| Sunshine_71 | 28.01.2012 17:11 |
Erstmal danke für die schnelle antwort!!! :)
ich bin nicht sicher, ob ich das so richtig gemacht habe. ich habe jetzt einfach die einzelnen funde von avira rauskopiert... insgesamt habe ich 9 verschiedene meldungen erhalten, die wiederholen sich. zuerst habe ich den zugriff verweigert und dann bei der nächsten meldung gelöscht...
In der Datei 'C:\Users\Claudia\AppData\Local\Temp\kjr9C1Qw6CWKWX.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen
In der Datei 'C:\Users\Claudia\AppData\Local\Temp\~!#E9AB.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Karagany.A.73' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Users\Claudia\AppData\Local\Temp\kjr9C1Qw6CWKWX.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Und hier habe ich die OTL.txt:
OTL Logfile: Code:
OTL logfile created on: 28.01.2012 17:17:28 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Claudia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 80,51% Memory free
6,19 Gb Paging File | 5,80 Gb Available in Paging File | 93,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,00 Gb Total Space | 31,13 Gb Free Space | 40,96% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 228,14 Gb Free Space | 97,96% Space Free | Partition Type: NTFS
Drive E: | 148,09 Gb Total Space | 143,23 Gb Free Space | 96,72% Space Free | Partition Type: NTFS
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.28 17:01:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
PRC - [2011.07.11 08:04:04 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.07.11 08:04:03 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.06.09 08:08:27 | 000,640,760 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011.07.11 08:04:06 | 001,640,216 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Resources.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (Norman ZANDA)
SRV - [2011.07.11 08:04:03 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.04.26 10:21:06 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.08.04 00:24:52 | 000,070,656 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\tomcat7.exe -- (Tomcat7)
SRV - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.08.05 19:25:47 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.09 21:28:53 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.02.29 13:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.03 17:01:50 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Programme\C&E\OSD\OsdService\OsdService.exe -- (OsdService)
========== Driver Services (SafeList) ==========
DRV - [2011.04.26 10:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.06.09 08:08:30 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.02.05 05:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.12.07 22:48:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.09 21:28:53 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.19 20:31:58 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.12.04 22:08:12 | 003,351,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.09.04 16:20:00 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys -- (CEBFilter)
DRV - [2007.08.31 16:18:06 | 000,004,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Programme\C&E\OSD\OsdService\ceio.sys -- (CEIO)
DRV - [2007.08.31 14:22:26 | 000,007,168 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys -- (cKBFilter)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.06.01 16:10:38 | 000,753,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.04 04:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.02.25 05:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.01.30 09:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2006.12.08 10:33:21 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.12.08 10:33:20 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.11.22 17:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2004.11.01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;localhost;localhost;localhost;*.local localhost
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2009.04.30 19:53:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2009.04.30 19:53:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
========== Chrome ==========
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH File not found
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found
O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [yEInuXEOiED.exe] C:\ProgramData\yEInuXEOiED.exe (Microsoft Corp)
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 83.169.184.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17F8FCD4-A43E-4EC3-BE49-8E4C86157C44}: DhcpNameServer = 217.237.151.51 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58257DF2-FE3F-46A4-9935-ED76CFE07575}: DhcpNameServer = 141.42.3.33 141.42.2.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE18F018-A5E3-4EDE-A661-1293279F4475}: DhcpNameServer = 83.169.184.33 83.169.184.97
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d7a891f8-1b35-11e0-8cc3-a2afb53cd7b2}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012.01.28 17:01:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
[2012.01.28 16:52:45 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{EFA1CA75-D828-4B10-8F0F-BCE70B4CBA7D}
[2012.01.28 16:52:29 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{51DBDDDF-52D5-4B16-9CA6-C9909B673B83}
[2012.01.28 14:04:21 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{B6046DD4-1410-4606-B4E6-7569B3EFA503}
[2012.01.28 14:04:05 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{F54939CF-719A-4718-9A61-32DB55760263}
[2012.01.28 13:30:54 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.01.28 13:30:40 | 000,367,616 | -H-- | C] (Microsoft Corp) -- C:\ProgramData\mCl7w2YFKX8LGN.exe
[2012.01.28 13:28:11 | 000,456,704 | -HS- | C] (Microsoft Corp) -- C:\ProgramData\yEInuXEOiED.exe
[2012.01.26 20:53:29 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{D52E98A7-5C1B-45C9-8A2D-F745E72F0C03}
[2012.01.26 20:53:18 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{6561E53F-DE75-4C87-BC30-FAB7C92DBC89}
[2012.01.24 19:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012.01.24 17:18:34 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{08C95060-0FEA-46B4-AA60-63BA1F18469C}
[2012.01.24 17:18:22 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{67D1F8C1-CDEA-431C-B24C-AFA59F36707F}
[2012.01.22 20:29:43 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{6AEBC9B0-4755-4FAB-B1F9-0FB9842C8EA4}
[2012.01.22 20:29:20 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{96ECBC5C-4989-413C-A0E4-41F3336CBC84}
[2012.01.21 22:06:44 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{B93EA916-2FF5-4EDB-814A-8941D7C9BEA7}
[2012.01.21 22:06:30 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{4B0C8598-8023-4023-BBA7-A29B3289C364}
[2012.01.21 09:12:03 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{46BEF839-BA83-486C-B4B2-DBD4BDD353BA}
[2012.01.21 09:11:23 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{DBD5464C-EC69-45B7-9078-9F13B22B9664}
[2012.01.18 18:25:02 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{C117D895-8E64-407F-B9E2-FB55A74B414E}
[2012.01.18 18:24:50 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{B29FD995-7859-492A-B02F-024962813BFD}
[2012.01.16 19:52:40 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{1B63853F-CC3E-431E-9CD2-D777998E39EA}
[2012.01.16 19:52:03 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{8CB468BC-6E39-43BE-90EE-9B2B0114EE27}
[2012.01.15 21:13:32 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{FBED7701-1261-4C95-9D1D-61E6A9AFA938}
[2012.01.15 21:13:18 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{6CB0EFF3-CAAF-47DB-BE5E-812DB770F43D}
[2012.01.14 22:14:52 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{BE9B5C33-DE30-41FA-A895-9F651927DAED}
[2012.01.14 22:14:24 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{A8C9819D-0333-4F06-93FF-6A26E99BF5C9}
[2012.01.14 10:39:41 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{B90285C7-BA21-4123-89E0-42DB5BFDECB1}
[2012.01.12 22:00:17 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{9828E49E-9C16-4DBF-8A69-815E8932C9E9}
[2012.01.12 22:00:05 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{FD0D254A-097B-4EB6-933C-B7947A1B2A33}
[2012.01.11 17:38:27 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{3733DE48-A2D4-427A-9D66-918B8D05E0AB}
[2012.01.11 17:38:04 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{F95FCFCA-FFC1-4BBA-B421-14A13D994A64}
[2012.01.09 06:42:26 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{F29A7F3E-94CD-4720-85E3-002027143E14}
[2012.01.09 06:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{5733A1D5-F5F1-4D6F-B5AF-6E1B6E3E19FE}
[2012.01.08 19:57:49 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{93C6505E-AE83-41D3-A55A-B993F9D559D7}
[2012.01.08 16:21:44 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{B6B979B4-5E2E-4B90-80E4-B183077D76AC}
[2012.01.07 21:34:12 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{3D4DF9E2-F680-4341-B317-7BF4C83A37A7}
[2012.01.07 11:35:22 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{5AEA1B27-1C77-412B-B6F5-3A5EEA0DAA0C}
[2012.01.07 11:34:57 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{46E085AD-4F6F-47D0-8AC8-6E1C441A282B}
[2012.01.06 21:39:32 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{A0C62F25-633B-47B4-91C5-4602C3C13D40}
[2012.01.06 10:46:13 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{72D7CCD6-4952-4CE6-8A23-AEF76D02A6DC}
[2012.01.03 21:01:20 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{24E312DE-837E-420E-8ED5-C182A879D30C}
[2012.01.03 21:01:07 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{81FCD640-33CE-487C-908B-FF7D56444428}
[2012.01.03 16:00:41 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{10F2EEEA-B342-47CD-AB4D-E444629DABF2}
[2012.01.03 16:00:26 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{4DAA0094-140E-4434-8F43-3F76B1921B08}
[2012.01.02 22:11:00 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{1711E263-38C4-4458-B6C6-C41F4EB590A7}
[2012.01.02 22:10:45 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{02C8F154-CE29-4E3B-A3AD-2321C23E1155}
[2012.01.02 21:07:41 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{B9E9D998-47CC-45BE-9267-3B3C64EC563B}
[2012.01.02 21:07:29 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{1E46D9A5-1927-4B8F-A3C3-EBE959257F07}
[2012.01.01 16:08:11 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{BACFFE9B-2F22-4B61-8BFA-76070D5D114B}
[2012.01.01 16:07:46 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{AA849358-71BB-474A-B09D-9563D8184AEF}
[2012.01.01 12:24:31 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Amazon
[2012.01.01 12:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.01.01 12:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012.01.01 00:52:33 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{A234AB76-05FB-47F1-A9AD-ECA8451162B2}
[2012.01.01 00:52:06 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{B71A97EB-0C01-4158-9644-1897F2BD05F7}
[2011.12.31 11:25:33 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{DBF1AFE1-994A-4BA9-8503-ABA016D62317}
[2011.12.31 11:25:18 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{1ED9A6C7-8FCD-4821-83D3-94AF230F6159}
[2011.12.30 12:51:51 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{2CF8279F-F8D6-4C7B-907A-697948A2971F}
[2011.12.30 12:51:33 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{8FD0AD6D-9604-4164-8ACA-BD083B7D3194}
[2011.12.30 09:38:30 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{CF537401-2D91-40B1-AAE8-976B0F64861C}
[2011.12.30 09:38:15 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{6285786D-DAF8-4FEE-940F-25047B272943}
[2011.12.30 00:20:59 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{9B494C62-D8EB-4668-977C-BAB67999A7D1}
[2011.12.30 00:20:41 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Local\{BCB7CBBF-9C75-4486-A979-BE1F10B1D7A2}
[2 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.01.28 17:05:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.28 17:03:34 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.28 17:03:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.28 17:03:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.28 17:01:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
[2012.01.28 17:01:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.28 16:49:31 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.28 14:03:58 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~mCl7w2YFKX8LGN
[2012.01.28 14:03:57 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~mCl7w2YFKX8LGNr
[2012.01.28 13:30:54 | 000,000,647 | -H-- | M] () -- C:\Users\Claudia\Desktop\System Check.lnk
[2012.01.28 13:30:51 | 000,000,344 | -H-- | M] () -- C:\ProgramData\mCl7w2YFKX8LGN
[2012.01.27 20:00:16 | 000,036,211 | -H-- | M] () -- C:\Windows\KernelMessage
[2012.01.24 21:30:25 | 001,302,069 | -H-- | M] () -- C:\Users\Claudia\Desktop\allg medWS10-11.pdf
[2012.01.24 20:22:36 | 000,002,575 | -H-- | M] () -- C:\Users\Claudia\Desktop\Microsoft Word.lnk
[2012.01.24 19:20:29 | 000,060,304 | -H-- | M] () -- C:\Users\Claudia\g2mdlhlpx.exe
[2012.01.12 17:43:12 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.12 17:43:12 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.12 17:43:12 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.12 17:43:12 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.09 21:05:43 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.01.06 10:42:50 | 000,298,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.05 23:19:35 | 000,002,133 | -H-- | M] () -- C:\Users\Claudia\Desktop\Hammerexamen.lnk
[2012.01.05 19:09:41 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\00000E7E.LCS
[2 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.01.28 13:39:59 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~mCl7w2YFKX8LGN
[2012.01.28 13:39:59 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~mCl7w2YFKX8LGNr
[2012.01.28 13:30:54 | 000,000,647 | -H-- | C] () -- C:\Users\Claudia\Desktop\System Check.lnk
[2012.01.28 13:30:51 | 000,000,344 | -H-- | C] () -- C:\ProgramData\mCl7w2YFKX8LGN
[2012.01.24 21:30:25 | 001,302,069 | -H-- | C] () -- C:\Users\Claudia\Desktop\allg medWS10-11.pdf
[2012.01.24 19:20:28 | 000,060,304 | -H-- | C] () -- C:\Users\Claudia\g2mdlhlpx.exe
[2012.01.05 23:19:35 | 000,002,133 | -H-- | C] () -- C:\Users\Claudia\Desktop\Hammerexamen.lnk
[2011.08.11 15:08:50 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.08.11 14:56:15 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.07.26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.05.20 16:23:19 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2010.05.20 09:32:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.05.19 09:56:44 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.05.14 15:42:13 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2010.05.14 15:42:13 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.04.28 19:06:23 | 000,000,680 | -H-- | C] () -- C:\Users\Claudia\AppData\Local\d3d9caps.dat
[2009.08.27 10:07:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.27 10:07:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.27 10:06:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.14 19:23:56 | 000,010,752 | -H-- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.27 17:20:11 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009.04.26 19:01:49 | 000,010,274 | -H-- | C] () -- C:\Users\Claudia\AppData\Roaming\SmarThruOptions.xml
[2009.04.26 19:01:38 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2009.04.26 19:01:32 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009.04.26 19:01:26 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009.04.26 19:01:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009.04.26 18:59:53 | 000,466,944 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.04.26 18:56:31 | 000,022,723 | ---- | C] () -- C:\Windows\System32\suge1l3.dll
[2009.04.26 18:52:14 | 000,086,016 | R--- | C] () -- C:\Windows\WiaInst.exe
[2009.04.26 18:51:52 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2009.04.26 18:51:52 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2009.04.26 18:51:52 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2009.04.26 18:51:52 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2009.04.25 19:49:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.15 10:52:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.12.15 10:40:33 | 000,753,456 | ---- | C] () -- C:\Windows\System32\drivers\BisonCam.sys
[2008.12.15 10:40:33 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2008.12.15 10:35:56 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.12.15 10:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.12.15 10:35:55 | 000,158,081 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.12.15 10:09:58 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.02.29 13:13:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 08:15:58 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,131,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,298,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.05.13 10:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\System32\xvid.dll
========== LOP Check ==========
[2012.01.01 12:24:31 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\Amazon
[2011.11.20 21:56:45 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\elsterformular
[2010.05.19 17:05:41 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\FreeAudioPack
[2010.05.19 17:09:08 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\FreeCDRipper
[2010.05.21 18:55:38 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\FreeMoviesToDVD
[2010.05.19 17:10:28 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\FreeVideoConverter
[2010.10.13 10:35:24 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\GetRightToGo
[2009.05.29 14:46:12 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\GlobalSCAPE
[2010.05.19 22:03:36 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\LimeWire
[2009.10.15 11:24:55 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\ProtectDisc
[2011.08.11 19:08:44 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\Samsung
[2009.04.26 19:01:49 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\SmarThru4
[2010.05.20 10:47:03 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\Video DVD Maker FREE
[2010.12.08 21:47:37 | 000,000,000 | -H-D | M] -- C:\Users\Claudia\AppData\Roaming\Windows Live Writer
[2012.01.09 21:05:43 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.01.28 17:03:34 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009.04.24 12:32:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.08.16 13:38:07 | 000,000,000 | -H-D | M] -- C:\Alice
[2010.12.08 19:00:25 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.04.24 12:27:14 | 000,000,000 | -H-D | M] -- C:\BSI
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.24 12:22:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.12.15 10:41:02 | 000,000,000 | RH-D | M] -- C:\DRIVER
[2009.04.24 12:27:39 | 000,000,000 | -H-D | M] -- C:\ebay
[2009.04.24 12:28:33 | 000,000,000 | -H-D | M] -- C:\Google
[2010.07.14 16:58:04 | 000,000,000 | RH-D | M] -- C:\MANUAL
[2008.12.15 10:45:48 | 000,000,000 | -H-D | M] -- C:\Nero
[2009.04.24 12:29:28 | 000,000,000 | -H-D | M] -- C:\NVC
[2009.04.24 12:29:33 | 000,000,000 | -H-D | M] -- C:\Off2007HStTrial
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.24 19:20:49 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.28 13:39:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.04.24 12:22:42 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.04.30 21:33:04 | 000,000,000 | -H-D | M] -- C:\Programs
[2008.12.15 10:39:45 | 000,000,000 | -H-D | M] -- C:\RaidTool
[2012.01.27 17:16:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.11 21:37:56 | 000,000,000 | -H-D | M] -- C:\temp
[2009.04.24 12:30:55 | 000,000,000 | R--D | M] -- C:\Users
[2010.05.20 10:47:03 | 000,000,000 | -H-D | M] -- C:\videodvdmaker
[2012.01.28 16:43:28 | 000,000,000 | ---D | M] -- C:\Windows
[2008.12.15 10:49:52 | 000,000,000 | -H-D | M] -- C:\Works
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: AHCIX86S.SYS >
[2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_c617648e\ahcix86s.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTOR.SYS >
[2007.04.25 11:17:36 | 000,277,784 | -H-- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\DRIVER\SATA\INTEL\iaStor.sys
[2007.04.25 11:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\drivers\iaStor.sys
[2007.04.25 11:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.12.15 19:05:15 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.12.15 19:05:07 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.12.15 19:05:15 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.12.15 19:05:23 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.12.15 19:05:25 | 006,770,688 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012.01.24 19:20:29 | 000,060,304 | -H-- | M] () -- C:\Users\Claudia\g2mdlhlpx.exe
[2009.12.23 15:18:01 | 000,125,091 | -H-- | M] () -- C:\Users\Claudia\ged_strickkleid.pdf
[2012.01.28 17:17:31 | 008,388,608 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat
[2012.01.28 17:17:31 | 000,262,144 | -H-- | M] () -- C:\Users\Claudia\ntuser.dat.LOG1
[2009.04.24 12:31:18 | 000,000,000 | -H-- | M] () -- C:\Users\Claudia\ntuser.dat.LOG2
[2012.01.28 17:01:59 | 000,065,536 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.12.08 20:56:39 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.01.28 17:01:59 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.04.24 12:31:18 | 000,000,020 | -HS- | M] () -- C:\Users\Claudia\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< >
< End of report >
--- --- ---
[\code]
und hier die extra.txt:
OTL Logfile: Code:
OTL Extras logfile created on: 28.01.2012 17:17:28 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Claudia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 80,51% Memory free
6,19 Gb Paging File | 5,80 Gb Available in Paging File | 93,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,00 Gb Total Space | 31,13 Gb Free Space | 40,96% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 228,14 Gb Free Space | 97,96% Space Free | Partition Type: NTFS
Drive E: | 148,09 Gb Total Space | 143,23 Gb Free Space | 96,72% Space Free | Partition Type: NTFS
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0983C76F-675B-4281-9447-B81FF8255AE6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{09FAF700-68CB-4A2A-AF2D-9DA68B8876A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0BCCEDD1-281F-4F6B-B8A8-F2BE9A282AA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6B567A-5791-4276-B04A-41ED2DA07407}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3A49E268-63CD-44DA-A652-DFC98598188C}" = lport=139 | protocol=6 | dir=in | app=system |
"{48B0833E-ACFD-47E0-BEBC-5F1894389C26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5902288B-DCA8-4C19-B504-019E675C9529}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5DC8D9AE-3C48-4426-B353-A17A595803CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{70788439-6104-4D35-9299-5E8C96B99E8D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{783E7B09-116E-414C-82A5-BAF141832A8C}" = lport=137 | protocol=17 | dir=in | app=system |
"{8ADEBFC2-E2A1-46B4-9D0F-151FF09605D7}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E15DD3B-FE14-4A77-B045-980E911741E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8F68980D-14BF-4A60-8080-253882CF94E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{93AF87D1-B09D-49A1-91DA-63B2EFA3C4DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0ED257E-F168-423F-8EA4-B7EC57694F09}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3487FF0-143C-47FD-B792-6E3A96AE78E7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D4ED2272-5017-4CEC-B4AC-B3D8FB7A017F}" = rport=445 | protocol=6 | dir=out | app=system |
"{E393A0E1-8374-400A-8952-9C97A1399788}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB7A3EAE-2E57-42BB-8B98-626E6B9EC7D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{FBE7904B-CC66-4E74-9126-F93FF5B69702}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00204E84-4675-4FB8-89D7-A2ED9277AD3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{059C98AA-24C2-4067-AA21-955DC5A9690B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{07B4BD2D-3BFF-4F39-99CE-D9117E39B6C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0DD4E550-361C-43DC-9446-38C7996F0C8C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1AB71FF0-C2D7-4473-BF3B-675BD41F6923}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{2F4B4443-1559-4625-AF60-FC4117E5344F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3298001A-BB75-4E91-B0F4-E63DCDE85A8F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{3A0CC655-3515-4EAA-B6FA-8208AC653385}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{4A0FD564-390F-492D-9A21-D577CDD15A55}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4CAFC8EA-ED88-4455-B7A0-118B58F922A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F220314-FE8E-4E73-8A3B-B649C7188BEC}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7865C1FA-564D-4860-B664-CFE00682489A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{838D3B19-80D6-4651-83BC-1A321CC95059}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{8A8CF951-1A59-49C3-B361-F7BED480BCEB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AAED0365-D7B0-4D33-B355-A7D2B6CCF7F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B841DEE0-79AB-4BA8-A092-E9783BEB3784}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB3370CB-C364-4A43-A867-F642BC3DF501}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E888B80B-86DA-4A4F-AE90-38E912E3858A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E926C8DE-AC5F-466D-8F3C-AD22DA8A1C95}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8210D85-3084-48A6-A07E-F383BB26C323}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3E85135B-0447-4965-94FA-E33756508E0C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{59792D25-6D19-450A-8D66-F3A955FDB52D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{835138CB-0572-48D3-AA3D-49371E18586E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E7FD75DD-C2DC-493A-A166-FD4F9429D914}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{F3CD37AC-5D0F-4ED9-99B2-A2C47636A253}C:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe" = protocol=6 | dir=in | app=c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe |
"UDP Query User{99D92924-0081-42DA-A90B-4C139C58F23D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{AD71F9F2-048B-4201-91E9-B4CC3237EE38}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B860ABC5-6AE3-41C4-A567-D6C358DADBB4}C:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe" = protocol=17 | dir=in | app=c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe |
"UDP Query User{E347B844-74DB-42F6-B11D-D2ADAD0A8EFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FE893E61-AAF3-4C54-9C35-9AD9B295E23E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05742219-6EDB-229B-925C-45434EB327B8}" = Catalyst Control Center Localization Japanese
"{07BA8628-85A9-9A2C-2B3A-60682FD7F663}" = Catalyst Control Center Localization German
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.28.0.72
"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{245109BB-1FF9-DEB6-4A6E-FEF022A098EC}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2FE63165-6D35-0F90-1147-7FF4BEFA373A}" = CCC Help Portuguese
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35EBAC05-5A13-085B-86F9-7AEA83576999}" = Catalyst Control Center Localization Spanish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4864C602-6ED6-8BB6-A423-6037A1D5CAB3}" = Catalyst Control Center Localization Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4BE0F5DC-1936-4774-DCAE-23A092D2DBED}" = CCC Help Italian
"{50EC1829-2F5B-68D3-EA04-159F4EFE2B71}" = CCC Help Dutch
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579784C5-0C5C-39A7-C577-8F2D5CEE97E8}" = Skins
"{579DCEAB-A977-7B56-6701-82766CDADEFB}" = Catalyst Control Center Graphics Full New
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687D4584-110B-4B35-BF4F-2A3D503E4A0A}" = mediscript Hammerexamen
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69ECC898-2C9B-3138-6496-ADF8A0A17D04}" = Catalyst Control Center Graphics Previews Vista
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C6A0CAE-731C-495D-DCA1-002F3FF38C23}" = CCC Help Spanish
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B127C2C-7C85-E0D7-F8E4-1611B79356A0}" = ATI Catalyst Install Manager
"{7D6137CE-AA7F-3097-F043-A0FA6569A679}" = Catalyst Control Center Localization Chinese Traditional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86250F83-AF3E-0A78-3240-BEBEFBE0F14C}" = Catalyst Control Center Localization Korean
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E014610-ED01-5E15-8114-4581F46395A9}" = Catalyst Control Center Graphics Light
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F97A88E-7135-A629-A838-4EF3E8F94F60}" = CCC Help English
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96424CA6-13E3-4518-98AA-7CEC0BE0D439}" = mediscript Hammerexamen
"{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials
"{973E7604-4861-3C13-4D93-8B2182C6A964}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B050CDA-7803-7989-905D-BCB7CDFC523C}" = CCC Help Swedish
"{9B49DB13-5F0F-2A7E-C0EC-16F1B432DCC6}" = Catalyst Control Center Graphics Full Existing
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E34E568-EE5B-8A11-CE05-446A0B404886}" = Catalyst Control Center Localization Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AD1F90F1-98FD-5AD5-9075-A474154B970B}" = ccc-utility
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B7515BC5-D109-006A-BC58-C8D58C4F49B7}" = CCC Help Korean
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{C07A4CD1-DB39-C7FB-ADD4-EDE9864C4B78}" = Catalyst Control Center Core Implementation
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
"{CB01ED55-1879-6D0D-7A02-E39B3CAEFF8D}" = CCC Help French
"{CB7A367B-8CDD-A2AA-E806-79D1DE611159}" = CCC Help Chinese Standard
"{CC795547-983F-D95B-5BB0-3BA544EBD97C}" = Catalyst Control Center Localization French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5E08D30-3AEE-822C-A4F9-1255E61DDB97}" = CCC Help Chinese Traditional
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC9A378D-FA0F-140F-8FD8-C8D2951DED04}" = ccc-core-static
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B4DFB8-3D06-9767-0F3C-4F3023662752}" = Catalyst Control Center Localization Italian
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E441D229-FBD9-6632-579F-EB618D4F9ED6}" = Catalyst Control Center Localization Swedish
"{E53270E8-C27B-2C21-3819-C0FA52EFDA87}" = Catalyst Control Center Localization Dutch
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Apache Tomcat 7.0" = Apache Tomcat 7.0 (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVD-lab PRO 2.5_is1" = DVD-lab PRO 2.5
"ElsterFormular 11.4.0.4316" = ElsterFormular
"ElsterFormular 12.2.1.6570k" = ElsterFormular
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"ifolor-OrderClient21" = ifolor Designer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional
"LimeWire" = LimeWire 5.5.8
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OpenVPN" = OpenVPN 2.2.0
"PartyPoker" = PartyPoker
"PokerStars.net" = PokerStars.net
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"SMSERIAL" = Motorola SM56 Data Fax Modem
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.01.2011 10:14:47 | Computer Name = Claudia-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.01.2011 18:51:40 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 06.01.2011 18:52:59 | Computer Name = Claudia-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2011 05:32:22 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 07.01.2011 05:33:30 | Computer Name = Claudia-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2011 07:41:03 | Computer Name = Claudia-PC | Source = EventSystem | ID = 4621
Description =
Error - 07.01.2011 17:25:23 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 07.01.2011 17:26:27 | Computer Name = Claudia-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.01.2011 04:50:53 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 08.01.2011 04:51:20 | Computer Name = Claudia-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.06.2009 13:33:43 | Computer Name = Claudia-PC | Source = DCOM | ID = 10010
Description =
Error - 19.06.2009 17:00:11 | Computer Name = Claudia-PC | Source = HTTP | ID = 15016
Description =
Error - 19.06.2009 17:01:47 | Computer Name = Claudia-PC | Source = DCOM | ID = 10010
Description =
Error - 19.06.2009 17:01:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.06.2009 17:01:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.06.2009 17:01:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.06.2009 02:53:59 | Computer Name = Claudia-PC | Source = HTTP | ID = 15016
Description =
Error - 20.06.2009 02:55:37 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.06.2009 02:55:37 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.06.2009 02:55:37 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
--- --- ---
[\code]
nochmal tausend dank für die hilfe!!! :) |
