | C] () -- C:\Users\SilviaundWolfi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.06.02 00:46:15 | 000,524,288 | -HS- | C] () -- C:\Users\SilviaundWolfi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.06.02 00:46:15 | 000,262,144 | -HS- | C] () -- C:\Users\SilviaundWolfi\ntuser.dat.LOG1 [2010.06.02 00:46:15 | 000,065,536 | -HS- | C] () -- C:\Users\SilviaundWolfi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.06.02 00:46:15 | 000,000,020 | -HS- | C] () -- C:\Users\SilviaundWolfi\ntuser.ini [2010.06.02 00:46:15 | 000,000,000 | -HS- | C] () -- C:\Users\SilviaundWolfi\ntuser.dat.LOG2 [2010.06.02 00:41:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.06.02 00:40:21 | 529,854,463 | -HS- | C] () -- C:\hiberfil.sys [2010.05.18 19:03:32 | 040,564,488 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\cureit.exe [2010.05.18 18:34:33 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.05.18 17:04:46 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.18 14:47:43 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.05.17 17:46:46 | 000,000,770 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\WOLF Hydraulikschemen.lnk [2010.05.17 17:43:41 | 000,000,575 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\WOLF Energiesparprogramm.lnk [2010.05.17 17:43:41 | 000,000,575 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\WOLF Datanorm.lnk [2010.05.16 08:50:43 | 003,689,423 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\ComboFix.exe [2010.05.15 21:45:23 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010.05.08 00:06:38 | 001,122,224 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\Multi_AV.exe [2010.05.07 21:07:09 | 000,001,179 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\Ad-Aware.lnk [2010.05.06 13:34:17 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.06 13:21:34 | 067,019,544 | ---- | C] () -- C:\Users\SilviaundWolfi\Documents\pinfect.zip [2010.05.06 13:07:58 | 023,957,922 | ---- | C] () -- C:\Windows\REGBK00.ZIP [2010.05.06 13:00:19 | 000,000,052 | ---- | C] () -- C:\Windows\Lic.xxx [2010.05.06 13:00:10 | 000,000,522 | ---- | C] () -- C:\Windows\SysWow64\Microsoft.VC80.CRT.manifest [2010.05.06 12:55:56 | 086,349,632 | ---- | C] () -- C:\Users\SilviaundWolfi\Documents\mwav.exe [2010.05.05 14:58:00 | 000,073,718 | ---- | C] () -- C:\Users\SilviaundWolfi\Documents\IMG_1894.jpg [2010.05.05 10:37:35 | 000,000,000 | ---- | C] () -- C:\ntuser.dat [2010.05.05 10:24:38 | 000,003,015 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\HiJackThis.lnk [2010.05.05 10:13:28 | 000,001,894 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\CCleaner.lnk [2010.05.04 20:56:52 | 000,001,267 | ---- | C] () -- C:\Users\SilviaundWolfi\Desktop\Spybot - Search & Destroy.lnk [2010.05.04 17:32:40 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.27 14:26:57 | 000,460,970 | ---- | C] () -- C:\Users\SilviaundWolfi\Documents\dkw.pdf [2010.02.23 21:49:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.02.23 21:49:30 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.02.23 21:49:30 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.02.23 21:49:29 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.02.23 21:49:29 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2010.02.10 16:20:14 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll [2010.02.10 16:20:14 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini [2010.02.02 17:15:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.01 11:00:23 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini [2010.01.31 11:53:24 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\macd32.dll [2010.01.31 11:53:24 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll [2010.01.31 11:53:24 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\mamc32.dll [2010.01.31 11:53:24 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\masd32.dll [2010.01.31 11:53:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll [2010.01.25 10:44:06 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.01.08 12:43:14 | 001,600,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.11.07 18:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2008.02.08 18:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS < End of report > |
|
19.05.2010, 21:17
| #4 |
| | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Hier noch das 2. Log Code:
ATTFilter OTL Extras logfile created on: 19.05.2010 21:09:42 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\SilviaundWolfi\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 23,00% Memory free
12,00 Gb Paging File | 7,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,29 Gb Total Space | 85,86 Gb Free Space | 57,13% Space Free | Partition Type: NTFS
Drive D: | 1712,63 Gb Total Space | 85,67 Gb Free Space | 5,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 83,01 Gb Total Space | 82,92 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive H: | 848,50 Gb Total Space | 19,59 Gb Free Space | 2,31% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: WOLFIPC
Current User Name: SilviaundWolfi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3541148088-3564942511-4207434260-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{956C3A74-CC73-4951-6FB7-1E484B0ABF85}" = ccc-utility64
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{ED49426D-A15D-D7E0-DF56-3AC844CEDF8E}" = ATI Catalyst Install Manager
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"HHD Device Monitoring Studio 5.01" = HHD Software Device Monitoring Studio 6.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 3.0.4.27
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03dc502f-8785-4425-8a8a-926e4ee4ca4d}" = Nero 9 Trial
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{217254AD-7DC2-8E55-B0AA-DF40293E2568}" = Catalyst Control Center Graphics Full Existing
"{2319A25C-57C8-148A-B89E-963B691F80AB}" = CCC Help Hungarian
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2732D365-6543-4EC3-954E-6A7B8A0E07EC}" = ComfortSoft
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}" = HHD Software Free Serial Port Monitor 3.31
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{462E2065-E54B-4CFD-87A2-BAE82EEFACD1}" = Catalyst Control Center Core Implementation
"{46D1B803-63C8-B1F7-F803-2CABFF3BADD3}" = CCC Help French
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF22652-AA49-4B58-A695-7527EBA58B9B}" = Silicon Laboratories CP210x VCP Drivers for Windows 7
"{4BBDC0E5-6457-CDB9-F1C4-C79321D448AA}" = CCC Help Portuguese
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{554763FE-0874-45DC-85CE-95711A353583}" = FastPictureViewer WIC Codec Pack 1.64
"{557EDA52-5803-C91F-A0A5-635317063D8D}" = Catalyst Control Center Graphics Full New
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A9A2B89-58BC-DFB9-CF7F-1127A26A6D1D}" = CCC Help Spanish
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65A7D970-7915-4311-E3CC-08745BDF6A66}" = CCC Help English
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6AC06152-AD39-D387-6D3B-2A4D0556F207}" = Catalyst Control Center Graphics Previews Common
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{7222FE15-CEDA-9142-A488-CB4AA559F7F9}" = Catalyst Control Center Graphics Previews Vista
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{75C73547-240E-4DA1-AB63-58146F377085}" = UltraEdit 16.00
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{78D8028B-D2BA-A3B9-2EA8-D30F25E3F87F}" = ccc-core-static
"{7E06305E-6E2C-EBFA-69E9-782891EF06EF}" = Catalyst Control Center Localization All
"{81B109ED-6ECA-49FF-9238-8E31FA5DB1A9}_is1" = RescuePRO 3.4.0.34
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{934DE9F7-7498-0FC4-FC6A-166097F218F4}" = CCC Help Italian
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B7E797F4-2642-BEF9-055B-13B930C9D665}" = CCC Help German
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C139A440-9691-AB3C-8AFB-F8FCAC960014}" = CCC Help Polish
"{C3A5A0C9-5DBE-7A06-1285-D00F21E19FCF}" = Catalyst Control Center Graphics Light
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CC53FB29-E042-1744-2D35-DE2A100B6210}" = CCC Help Greek
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE2188AD-BDFA-AC75-F326-86043F06B48F}" = Catalyst Control Center HydraVision Full
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CaptureOne4_is1" = Capture One 4.8
"CCleaner" = CCleaner
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exif-Viewer" = Exif-Viewer 2.50
"Fraps" = Fraps
"FujiDirekt_is1" = FujiDirekt 2.7
"HD Tune_is1" = HD Tune 2.55
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.5 (Full)
"KProbe" = KProbe 2.5.2
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Neat Image_is1" = Neat Image v5.9 Pro+
"Passware Kit - 5.0.0" = Passware Kit - 5.0.0
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.2
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Super Flexible File Synchronizer_is1" = Super Flexible File Synchronizer v4.53
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.3.1894
"WOLF Energiesparen + Datanorm_is1" = WOLF Energiesparen + Datanorm
"WOLF Hydraulikschemen_is1" = WOLF Hydraulikschemen 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3541148088-3564942511-4207434260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"iColorDisplay" = iColor Display 3.6.0.0 (nur entfernen)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.05.2010 02:14:59 | Computer Name = WolfiPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.05.2010 02:16:16 | Computer Name = WolfiPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.05.2010 02:16:22 | Computer Name = WolfiPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\delzip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\delzip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.05.2010 02:16:23 | Computer Name = WolfiPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.05.2010 02:16:24 | Computer Name = WolfiPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.05.2010 02:16:26 | Computer Name = WolfiPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.05.2010 02:16:32 | Computer Name = WolfiPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.05.2010 02:16:33 | Computer Name = WolfiPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.05.2010 06:52:05 | Computer Name = WolfiPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6514.5000,
Zeitstempel: 0x4a89dc70 Name des fehlerhaften Moduls: outlrpc.dll, Version: 12.0.6500.5000,
Zeitstempel: 0x49a68068 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000061e6 ID des fehlerhaften
Prozesses: 0x1900 Startzeit der fehlerhaften Anwendung: 0x01caf72c0ae29b30 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
Pfad
des fehlerhaften Moduls: c:\progra~2\micros~1\office12\outlrpc.dll Berichtskennung:
8f81969e-6334-11df-83d4-e0cb4e197b5d
Error - 19.05.2010 13:28:04 | Computer Name = WolfiPC | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
[ OSession Events ]
Error - 04.05.2010 06:38:52 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 619
seconds with 60 seconds of active time. This session ended with a crash.
Error - 04.05.2010 11:44:59 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1357
seconds with 60 seconds of active time. This session ended with a crash.
Error - 05.05.2010 04:16:42 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1602
seconds with 60 seconds of active time. This session ended with a crash.
Error - 06.05.2010 06:20:15 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1844
seconds with 480 seconds of active time. This session ended with a crash.
Error - 16.05.2010 02:16:51 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3195
seconds with 540 seconds of active time. This session ended with a crash.
Error - 16.05.2010 15:18:31 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.05.2010 15:21:35 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 173
seconds with 120 seconds of active time. This session ended with a crash.
Error - 17.05.2010 06:13:37 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1218
seconds with 60 seconds of active time. This session ended with a crash.
Error - 18.05.2010 01:55:27 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.05.2010 06:52:04 | Computer Name = WolfiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9137
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.04.2010 10:15:06 | Computer Name = WolfiPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinI2C-DDC Kernel Mode Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1275
Error - 14.04.2010 10:15:08 | Computer Name = WolfiPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASPI32
Error - 15.04.2010 02:50:12 | Computer Name = WolfiPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.04.2010 02:50:30 | Computer Name = WolfiPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files (x86)\Quato\iColorDisplay\DDCDrv.sys nicht geladen. Wenden Sie sich an den
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error - 15.04.2010 02:50:30 | Computer Name = WolfiPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinI2C-DDC Kernel Mode Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1275
Error - 15.04.2010 02:50:35 | Computer Name = WolfiPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASPI32
Error - 15.04.2010 11:37:35 | Computer Name = WolfiPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.04.2010 11:38:04 | Computer Name = WolfiPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files (x86)\Quato\iColorDisplay\DDCDrv.sys nicht geladen. Wenden Sie sich an den
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error - 15.04.2010 11:38:04 | Computer Name = WolfiPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinI2C-DDC Kernel Mode Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1275
Error - 15.04.2010 11:38:09 | Computer Name = WolfiPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASPI32
< End of report >
|
|
19.05.2010, 21:28
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Die Logs sind unauffällig. War diese Version von Outlook 2007 auf dem Rechner vorinstalliert? Schnapp Dir auch mal bitte so eine gemeldete tmp Datei und werte sie bei https://www.virustotal.com aus und poste den Ergebnislink.
__________________ Logs bitte immer in CODE-Tags posten |
|
20.05.2010, 14:03
| #6 |
| | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Office habe ich selber gekauft und installiert und hatte auch beim Vista keine Probleme. Hier der Scan von Virustotal: https://w*w.virustotal.com/de/analisis/f3057b002fb5c9dbb63e7008c0f591e3b15ac0a519b34c284bc5fd4827ac2734-1274356776 Code:
ATTFilter Datei AdAD04F.tmp empfangen 2010.05.20 11:59:36 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 6/40 (15%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit ist zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.20.01 2010.05.20 -
AntiVir 8.2.1.242 2010.05.20 TR/Agent.55296.BB
Antiy-AVL 2.0.3.7 2010.05.19 -
Authentium 5.2.0.5 2010.05.20 -
Avast 4.8.1351.0 2010.05.20 -
Avast5 5.0.332.0 2010.05.20 -
AVG 9.0.0.787 2010.05.20 -
BitDefender 7.2 2010.05.20 -
CAT-QuickHeal 10.00 2010.05.20 -
ClamAV 0.96.0.3-git 2010.05.20 -
Comodo 4891 2010.05.20 -
DrWeb 5.0.2.03300 2010.05.20 -
eSafe 7.0.17.0 2010.05.17 -
eTrust-Vet 35.2.7500 2010.05.20 -
F-Prot 4.5.1.85 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.20 -
Fortinet 4.1.133.0 2010.05.20 -
GData 21 2010.05.20 -
Ikarus T3.1.1.84.0 2010.05.20 Trojan.Agent
Jiangmin 13.0.900 2010.05.20 Trojan/Agent.dupw
Kaspersky 7.0.0.125 2010.05.20 -
McAfee 5.400.0.1158 2010.05.20 Generic.dx!rpk
McAfee-GW-Edition 2010.1 2010.05.20 Generic.dx!rpk
Microsoft 1.5802 2010.05.20 -
NOD32 5131 2010.05.20 -
Norman 6.04.12 2010.05.20 -
nProtect 2010-05-20.02 2010.05.20 -
Panda 10.0.2.7 2010.05.19 W32/Xor-encoded.A
PCTools 7.0.3.5 2010.05.20 -
Rising 22.48.03.04 2010.05.20 -
Sophos 4.53.0 2010.05.20 -
Sunbelt 6327 2010.05.20 -
Symantec 20101.1.0.89 2010.05.20 -
TheHacker 6.5.2.0.283 2010.05.19 -
TrendMicro 9.120.0.1004 2010.05.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.20 -
VBA32 3.12.12.5 2010.05.20 -
ViRobot 2010.5.20.2326 2010.05.20 -
VirusBuster 5.0.27.0 2010.05.20 -
weitere Informationen
File size: 55296 bytes
MD5...: b4c281a856aec774e0f90f3a33bc0e9e
SHA1..: ddf6a0ab3b756cdbf2e6ce103d255b4476ae8d2f
SHA256: f3057b002fb5c9dbb63e7008c0f591e3b15ac0a519b34c284bc5fd4827ac2734
ssdeep: 768:fQFr0AnnSDpnlzH/KJTsVpxbv5Rlax3JRQ7Bp6vIAu+kC+/QkX5XvXZCLwh9
arff:f40b5kIFfExpQAu+F+IkJXvZT53I
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE-Crypt.XorPE, PE_Patch.UPX, UPX
packers (F-Prot): XORCrypt, UPX
|
|
20.05.2010, 16:19
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Wenn man X-Postet, sollte man das wenigstens mal ankündigen! => wenn Outlook offen -> viele +.tmp Files im Temp Ordner - ForumBase Probier nochmal nen Vollscan mit SUPERAntiSpyware und poste das Log. Wenn das auch nichts findet, muss ich mir was anders einfallen lassen. 
__________________ Logs bitte immer in CODE-Tags posten |
|
20.05.2010, 17:25
| #8 |
| | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Normalerweise mache ich das auch nicht  Leider hat sich auf CB nicht sehr viel getan, da musste ich auch hier mein Problem kundtun.  Das Log folgt später. Dauer eine Weile. mfg Wolfgang |
|
20.05.2010, 21:26
| #9 |
| | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt So hier ist das neue LOG: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/20/2010 at 09:13 PM
Application Version : 4.37.1000
Core Rules Database Version : 4961
Trace Rules Database Version: 2773
Scan type : Complete Scan
Total Scan Time : 03:46:30
Memory items scanned : 482
Memory threats detected : 0
Registry items scanned : 7535
Registry threats detected : 0
File items scanned : 364648
File threats detected : 5
Adware.Tracking Cookie
C:\Users\SilviaundWolfi\AppData\Roaming\Microsoft\Windows\Cookies\silviaundwolfi@stat.aldi[2].txt
Trojan.Agent/Gen-Krpytik
D:\SICHERUNG SICHERUNG D\CDRWWOLFI\HARDDISK\HD SLEEPER 1_55\SETUP.EXE
Adware.GloboLook
D:\SICHERUNG SICHERUNG D\EMOTICONS\20 000 + EMOTICONS AVATARS\ICO PACK\TRADES MARQUES\VISA.ICO
Trojan.WinCommDownloader
D:\SICHERUNG SICHERUNG D\MOBILTELEFON\NOKIA\WINLOCK\CRACKS_110\WINLOCK.EXE
D:\SICHERUNG SICHERUNG D\MOBILTELEFON\WINLOCK\CRACKS_110\WINLOCK.EXE
Wolfgang |
|
20.05.2010, 21:29
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstelltZitat:
 Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logs bitte immer in CODE-Tags posten |
|
20.05.2010, 22:23
| #11 |
| | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Nur weil ich dieses File am PC habe, heisst nicht dass ich es beutze oder benutzt habe. |
|
21.05.2010, 09:04
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Wenn aber Cracks auf dem Recher sind, stellen wir den Support ein und verweisen auf Format C:
__________________ Logs bitte immer in CODE-Tags posten |
|
21.05.2010, 14:34
| #13 |
| |  Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt So, das Problem habe ich jetzt selber behoben Wolfgang |
|
21.05.2010, 16:18
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt Und wie? Oder willst das nicht mitteilen?
__________________ Logs bitte immer in CODE-Tags posten |
|
21.05.2010, 16:30
| #15 | |
| | Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstelltZitat:
Nein möchte ich nicht. Auf Stur schalten kann ich auch. Das nächste Mal werde ich die LOG´s vorm posten nochmal überprüfen und alle "verdächtigen" Zeilen bearbeiten. Wolfgang |
| Themen zu Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt |
| ad-aware, antivir, antivir guard, applaus, avira, bho, browser, desktop, firefox, gupdate, hijack, hijackthis, home, internet, internet explorer, local\temp, logfile, malwarebytes' anti-malware, mozilla, physikalischer speicher, plug-in, problem, programm, safer networking, security, sekunden, senden, software, start menu, syswow64, trojan, virus, windows, überflutet |
