Und noch hereinkopiert (jetzt erst im OTL-Thread entdeckt)
Extras:
OTL Logfile: Code:
OTL Extras logfile created on: 07.03.2012 19:17:07 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Dokumente und Einstellungen\Praxis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 76,60% Memory free
3,73 Gb Paging File | 3,42 Gb Available in Paging File | 91,75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 59,28 Gb Free Space | 39,77% Space Free | Partition Type: NTFS
Computer Name: ZIMMER1 | User Name: Praxis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CMDHere] -- C:\WINDOWS\system32\cmd.exe /x /k cd "%1" (Microsoft Corporation)
Directory [DosHere] -- C:\WINDOWS\system32\command.com ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"22347:TCP" = 22347:TCP:*:Enabled:WibuKey-Server
"135:TCP" = 135:TCP:LocalSubNet:Enabled:DCOM
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\support\prisma\NOVACOMM.exe" = C:\support\prisma\NOVACOMM.exe:*:Enabled:prisma Kommunikationsdienst -- (Silverstroke AG)
"C:\support\prisma\nmc32.exe" = C:\support\prisma\nmc32.exe:*:Enabled:prisma Kommunikation (native TCP/IP) -- (Silverstroke AG)
"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Programme\KEN!\kentbcli.exe" = C:\Programme\KEN!\kentbcli.exe:LocalSubNet:Enabled:AVM KEN! - kentbcli.exe -- (AVM Berlin)
"C:\TurboMed\Programm\FastObjectsServer.exe" = C:\TurboMed\Programm\FastObjectsServer.exe:*:Enabled:FastObjects Server 10 -- (Versant Corporation)
"C:\Programme\custo med\Exe\CustoMonitor.exe" = C:\Programme\custo med\Exe\CustoMonitor.exe:*:Enabled:custo diagnostic - ECG Networkmonitoring -- (custo med GmbH)
"C:\Programme\MOVIESTAR\MS\MovieStar.exe" = C:\Programme\MOVIESTAR\MS\MovieStar.exe:LocalSubNet:Enabled:MOVIESTAR - Das MEDISTAR Archivierungssystem -- (MEDISTAR Praxiscomputer GmbH)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BDD4025-01EB-4698-9238-9F783C26CFAE}" = ORGA 900 (CD 05.2009)
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7b23a913-7701-48f1-a933-e4e4baa9d916}" = Nero 9 Essentials
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81B92430-F007-4F43-B8A0-B2ACDF2743D0}" = PRCServer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{901B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a487015a-e5b9-4361-9e35-97b6d6a57864}" = Nero 9 Trial
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{B02B2154-7774-4EA3-9311-8F86B5B7F61D}" = telemed.net
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B7DCED43-09DB-4FE7-AD34-959B5BAC8EC0}" = Soda PDF 2012
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7C7C686-8479-4173-9570-F4B350D91B37}" = Motorola Mobile Drivers Installation 4.9.0
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC149E4C-5571-460C-BB65-79F16D742D30}" = RemoteOperations Clients
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCB4B1E9-6EAA-4B02-8765-05DB0AB937B1}" = Impf-doc
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleManager" = AudibleManager
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"AVM KEN!" = AVM KEN!
"CompuGROUP Java_is1" = CompuGROUP Java 1.6.0.11.3
"custo diagnostic" = custo diagnostic 3.8
"custo diagnostic 3.8 SP6" = custo diagnostic 3.8 SP6
"FRITZ! 2.0" = AVM FRITZ!
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoHelper" = MotoHelper 2.0.44 Driver 4.9.0
"MOVClient" = MOVIESTAR Client
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"nova focus NT 4.0" = nova focus NT 4.0
"Online File Transfer" = Online File Transfer
"Picasa 3" = Picasa 3
"prisma" = MEDISTAR Service
"ST6UNST #1" = ICD_Checkliste
"ST6UNST #2" = ICD_Checkliste (C:\Programme\ICD_Checkliste\)
"Suche_Deutschland Toolbar" = Suche Deutschland Toolbar
"TIMELEFT3_is1" = TimeLeft
"TurboMed" = TurboMed
"Videoload Manager" = Videoload Manager 2.0.2200
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.01.2012 16:14:19 | Computer Name = ZIMMER1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung m42t.exe, Version 1.0.3.7, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2012 07:31:23 | Computer Name = ZIMMER1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung m42t.exe, Version 1.0.3.7, fehlgeschlagenes
Modul wkflwapi.dll, Version 2.0.0.1979, Fehleradresse 0x00137010.
Error - 13.02.2012 02:32:40 | Computer Name = ZIMMER1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung manager.exe, Version 5.5.0.5, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0186a228.
Error - 13.02.2012 02:32:43 | Computer Name = ZIMMER1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung manager.exe, Version 5.5.0.5, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0186a228.
Error - 15.02.2012 01:54:50 | Computer Name = ZIMMER1 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 05.03.2012 02:15:55 | Computer Name = ZIMMER1 | Source = McLogEvent | ID = 259
Description = Die Datei C:\WINDOWS\system32\10009\components\AcroFF009.dll enthält
den '_' '_'. Entfernung fehlgeschlagen, Zugriff verweigert und Scan fortgesetzt
(OAS). Entdeckt mit dem Scan-Modul der Version 5400.1158 DAT-Version 6639.0000.
Error - 05.03.2012 02:15:58 | Computer Name = ZIMMER1 | Source = McLogEvent | ID = 259
Description = Die Datei C:\WINDOWS\system32\10009\components\AcroFF009.dll enthält
den '_' '_'. Entfernung fehlgeschlagen, Zugriff verweigert und Scan fortgesetzt
(OAS). Entdeckt mit dem Scan-Modul der Version 5400.1158 DAT-Version 6639.0000.
Error - 05.03.2012 02:16:07 | Computer Name = ZIMMER1 | Source = McLogEvent | ID = 259
Description = Die Datei C:\WINDOWS\system32\10009\components\AcroFF009.dll enthält
den Generic PWS.y!dxs Trojanisches Pferd. Unbestimmter Säuberungsfehler, OAS hat
Zugriff verweigert und Scan fortgesetzt. Entdeckt mit dem Scan-Modul der Version
5400.1158 DAT-Version 6639.0000.
Error - 05.03.2012 02:16:19 | Computer Name = ZIMMER1 | Source = McLogEvent | ID = 259
Description = Die Datei C:\WINDOWS\system32\10009\components\AcroFF009.dll enthält
den Generic PWS.y!dxs Trojanisches Pferd. Unbestimmter Säuberungsfehler, OAS hat
Zugriff verweigert und Scan fortgesetzt. Entdeckt mit dem Scan-Modul der Version
5400.1158 DAT-Version 6639.0000.
Error - 05.03.2012 15:09:45 | Computer Name = ZIMMER1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung m42t.exe, Version 1.0.3.7, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 07.03.2012 01:43:29 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "RFClientService" wurde nicht ordnungsgemäß gestartet.
Error - 07.03.2012 01:43:29 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "RRService" wurde nicht ordnungsgemäß gestartet.
Error - 07.03.2012 13:00:27 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "RFClientService" wurde nicht ordnungsgemäß gestartet.
Error - 07.03.2012 13:00:27 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "RRService" wurde nicht ordnungsgemäß gestartet.
Error - 07.03.2012 13:10:12 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "RFClientService" wurde nicht ordnungsgemäß gestartet.
Error - 07.03.2012 13:10:12 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "RRService" wurde nicht ordnungsgemäß gestartet.
Error - 07.03.2012 14:08:35 | Computer Name = ZIMMER1 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 07.03.2012 14:10:00 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst
"McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 07.03.2012 14:10:00 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust
Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error - 07.03.2012 14:10:00 | Computer Name = ZIMMER1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Fips intelppm mfehidk ndFScr
< End of report >
--- --- ---
OTL:
OTL Logfile: Code:
OTL logfile created on: 07.03.2012 19:17:07 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Dokumente und Einstellungen\Praxis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 76,60% Memory free
3,73 Gb Paging File | 3,42 Gb Available in Paging File | 91,75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 59,28 Gb Free Space | 39,77% Space Free | Partition Type: NTFS
Computer Name: ZIMMER1 | User Name: Praxis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Praxis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PRCHotkey.exe ()
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\10012\components\AcroFF012.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll ()
MOD - C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\pdf.dll ()
MOD - C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\avutil-51.dll ()
MOD - C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\avformat-53.dll ()
MOD - C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\avcodec-53.dll ()
MOD - C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\gcswf32.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\PRCHotkey.exe ()
========== Win32 Services (SafeList) ==========
SRV - (Soda PDF 2012 Service) -- C:\Programme\Soda PDF 2012\ConversionService.exe (LULU Software)
SRV - (Soda PDF 2012 Helper Service) -- C:\Programme\Soda PDF 2012\HelperService.exe (LULU Software)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (DeviceMonitorService) -- C:\Programme\Motorola Media Link\NServiceEntry.exe (Nero AG)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (RRService) -- C:\Programme\RemoteOperations\RRService.exe (Silverstroke AG)
SRV - (RFClientService) -- C:\Programme\RemoteOperations\RfClientService.exe (Silverstroke AG)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (nova_focus_Client_NT) -- C:\support\prisma\RVD32.exe (Silverstroke AG)
SRV - (PRCService) -- C:\support\prisma\PRCService.exe (Silverstroke AG)
SRV - (KEN Client Service) -- C:\Programme\KEN!\kencli.exe (AVM Berlin)
SRV - (nova_comm) -- c:\support\prisma\novacomm.exe (Silverstroke AG)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz132) -- File not found
DRV - (Changer) -- File not found
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (Motousbnet) -- C:\WINDOWS\system32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\WINDOWS\system32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (k57w2k) Broadcom NetLink (TM) -- C:\WINDOWS\system32\drivers\k57xp32.sys (Broadcom Corporation)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\WINDOWS\system32\drivers\motfilt.sys (Motorola Inc)
DRV - (RRVideo) -- C:\WINDOWS\system32\drivers\RRVideo.sys (Silverstroke AG)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (PRCVideo) -- C:\WINDOWS\system32\drivers\PRCVideo.sys (Silverstroke AG)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
DRV - (AVMPORT) -- C:\WINDOWS\System32\drivers\avmport.sys (AVM Berlin)
DRV - (ndFScr) -- C:\WINDOWS\System32\drivers\ndFScr.sys (Silverstroke AG)
DRV - (ndc) -- C:\WINDOWS\System32\Drivers\ndc.sys (AVM Berlin)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\prxtbSuc1.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {43D76C54-522A-42E7-826B-ED37A620F741}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{43D76C54-522A-42E7-826B-ED37A620F741}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=ffpro-sfp"
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
FF - prefs.js..browser.search.defaultthis.engineName: "Suche Deutschland Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2303923&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2303923&SearchSource=13"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {937f343c-c9c2-4235-b544-7fc4da2f2594}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2303923&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Programme\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\FFSodaPDFConverter2012@sodapdf.com: C:\Programme\Soda PDF 2012\FFSodaExt2012 [2012.01.05 10:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10012 [2012.03.07 10:25:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.06 15:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.10 09:02:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10012 [2012.03.07 10:25:36 | 000,000,000 | ---D | M]
[2010.01.07 13:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Mozilla\Extensions
[2012.03.07 07:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Mozilla\Firefox\Profiles\9xilul4b.default\extensions
[2012.01.23 07:44:52 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Mozilla\Firefox\Profiles\9xilul4b.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.09.13 05:58:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Mozilla\Firefox\Profiles\9xilul4b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.26 07:08:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Mozilla\Firefox\Profiles\9xilul4b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.07 07:30:49 | 000,000,000 | ---D | M] (Suche Deutschland Community Toolbar) -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Mozilla\Firefox\Profiles\9xilul4b.default\extensions\{937f343c-c9c2-4235-b544-7fc4da2f2594}
[2010.09.06 09:20:10 | 000,000,937 | ---- | M] () -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Mozilla\Firefox\Profiles\9xilul4b.default\searchplugins\conduit.xml
[2011.03.29 09:49:46 | 000,005,212 | ---- | M] () -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Mozilla\Firefox\Profiles\9xilul4b.default\searchplugins\ecosia.xml
[2011.11.11 06:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.24 19:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.03.24 19:58:18 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\PRAXIS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\9XILUL4B.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\PRAXIS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\9XILUL4B.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012.03.07 10:25:36 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\10012
[2012.03.06 15:32:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.14 15:47:45 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 15:47:45 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.14 15:47:45 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 15:47:45 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 15:47:45 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 15:47:45 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Suche Deutschland Toolbar) - {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\prxtbSuc1.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {975670D0-7EFB-4fa8-90FA-3AE575B9FB77} - C:\WINDOWS\system32\AcroIEHelpe083.dll ()
O2 - BHO: (Soda PDF 2012 Helper) - {ebe8b562-cba0-40d8-b920-af7cfe0c9d94} - C:\Programme\Soda PDF 2012\PDFIEHelper.dll (LULU Software)
O3 - HKLM\..\Toolbar: (Suche Deutschland Toolbar) - {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\prxtbSuc1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Soda PDF 2012 Toolbar) - {a8c9d542-fd91-4834-a2e8-adb9ae692b8b} - C:\Programme\Soda PDF 2012\PDFIEPlugin.dll (LULU Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Suche Deutschland Toolbar) - {937F343C-C9C2-4235-B544-7FC4DA2F2594} - C:\Programme\Suche_Deutschland\prxtbSuc1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KEN Taskbar Client] C:\Programme\KEN!\kentbcli.exe (AVM Berlin)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Programme\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [prisma notify] c:\support\prisma\notify.exe (Silverstroke AG)
O4 - HKLM..\Run: [RemoteControl9] c:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SkypeM] C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Elcomsoft Co. Ltd.)
O4 - HKCU..\Run: [StoppUhr] "C:\Programme\StoppUhr\StoppUhr.exe" -hide File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MOVIESTAR Schnittstellenprogramm.lnk = C:\Programme\MOVIESTAR\MS\MovLX.exe (Z1 Software GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PRINTKEY.lnk = C:\WINDOWS\system32\PRINTKEY.EXE (Fred's Software)
O4 - Startup: C:\Dokumente und Einstellungen\Praxis\Startmenü\Programme\Autostart\DDE-Server.lnk = \\medistar\ms$\prg4\dscm.exe (MEDISTAR Praxiscomputer GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\Praxis\Startmenü\Programme\Autostart\MEDISTAR 4 TASK 50.lnk = \\medistar\ms$\prg4\m42t.exe (MEDISTAR Praxiscomputer GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\Praxis\Startmenü\Programme\Autostart\MEDISTAR 4 TASK 51.lnk = \\medistar\ms$\prg4\m42t.exe (MEDISTAR Praxiscomputer GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\Praxis\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Praxis\Startmenü\Programme\Autostart\TimeLeft.lnk = C:\Programme\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Praxis\Startmenü\Programme\Autostart\Verknüpfung mit msimn.exe (2).lnk = C:\Programme\Outlook Express\msimn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: medistar ([]file in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B35EE45-5902-4DE0-A754-BFE223816F32}: NameServer = 192.168.100.254
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe ()
O20 - Winlogon\Notify\PRCNotify: DllName - (PRCNotify.dll) - C:\WINDOWS\System32\PRCNotify.dll (Silverstroke AG)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.30 13:44:27 | 000,000,031 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1725c141-0105-11df-a9d0-00199969a5b5}\Shell\AutoRun\command - "" = E:\.\MobilePraxis.exe
O33 - MountPoints2\{1725c141-0105-11df-a9d0-00199969a5b5}\Shell\install\command - "" = E:\.\config\setup.exe
O33 - MountPoints2\{6400079b-f6c7-11df-aaae-00199969a5b5}\Shell - "" = AutoRun
O33 - MountPoints2\{6400079b-f6c7-11df-aaae-00199969a5b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6400079b-f6c7-11df-aaae-00199969a5b5}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.03.08 03:54:02 | 000,000,000 | ---D | C] -- C:\Temp
[2012.03.07 19:15:44 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Praxis\Desktop\OTL.exe
[2012.03.07 19:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Praxis\Startmenü\Programme\CyberLink PowerDVD 9
[2012.03.07 10:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10012
[2012.03.06 13:53:13 | 000,000,000 | ---D | C] -- C:\xmldm
[2012.03.05 15:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10011
[2012.03.05 08:06:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Praxis\Eigene Dateien\Briefe an Kollegen
[2012.03.05 07:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10010
[2012.03.05 06:34:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Praxis\Eigene Dateien\Praxismappe
[2012.03.01 16:57:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012.03.01 08:11:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10009
[2012.02.28 14:18:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Yqalys
[2012.02.27 18:24:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10008
[2012.02.27 06:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10007
[2012.02.24 12:50:24 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Praxis\Recent
[2012.02.24 06:32:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10006
[2012.02.24 06:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012.02.24 06:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2012.02.23 22:23:38 | 004,448,256 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2012.02.16 19:45:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Upov
[2012.02.16 19:45:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Praxis\Anwendungsdaten\Coez
[2012.02.13 07:14:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Praxis\Lokale Einstellungen\Anwendungsdaten\Audible
[2012.02.13 07:14:30 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2012.02.13 07:14:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AudibleManager
[2012.02.13 07:13:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Praxis\Eigene Dateien\Audible
[2012.02.13 07:13:58 | 000,000,000 | ---D | C] -- C:\Programme\Audible
[2012.02.13 07:13:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Audible
[2012.02.09 10:09:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.07 19:15:47 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Praxis\Desktop\OTL.exe
[2012.03.07 19:08:36 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012.03.07 19:08:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.07 19:08:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.07 19:05:24 | 000,000,280 | ---- | M] () -- C:\WINDOWS\dscm.INI
[2012.03.07 19:03:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.07 18:31:01 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3151914587-1547794076-385950531-1005UA.job
[2012.03.07 18:05:25 | 000,000,466 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012.03.07 12:38:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.07 08:31:00 | 000,001,162 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3151914587-1547794076-385950531-1005Core.job
[2012.03.07 07:31:58 | 000,002,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Praxis\Desktop\Google Chrome.lnk
[2012.03.06 11:29:35 | 000,353,784 | ---- | M] () -- C:\WINDOWS\System32\AcroIEHelpe083.dll
[2012.03.06 06:46:25 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.02.23 22:23:38 | 004,448,256 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2012.02.14 07:34:17 | 000,129,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Praxis\Desktop\Anhänger.rar
[2012.02.13 08:25:34 | 000,000,263 | ---- | M] () -- C:\WINDOWS\MSTV200.INI
[2012.02.13 07:14:37 | 000,001,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Praxis\Desktop\Audible Manager.lnk
[2012.02.13 07:14:30 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.06 11:29:35 | 000,353,784 | ---- | C] () -- C:\WINDOWS\System32\AcroIEHelpe083.dll
[2012.02.24 06:31:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012.02.14 07:34:17 | 000,129,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Praxis\Desktop\Anhänger.rar
[2012.02.13 07:14:37 | 000,001,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Praxis\Desktop\Audible Manager.lnk
[2011.12.27 08:29:59 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011.11.30 09:35:31 | 000,029,584 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.02.17 07:37:51 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.02.17 07:37:51 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.01.13 19:17:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.12.15 18:54:20 | 000,089,368 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.05.20 12:01:45 | 009,896,036 | ---- | C] () -- C:\WINDOWS\RRSURF00.DAT
[2010.05.20 12:01:45 | 000,001,664 | ---- | C] () -- C:\WINDOWS\RRDISPLAY.DAT
[2010.04.12 14:43:49 | 000,008,917 | ---- | C] () -- C:\WINDOWS\System32\ctorg32.ini
< End of report >
--- --- --- |
