Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Security Center Meldung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.02.2012, 19:48   #1
joback
 
Windows Security Center Meldung - Standard

Windows Security Center Meldung



Windows Security Center will 100€ über UKash

OTL.TXT

OTL logfile created on: 05.02.2012 19:36:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,97% Memory free
3,85 Gb Paging File | 3,65 Gb Available in Paging File | 94,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 171,87 Gb Total Space | 84,54 Gb Free Space | 49,19% Space Free | Partition Type: NTFS
Drive D: | 293,88 Gb Total Space | 69,53 Gb Free Space | 23,66% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 231,44 Gb Free Space | 99,38% Space Free | Partition Type: NTFS
Drive S: | 1,87 Gb Total Space | 1,86 Gb Free Space | 99,46% Space Free | Partition Type: FAT

Computer Name: JOBA-10CA586C70 | User Name: joba | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.05 19:35:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012.02.04 11:57:45 | 000,044,032 | ---- | M] (mozilla.org) -- C:\Programme\SeaMonkey\seamonkey.exe
PRC - [2012.02.04 11:57:45 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Programme\SeaMonkey\plugin-container.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.02.04 11:57:46 | 001,904,640 | ---- | M] () -- C:\Programme\SeaMonkey\mozjs.dll
MOD - [2012.02.04 11:57:46 | 000,155,648 | ---- | M] () -- C:\Programme\SeaMonkey\nsldap32v60.dll
MOD - [2012.02.04 11:57:46 | 000,014,848 | ---- | M] () -- C:\Programme\SeaMonkey\nsldappr32v60.dll
MOD - [2011.11.06 14:14:18 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Stopped] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.25 15:16:34 | 000,071,024 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService)
SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.08.09 03:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\WINDOWS\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2009.10.15 09:56:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.11 09:57:58 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.10.11 09:57:55 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.09.29 17:18:41 | 000,809,736 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2008.11.12 15:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.22 11:13:26 | 000,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.06.16 08:30:42 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Stopped] -- C:\Programme\Silvercrest MTS2118 driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.03.30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011.12.09 07:38:03 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.08.13 03:48:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.06.13 10:09:44 | 000,017,280 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2006.08.01 12:07:02 | 004,356,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.07.11 14:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.07.11 14:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.04.06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2005.07.27 13:42:30 | 000,011,841 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2005.07.27 13:42:28 | 000,296,515 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2005.07.27 13:42:18 | 000,133,696 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2005.07.27 13:42:16 | 000,011,970 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2002.10.15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com?a=ThzlWTXdTF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 EC 31 6F 36 C8 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.14 17:31:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.06 09:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2011.03.06 09:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Programme\mozilla.org\SeaMonkey\Components [2011.03.08 16:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Programme\mozilla.org\SeaMonkey\Plugins [2011.03.06 09:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7\extensions\\Components: C:\Programme\SeaMonkey\components [2012.02.04 11:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7\extensions\\Plugins: C:\Programme\SeaMonkey\plugins [2011.10.29 10:35:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Programme\mozilla.org\SeaMonkey\Components [2011.03.08 16:22:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Programme\mozilla.org\SeaMonkey\Plugins [2011.03.06 09:55:15 | 000,000,000 | ---D | M]

[2011.02.18 09:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Extensions
[2010.03.19 08:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2009.11.14 18:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2011.02.18 09:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de
[2011.02.24 14:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Firefox\Profiles\55sv3g5s.default\extensions
[2010.07.09 08:07:46 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Firefox\Profiles\55sv3g5s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.02.03 08:42:19 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Firefox\Profiles\55sv3g5s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.02.24 14:08:04 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Toolbar) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Firefox\Profiles\55sv3g5s.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011.02.03 08:42:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Firefox\Profiles\55sv3g5s.default\extensions\engine@conduit.com
[2011.02.16 18:19:01 | 000,000,000 | ---D | M] (Facemoods) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Firefox\Profiles\55sv3g5s.default\extensions\ffxtlbr@Facemoods.com
[2010.07.09 08:07:44 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Firefox\Profiles\55sv3g5s.default\extensions\finder@meingutscheincode.de
[2011.12.23 08:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\SeaMonkey\Profiles\x7urgbrs.default\extensions
[2011.12.23 08:16:56 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\SeaMonkey\Profiles\x7urgbrs.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.12.12 18:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Mozilla\Sunbird\Profiles\xd0f6087.default\extensions
[2010.12.27 12:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.27 12:44:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2010.12.27 12:44:09 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.16 19:18:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.10.16 19:18:02 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.28 12:41:18 | 000,002,046 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.02.16 18:19:01 | 000,002,046 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2009.10.16 19:18:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.10.16 19:18:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.10.16 19:18:02 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.10.15 11:05:48 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Programme\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Programme\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [vasja] C:\Dokumente und Einstellungen\joba\Lokale Einstellungen\Temp\0.7449650510196619.exe (Orb Networks)
O4 - Startup: C:\Dokumente und Einstellungen\joba\Startmenü\Programme\Autostart\Spamihilator.lnk = C:\Programme\Spamihilator\spamihilator.exe (Michel Krämer)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AB9038C-6A33-4C68-AD05-24E9FC19E63B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\fcccdCSK: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.10 09:56:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{21eb10da-4017-11e0-b390-00196649d9b7}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{f4454252-caea-11de-b19d-00196649d9b7}\Shell - "" = AutoRun
O33 - MountPoints2\{f4454252-caea-11de-b19d-00196649d9b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4454252-caea-11de-b19d-00196649d9b7}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: scsmgr - (C:\WINDOWS\system32\oskexec.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.05 19:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.01.07 11:28:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joba\Eigene Dateien\Steuer
[2012.01.07 10:57:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joba\Anwendungsdaten\Buhl Data Service
[2012.01.07 10:57:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joba\Lokale Einstellungen\Anwendungsdaten\Buhl Data Service
[2012.01.07 10:54:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joba\Lokale Einstellungen\Anwendungsdaten\Buhl
[2012.01.07 10:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Visagesoft
[2012.01.07 10:47:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AIM
[2012.01.07 10:47:04 | 001,046,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJET35.DLL
[2012.01.07 10:47:04 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSREPL35.DLL
[2012.01.07 10:47:04 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAR332.DLL
[2012.01.07 10:47:04 | 000,330,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSEXCH35.DLL
[2012.01.07 10:47:04 | 000,287,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXBSE35.DLL
[2012.01.07 10:47:04 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRD2X35.DLL
[2012.01.07 10:47:04 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPDOX35.DLL
[2012.01.07 10:47:04 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSEXCL35.DLL
[2012.01.07 10:47:04 | 000,166,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSLTUS35.DLL
[2012.01.07 10:47:04 | 000,165,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSTEXT35.DLL
[2012.01.07 10:47:04 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJINT35.DLL
[2012.01.07 10:47:04 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJTER35.DLL
[2012.01.07 10:46:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Konz Steuertricks
[2012.01.07 10:46:37 | 000,000,000 | ---D | C] -- C:\Programme\USM
[2012.01.07 10:46:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer 2011
[2012.01.07 10:44:09 | 000,000,000 | ---D | C] -- C:\Programme\Steuer 2011
[2012.01.07 10:43:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\joba\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\joba\Eigene Dateien\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.05 19:19:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.05 19:01:59 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.02.05 19:01:57 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.05 19:01:57 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.02.05 16:54:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.05 13:17:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.02.05 10:25:08 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012.02.05 08:48:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.04 14:22:59 | 000,271,360 | ---- | M] () -- C:\Dokumente und Einstellungen\joba\Eigene Dateien\Outlook1 Sicherung.pst
[2012.01.07 13:10:02 | 000,000,457 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2012.01.07 10:47:25 | 000,001,546 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2011.lnk
[2012.01.07 10:46:42 | 000,001,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2012.01.07 10:36:34 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2010.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\joba\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\joba\Eigene Dateien\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.07 10:54:26 | 000,000,457 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.01.07 10:47:05 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\jetodbc.rsp
[2012.01.07 10:46:42 | 000,001,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2012.01.07 10:46:03 | 000,001,546 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2011.lnk
[2011.12.17 16:11:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\joba\Lokale Einstellungen\Anwendungsdaten\{73C37DEC-8025-43B5-99B5-88D99BE50382}
[2011.02.14 18:11:20 | 006,218,645 | ---- | C] () -- C:\Programme\josm-tested.jar
[2011.01.28 16:51:46 | 000,259,888 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe
[2011.01.28 16:51:45 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll
[2011.01.28 16:51:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll
[2011.01.28 16:51:44 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe
[2010.11.27 13:04:59 | 000,002,344 | ---- | C] () -- C:\WINDOWS\musi.ini
[2010.09.09 07:55:07 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2009.11.14 17:31:25 | 000,000,087 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2009.11.14 17:31:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\mplaw7.dll
[2009.11.14 17:31:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplam6.dll
[2009.11.14 17:31:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\mplaa6.dll
[2009.11.14 17:31:18 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.11.14 16:59:22 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\joba\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.14 16:35:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009.11.06 16:42:26 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2009.10.26 15:50:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009.10.20 18:36:55 | 000,105,456 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.10.11 04:09:16 | 000,220,944 | ---- | C] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2009.10.11 04:09:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2009.10.10 21:13:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.10 20:19:40 | 000,000,399 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2009.10.10 20:19:34 | 000,028,853 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.10.10 20:19:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2009.10.10 20:19:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2009.10.10 20:18:13 | 000,001,962 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009.10.10 11:27:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.10.10 11:27:28 | 000,007,640 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009.10.10 11:01:52 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.10 10:47:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.10.10 10:44:27 | 002,192,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.10 10:24:34 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.10.10 10:24:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.10.10 10:23:25 | 000,000,223 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009.10.10 10:23:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009.10.10 10:23:25 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2009.10.10 10:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009.10.10 10:22:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009.10.10 10:21:58 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009.10.10 10:19:21 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009.10.10 10:17:28 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2009.10.10 10:17:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009.10.10 10:08:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.10.10 10:08:08 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2009.10.10 09:58:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.10.10 09:53:36 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007.11.15 20:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 20:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 20:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2006.10.31 07:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.31 07:35:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006.10.31 07:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.31 07:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006.10.31 07:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.31 07:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.31 07:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.31 07:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006.10.31 07:35:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006.10.31 07:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.31 07:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004.08.05 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.05 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.05 13:00:00 | 000,638,700 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.05 13:00:00 | 000,581,192 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.05 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.05 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.05 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.05 13:00:00 | 000,136,066 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.05 13:00:00 | 000,106,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.05 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.05 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.05 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.05 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.05 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.05 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.05 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.12.15 19:12:48 | 000,128,000 | ---- | C] () -- C:\WINDOWS\System32\3DViewer.dll
[2002.03.04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5F64C164

< End of report >

OTL Extras logfile created on: 05.02.2012 19:36:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,97% Memory free
3,85 Gb Paging File | 3,65 Gb Available in Paging File | 94,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 171,87 Gb Total Space | 84,54 Gb Free Space | 49,19% Space Free | Partition Type: NTFS
Drive D: | 293,88 Gb Total Space | 69,53 Gb Free Space | 23,66% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 231,44 Gb Free Space | 99,38% Space Free | Partition Type: NTFS
Drive S: | 1,87 Gb Total Space | 1,86 Gb Free Space | 99,46% Space Free | Partition Type: FAT

Computer Name: JOBA-10CA586C70 | User Name: joba | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = MozillaHTML] -- C:\Programme\mozilla.org\SeaMonkey\seamonkey.exe (mozilla.org)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SeaMonkeyHTML] -- C:\Programme\SeaMonkey\seamonkey.exe (mozilla.org)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
https [open] -- C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [IdoswinFree] -- C:\Programme\Idoswin Free\idoswin32.exe %1 (Ingo Eckel)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\IncrediMail\Bin\IncMail.exe" = C:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\Bin\ImApp.exe" = C:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\Bin\ImpCnt.exe" = C:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\WINDOWS\system32\SUPDSvc.exe" = C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\TrackMaker\trackmaker.exe" = C:\Programme\TrackMaker\trackmaker.exe:*:Enabled:GPS TrackMaker -- (Geo Studio Technology)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe" = C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 7.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\StarMoney 7.0\app\StarMoney.exe" = C:\Programme\StarMoney 7.0\app\StarMoney.exe:*:Enabled:StarMoney 7.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\Spamihilator\spamihilator.exe" = C:\Programme\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator -- (Michel Krämer)
"C:\Programme\Spamihilator\cdcc.exe" = C:\Programme\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC-Filter-Konfiguration -- ()
"C:\Programme\Spamihilator\dccproc.exe" = C:\Programme\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC-Filter -- ()
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0236FF14-34AF-4D37-BA6C-17567B7A8685}_is1" = MapTk (MapToolKit)
"{0435DCA4-2633-4290-BB5C-58A52F2B77A3}" = MagicMaps Tour Explorer 25 Deutschland 5 Demo
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CA1C412-6716-40E8-B033-006002E7F7EC}" = MagicMaps Support und Update Tool
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1873789F-59D5-4002-8A2F-60A827B78F98}_is1" = GmapTool 0.5.8
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FFD53AD-48A4-4362-B1C0-247F6F0255D1}" = Spamihilator 1.0.0 (32-Bit)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2F2B569E-2024-48B8-867B-DB1BF2338F38}" = Silvercrest MTS2118 driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C663364-5D70-4475-8E66-54231ED358C0}" = StarMoney 7.0
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B07D11E-D5C6-4564-A008-2E3953248C3E}" = MagicMaps Tour Explorer 25 Deutschland
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F7328C-6687-4AC9-9F68-2E28D8273033}_is1" = Südtirol (Topo)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D43BC5B-DA2E-49AD-937E-1B48E1A882AB}" = Merkaartor for Windows 0.14
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E69F8A-BCBB-4A0A-9361-32225755D8C3}" = Garmin BaseCamp
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{763231D7-2E4E-44D6-8FC2-6A0C7EDCE3B6}" = DDBAC
"{7D7C9A8A-F3B4-42A2-9AD2-5B0CA013267C}" = Lexware online banking
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6E71574-2126-4E95-816E-32B2411C94BA}" = Ulead MediaStudio Pro 8.0
"{A6EB7944-7C6A-4AFD-9539-19B88CBC409D}" = StarMoney
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner
"{C87150E5-A91F-47F5-B086-A8318CC57443}" = MagicMaps Tour Explorer 25 Deutschland
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D181A318-28DF-4B83-8F13-24C2D0BDA12D}" = Garmin POI Loader
"{D6B9DEB9-C366-4E4E-A1CC-C7C64804F2AE}" = MagicMaps Hessen Rheinland-Pfalz Saarland 4.0
"{DDDAEC3A-8419-46D4-9BD1-59E016C5C573}" = StarMoney
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E374DB02-F12D-4733-B5ED-F8FC86ED23CC}" = GPS TrackMaker
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Premium
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"cGPSmapper Free_is1" = cGPSmapper Free 0100d
"conduitEngine" = Conduit Engine
"CSCLIB" = Canon Camera Support Core Library
"DVBViewer Pro_is1" = DVBViewer Pro
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXCEL" = Microsoft Office Excel 2007
"ezMS_is1" = ezMS v1.03
"facemoods" = Facemoods Toolbar
"GeoSetter_is1" = GeoSetter 3.4.16
"germany2_is1" = OSM Topo Deutschland 2.0.1.10
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Idoswin Free_is1" = Idoswin Free 3.6
"ie8" = Windows Internet Explorer 8
"Img2gps_is1" = Img2gps v2.81
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"Inkscape" = Inkscape 0.47
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{2F2B569E-2024-48B8-867B-DB1BF2338F38}" = Silvercrest MTS2118 driver
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"IrfanView" = IrfanView (remove only)
"ITopo100_is1" = Italy Topo 100 v2.10
"ITopo20_is1" = Italy Topo 20 v1.0
"JDownloader" = JDownloader
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MSNINST" = MSN
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.2e
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"PhotoStitch" = Canon Utilities PhotoStitch
"PUBLISHER" = Microsoft Office Publisher 2007
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SeaMonkey (1.1.18)" = SeaMonkey (1.1.18)
"SeaMonkey (2.7)" = SeaMonkey (2.7)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TomTom HOME" = TomTom HOME 2.7.6.2056
"UltraISO_is1" = UltraISO Premium V9.51
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGDB3" = WinGDB3 3.61
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"WORD" = Microsoft Office Word 2007
"Wubi" = Ubuntu
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07.01.2012 06:08:30 | Computer Name = JOBA-10CA586C70 | Source = Haufe iDesk-Service | ID = 61440
Description =

Error - 27.01.2012 12:52:16 | Computer Name = JOBA-10CA586C70 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\JOBA\RECENT\KÖNIGS UND KAISERPINGUINE
SIND DIE BEKANNTESTEN.DOCX.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:
Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät
funktioniert nicht. (0x8007001f)

Error - 28.01.2012 04:54:36 | Computer Name = JOBA-10CA586C70 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\JOBA\RECENT\PINGUIN.DOCX.LNK>
in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


Error - 29.01.2012 10:07:16 | Computer Name = JOBA-10CA586C70 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\JOBA\RECENT\PINGUIN.DOCX.LNK>
in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


[ OSession Events ]
Error - 17.12.2009 09:43:07 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.12.2009 12:16:34 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.12.2009 12:16:49 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.12.2009 12:20:48 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.12.2009 12:50:50 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.12.2009 12:52:05 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.12.2009 12:52:28 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.12.2009 12:57:55 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09.04.2010 02:55:06 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5775
seconds with 2700 seconds of active time. This session ended with a crash.

Error - 29.10.2011 04:48:02 | Computer Name = JOBA-10CA586C70 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 242
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05.02.2012 13:47:04 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.02.2012 13:47:27 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 05.02.2012 13:51:24 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.02.2012 13:51:39 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 05.02.2012 13:55:05 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.02.2012 13:55:22 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 05.02.2012 13:56:56 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.02.2012 13:57:17 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 05.02.2012 14:19:44 | Computer Name = JOBA-10CA586C70 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05.02.2012 14:20:50 | Computer Name = JOBA-10CA586C70 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr Fips Processor ssmdrv

[ TuneUp Events ]
Error - 28.12.2011 05:12:13 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:13', 0, Resumed FROM ActiveApps WHERE ProcID=='508';DELETE
FROM ActiveApps WHERE ProcID=='508';

Error - 28.12.2011 05:12:13 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:13', 0, Resumed FROM ActiveApps WHERE ProcID=='536';DELETE
FROM ActiveApps WHERE ProcID=='536';

Error - 28.12.2011 05:12:13 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:13', 0, Resumed FROM ActiveApps WHERE ProcID=='560';DELETE
FROM ActiveApps WHERE ProcID=='560';

Error - 28.12.2011 05:12:13 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:13', 0, Resumed FROM ActiveApps WHERE ProcID=='572';DELETE
FROM ActiveApps WHERE ProcID=='572';

Error - 28.12.2011 05:12:13 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:13', 0, Resumed FROM ActiveApps WHERE ProcID=='648';DELETE
FROM ActiveApps WHERE ProcID=='648';

Error - 28.12.2011 05:12:18 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:18', 0, Resumed FROM ActiveApps WHERE ProcID=='2028';DELETE
FROM ActiveApps WHERE ProcID=='2028';

Error - 28.12.2011 05:12:18 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:18', 0, Resumed FROM ActiveApps WHERE ProcID=='592';DELETE
FROM ActiveApps WHERE ProcID=='592';

Error - 28.12.2011 05:12:18 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:18', 0, Resumed FROM ActiveApps WHERE ProcID=='1220';DELETE
FROM ActiveApps WHERE ProcID=='1220';

Error - 28.12.2011 05:12:18 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:18', 0, Resumed FROM ActiveApps WHERE ProcID=='3616';DELETE
FROM ActiveApps WHERE ProcID=='3616';

Error - 28.12.2011 05:12:18 | Computer Name = JOBA-10CA586C70 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2011-12-28 10:12:18', 0, Resumed FROM ActiveApps WHERE ProcID=='3696';DELETE
FROM ActiveApps WHERE ProcID=='3696';


< End of report >

Alt 05.02.2012, 20:26   #2
markusg
/// Malware-holic
 
Windows Security Center Meldung - Standard

Windows Security Center Meldung



hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [vasja] C:\Dokumente und Einstellungen\joba\Lokale Einstellungen\Temp\0.7449650510196619.exe (Orb Networks)
 :Files
C:\Dokumente und Einstellungen\joba\Lokale Einstellungen\Temp\0.7449650510196619.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Antwort

Themen zu Windows Security Center Meldung
.com, 0x00000001, 7-zip, alternate, antivir, avira, bho, canon, conduit, converter, desktop, entfernen, error, excel, file is encrypted, firefox, flash player, fontcache, format, google earth, home, homepage, hängen, jdownloader, langs, logfile, microsoft office word, object, plug-in, realtek, registry, rundll, scan, security, software, starmoney, studio, udp, video converter, visual studio, windows, windows internet, winload toolbar




Ähnliche Themen: Windows Security Center Meldung


  1. Windows Security Center..
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (3)
  2. Windows Security Center (100€ Zahlung)
    Log-Analyse und Auswertung - 22.03.2012 (30)
  3. 100€ Windows Security Center
    Log-Analyse und Auswertung - 17.03.2012 (1)
  4. Windows Security Center - Pc gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (12)
  5. Windows Security Center / Achtung...
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (3)
  6. Windows security center virus
    Log-Analyse und Auswertung - 14.03.2012 (15)
  7. windows security center virus
    Log-Analyse und Auswertung - 14.03.2012 (1)
  8. Windows Security Center Bezahlaufforderung von 100 €
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  9. Windows security center meldung verlang 100 euro innerhalt von 24 stunden
    Plagegeister aller Art und deren Bekämpfung - 11.02.2012 (18)
  10. Windows security center meldung verlangt 100 euro innerhalb von 24 h ...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (1)
  11. Meldung "Security Center !Achtung! Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 06.02.2012 (3)
  12. Windows security center meldung verlang 100 euro innerhalt von 24 stunden
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (1)
  13. Windows Security Center will 100€, Virus?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (39)
  14. windows 7, weißer Bildschirm, Meldung: windows security center, Achtung! Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 06.02.2012 (11)
  15. Windows 7: Security Center Alert!
    Log-Analyse und Auswertung - 18.05.2011 (10)
  16. Windows Security Center
    Plagegeister aller Art und deren Bekämpfung - 22.06.2009 (2)
  17. Windows Security Center
    Plagegeister aller Art und deren Bekämpfung - 13.06.2008 (1)

Zum Thema Windows Security Center Meldung - Windows Security Center will 100€ über UKash OTL.TXT OTL logfile created on: 05.02.2012 19:36:15 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\ Windows XP Professional Edition - Windows Security Center Meldung...
Archiv
Du betrachtest: Windows Security Center Meldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.