| bsScherndorf | 02.05.2012 16:23 |
gema trojaner - kommt direkt nach Systemstart
Anbei die zwei Dateien- bitte um Hilfe, vielen DankOTL Logfile: Code:
OTL Extras logfile created on: 5/2/2012 6:46:36 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186.31 Gb Total Space | 119.55 Gb Free Space | 64.17% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2523:TCP" = 2523:TCP:*:Enabled:nxjnouqs
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\Magentic\bin\MgImp.exe" = C:\Programme\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- (IncrediMail, Ltd.)
"C:\Programme\Magentic\bin\Magentic.exe" = C:\Programme\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- ()
"C:\Programme\Magentic\bin\MgApp.exe" = C:\Programme\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- ()
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\ImLc.exe" = C:\Programme\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe" = C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 7.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\StarMoney 7.0\app\StarMoney.exe" = C:\Programme\StarMoney 7.0\app\StarMoney.exe:*:Enabled:StarMoney 7.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Thinstall\AGENDA-Online-Test\4000003100002i\wswc.exe" = C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Thinstall\AGENDA-Online-Test\4000003100002i\wswc.exe:*:Disabled:wswc -- ()
"C:\Programme\MoRUN.net\StickerLite\sticker.exe" = C:\Programme\MoRUN.net\StickerLite\sticker.exe:*:Enabled:MoRUN.net Sticker Lite
"C:\Dokumente und Einstellungen\Bärbel\Lokale Einstellungen\Temp\ImInstaller\FreeSkin_Installer.exe" = C:\Dokumente und Einstellungen\Bärbel\Lokale Einstellungen\Temp\ImInstaller\FreeSkin_Installer.exe:*:Enabled:IncrediMail Installer
"C:\Programme\Opera 10.10 Beta\opera.exe" = C:\Programme\Opera 10.10 Beta\opera.exe:*:Enabled:Opera Internet Browser
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Dokumente und Einstellungen\Bärbel\Lokale Einstellungen\Temp\ImInstaller\incredimail_installer.exe" = C:\Dokumente und Einstellungen\Bärbel\Lokale Einstellungen\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer -- (IncrediMail Ltd.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Password Safe and Repository 6\psr.exe" = C:\Programme\Password Safe and Repository 6\psr.exe:*:Enabled:Password Safe and Repository 6 -- (MATESO GmbH)
"C:\Dokumente und Einstellungen\Bärbel\Lokale Einstellungen\Temp\jivexviewer\jre\bin\JiveX[dv] light" = C:\Dokumente und Einstellungen\Bärbel\Lokale Einstellungen\Temp\jivexviewer\jre\bin\JiveX[dv] light:*:Enabled:Java(TM) 2 Platform Standard Edition binary
"C:\Programme\ActiveFax\Client\ActFaxClient.exe" = C:\Programme\ActiveFax\Client\ActFaxClient.exe:*:Disabled:ActiveFax Client
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01BC1C03-40A3-450A-A2F1-42779F852670}_is1" = MwSt. 2010 V6.0.0
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0699F65B-CA83-4D0E-9B89-F77E1B524115}" = Address-Book
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10668AA3-490D-46C1-B606-A621451998EF}" = Password Safe and Repository 6
"{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5
"{120D0878-5C88-40A6-9991-DED7C8C88922}_is1" = MwSt. 2012 V8.1.0.3
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B06AC9D-C286-482D-9822-C120D4D2DF7A}" = StarMoney 7.0
"{1B6950D4-BC98-4032-A59B-F49DAA665B16}" = SF-Rechnung 1.07
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel(R) PRO Network Connections 11.2.0.69
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}" = Intel(R) Active Monitor
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40B59FB8-A703-45A9-9167-667CC65A865D}" = InLoox
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{41EF76A3-DFC6-40C2-B998-4555945BF1AB}" = Organizer
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{548904BC-BC37-4660-B8F8-6639A4D23520}" = pdfforge Toolbar v5.4
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{578278A2-2406-477F-A05C-51272E1C5770}" = trsQuittungen V 4.2.3.1
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE48155-BD54-46E2-8D81-A57A69726A95}" = SearchTheWeb
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E3FDA9-15A5-4E1B-AA0D-D6685173F955}" = easyFaktura
"{679DDC2F-290E-48E0-B6D3-6972A0A09554}" = Iminent
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68FDF380-CF27-42A2-B25C-E33FC17A08EC}" = SF-Karte 2.07
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{8AEF92D2-4E2C-44CD-ABDC-800E0BB8EDEE}" = Password Safe and Repository 5.5.0.1810
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0671D-6460-4456-8E8D-9C8245B999F6}_is1" = Geburtstag V1.4.0
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.5 WEB.DE Edition
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A145E08E-0D11-40DE-AA9F-104F1F1CEE42}" = TRS-Quittungen 3.2
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D513A78F-BC2F-4761-94CA-6FB7EDB6E022}" = diabolo® Auftragsverwaltung
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DEBC6EBF-FF7A-4E30-9C49-DCFB53B446F0}" = Lexware Elster
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.13
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"A1-Faktura_is1" = A1-Faktura 1.426
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"Adressen_is1" = Alltags-Adressen
"Alf-BanCo2_is1" = ALF-BanCo 2.0
"Alf-BanCo3_is1" = ALF-BanCo 3
"Alf-BanCo4_is1" = ALF-BanCo 4
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ask Toolbar_is1" = Foxit Toolbar
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"ContactKeeper_is1" = ContactKeeper 1.4.3
"E - Lohn & Gehalt 2.6_is1" = E - Lohn & Gehalt 2.6.17
"E - Lohn & Gehalt 2.7_is1" = E - Lohn & Gehalt 2.7.17
"ElsterFormular 11.3.0.4235" = ElsterFormular
"ElsterFormular 12.4.0.7094k" = ElsterFormular
"ElsterFormular 13.0.0.8055u" = ElsterFormular
"ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer
"ElsterFormular für Privatanwender und Unternehmer 12.2.0.6412k" = ElsterFormular
"ElsterFormular für Unternehmer 12.1.0.6164u" = ElsterFormular für Unternehmer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"FGS Kassenbuch5.1.3" = FGS Kassenbuch
"FinePrint" = FinePrint
"FreePDF_XP" = FreePDF (Remove only)
"Freeway_is1" = Freeway 30.2007
"FRITZ! 2.0" = AVM FRITZ!
"FS Kassenbuch5.0.7" = FS Kassenbuch
"FS Kassenbuch5.0.8" = FS Kassenbuch
"FS Kassenbuch5.0.9" = FS Kassenbuch
"Glückwunsch-Druckerei 10_is1" = DATA BECKER Glückwunsch-Druckerei 10
"HERMA Etiketten Assistent für Word 97/2000" = HERMA Etiketten Assistent für Word 97/2000
"heute-Bildschirmschoner 07" = heute-Bildschirmschoner 07 Screen Saver
"HP Document Manager" = HP Document Manager 1.0
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"IMBoosterARP" = Iminent
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InLoox" = InLoox
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{D513A78F-BC2F-4761-94CA-6FB7EDB6E022}" = diabolo® Auftragsverwaltung
"InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"LAWgistic - Forderungsberechner_is1" = LAWgistic - Forderungsberechner 2.2
"LetsTrade" = LetsTrade Komponenten
"Magentic" = Magentic
"Mein Büro 2008_is1" = Mein Büro 2008
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MwSt. 2008" = MwSt. 2008 4.1.0
"Netzmanager" = Netzmanager
"Opera 11.51.1087" = Opera 11.51
"Passfoto Manager_is1" = Passfoto Manager Ver. 1.3
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"Rechnung3" = Softwarenetz Rechnung3
"Rechnungsprofi_is1" = Rechnungsprofi 3.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SearchTheWebARP" = SearchTheWeb
"Shop for HP Supplies" = Shop for HP Supplies
"SKS Quittung 5.2.1_is1" = SKS Quittung 5.2.1
"SKS Quittung 5.2_is1" = SKS Quittung 5.2
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"ST4UNST #1" = HERMA Label Service
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Programme\BEWERBUNGSMASTER\)
"ST6UNST #3" = BEWERBUNGSMASTER (C:\Programme\BEWERBUNGSMASTER\) #3
"ST6UNST #4" = BEWERBUNGSMASTER (C:\Programme\BEWERBUNGSMASTER\) #4
"ST6UNST #5" = BEWERBUNGSMASTER (C:\Programme\BEWERBUNGSMASTER\) #5
"ST6UNST #6" = BEWERBUNGSMASTER (C:\Programme\BEWERBUNGSMASTER\) #6
"T-Online eMail Center Desktop-Startsymbol SMS" = T-Online eMail Center Desktop-Startsymbol SMS 1.0
"Win LohnInfo 2009" = Win LohnInfo 2009 13.02
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winload Toolbar" = Winload Toolbar
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"www.Freeware-download.com Toolbar" = www.Freeware-download.com Toolbar
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Bärbel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PassportPhoto" = PassportPhoto (remove)
< End of report >
--- --- ---
OTL Logfile: Code:
OTL logfile created on: 5/2/2012 6:46:36 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186.31 Gb Total Space | 119.55 Gb Free Space | 64.17% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - (lnwrarao) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (imonNT) Intel(R) -- C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe (Intel Corp.)
SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (de_serv) -- C:\Programme\FRITZ!\De_serv.exe (AVM Berlin)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (viaagp1) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FETNDIS) -- File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ACEDRV09) -- C:\WINDOWS\system32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ubohci) -- C:\WINDOWS\system32\drivers\ubohci.sys (Unibrain S.A.)
DRV - (ubumapi) -- C:\WINDOWS\system32\drivers\UBUMAPI.sys (Unibrain S.A.)
DRV - (ubsbm) -- C:\WINDOWS\system32\drivers\UBSBM.sys (Unibrain S.A.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (SIODRV) -- C:\WINDOWS\system32\drivers\SIODRV.SYS (Intel Corporation)
DRV - (iSMBIOS) -- C:\WINDOWS\system32\drivers\iSMBIOS.SYS (Intel Corporation)
DRV - (smbusp) Intel(R) -- C:\WINDOWS\system32\drivers\smb.sys (Intel Corporation)
DRV - (atirage) -- C:\WINDOWS\system32\drivers\atiragem.sys (ATI Technologies Inc.)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (NETFRITZ) -- C:\WINDOWS\system32\drivers\NETFRITZ.SYS (AVM Berlin)
DRV - (AVMPORT) -- C:\WINDOWS\System32\drivers\avmport.sys (AVM Berlin)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bärbel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie8_startpage
IE - HKU\Bärbel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Bärbel_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/br/ie8_startpage
IE - HKU\Bärbel_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Bärbel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=9d92d525-8912-4535-84a7-723838622ef5&ref=homepage
IE - HKU\Bärbel_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Bärbel_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Bärbel_ON_C\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\prxtbwww2.dll (Conduit Ltd.)
IE - HKU\Bärbel_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\Bärbel_ON_C\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKU\Bärbel_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Programme\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
IE - HKU\Bärbel_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\Bärbel_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
IE - HKU\Bärbel_ON_C\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
IE - HKU\Bärbel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bärbel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "WEB.DE Suche"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=9d92d525-8912-4535-84a7-723838622ef5&ref=homepage"
FF - prefs.js..keyword.URL: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/28 03:05:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/11 08:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/29 03:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/04/13 02:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010/12/15 06:12:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/11 08:05:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011/08/03 05:31:12 | 000,000,000 | ---D | M]
[2010/12/07 11:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Extensions
[2010/12/07 11:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/27 03:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions
[2010/05/10 07:10:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/13 09:36:17 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2011/08/10 09:35:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/02/15 11:16:28 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012/03/31 09:40:20 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2010/06/09 09:16:24 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011/04/07 04:34:08 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/02/13 11:00:08 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012/04/25 09:25:49 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011/07/05 06:24:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\engine@conduit.com
[2011/08/19 06:03:07 | 000,000,000 | ---D | M] (Facemoods) -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\mozilla\Firefox\Profiles\qnr8hyag.default\extensions\ffxtlbr@Facemoods.com
[2010/06/10 06:44:10 | 000,005,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Mozilla\Firefox\Profiles\qnr8hyag.default\searchplugins\1und1-suche.xml
[2010/06/10 06:44:10 | 000,001,371 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Mozilla\Firefox\Profiles\qnr8hyag.default\searchplugins\amazonde.xml
[2012/01/02 11:35:48 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Mozilla\Firefox\Profiles\qnr8hyag.default\searchplugins\conduit.xml
[2010/06/10 06:44:10 | 000,010,605 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Mozilla\Firefox\Profiles\qnr8hyag.default\searchplugins\gmx-suche.xml
[2009/12/02 17:05:50 | 000,001,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Mozilla\Firefox\Profiles\qnr8hyag.default\searchplugins\google.xml
[2011/09/13 03:26:52 | 000,002,185 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Mozilla\Firefox\Profiles\qnr8hyag.default\searchplugins\MyStart Search.xml
[2011/11/28 06:21:00 | 000,001,420 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Mozilla\Firefox\Profiles\qnr8hyag.default\searchplugins\preisvergleich.xml
[2012/05/01 12:03:47 | 000,002,230 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Mozilla\Firefox\Profiles\qnr8hyag.default\searchplugins\SearchTheWeb.xml
[2012/03/29 03:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/06/09 09:16:24 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/06/10 06:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2011/04/07 04:34:37 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com
[2012/02/20 04:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012/02/20 04:27:56 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) --
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BäRBEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QNR8HYAG.DEFAULT\EXTENSIONS\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BäRBEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QNR8HYAG.DEFAULT\EXTENSIONS\{40C3CC16-7269-4B32-9531-17F2950FB06F}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BäRBEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QNR8HYAG.DEFAULT\EXTENSIONS\{51A86BB3-6602-4C85-92A5-130EE4864F13}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BäRBEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QNR8HYAG.DEFAULT\EXTENSIONS\{A82D0125-000A-4A57-ABBC-5D4B0DBAAB54}.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BäRBEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QNR8HYAG.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BäRBEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QNR8HYAG.DEFAULT\EXTENSIONS\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BäRBEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QNR8HYAG.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BäRBEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QNR8HYAG.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/04/15 03:01:53 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2012/02/20 13:35:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/03 05:31:12 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX
[2012/04/15 03:01:53 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF
[2012/03/29 03:06:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/02/20 13:35:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 12:01:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/20 12:00:59 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/02/20 12:00:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/04/03 11:19:09 | 000,002,051 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2012/02/20 12:00:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/09 20:21:02 | 000,002,157 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/02/20 12:00:58 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/20 12:00:58 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008/10/26 05:51:37 | 000,268,319 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9285 more lines...
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\prxtbwww2.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Programme\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\prxtbwww2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\Bärbel_ON_C\..\Toolbar\WebBrowser: (www.Freeware-download.com Toolbar) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - C:\Programme\www.Freeware-download.com\prxtbwww2.dll (Conduit Ltd.)
O3 - HKU\Bärbel_ON_C\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Bärbel_ON_C\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\Bärbel_ON_C\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKU\Bärbel_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\Bärbel_ON_C\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\Bärbel_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O3 - HKU\Bärbel_ON_C\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IMBooster] C:\Programme\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [Iminent.Notifier] C:\Programme\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Bärbel_ON_C..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKU\Bärbel_ON_C..\Run: [CC15FE84] C:\WINDOWS\system32\4EE747C7CC15FE84734F.exe (Pigna colada)
O4 - HKU\Bärbel_ON_C..\Run: [ContactKeeper Birthday reminder] C:\Programme\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKU\Bärbel_ON_C..\Run: [DMS-Kalenderchen] C:\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKU\Bärbel_ON_C..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (Northern Codeworks)
O4 - HKU\Bärbel_ON_C..\Run: [Password Safe] File not found
O4 - HKU\Bärbel_ON_C..\Run: [Quittungsdrucker] File not found
O4 - HKU\Bärbel_ON_C..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ALF-BanCo 2.0 Reminder.lnk = C:\Programme\ALFBanCo2\AlfReminder2.exe (Alf - AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ALF-BanCo 3 Reminder.lnk = C:\Programme\ALFBanCo3\AlfReminder3.exe (Alf - AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ALF-BanCo 4 Reminder.lnk = C:\Programme\ALFBanCo4\AlfReminder4.exe (Alf - AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Dokumente und Einstellungen\Bärbel\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Bärbel\Startmenü\Programme\Autostart\Password Safe.lnk = C:\Programme\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bärbel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Bärbel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\Bärbel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Bärbel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221389181687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\4EE747C7CC15FE84734F.exe) - C:\WINDOWS\system32\4EE747C7CC15FE84734F.exe (Pigna colada)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\zuiqctcxfoh: DllName - suiuyjka.dll - File not found
O24 - Desktop Components:0 () - hxxp://wiehe.citycom2000.de/wiehe/upload/Bilder/marke_rot.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/22 08:49:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{728bbe20-046e-11e1-99f5-001111bc6d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{728bbe20-046e-11e1-99f5-001111bc6d1a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{728bbe20-046e-11e1-99f5-001111bc6d1a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{728bbe23-046e-11e1-99f5-001111bc6d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{728bbe23-046e-11e1-99f5-001111bc6d1a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{728bbe23-046e-11e1-99f5-001111bc6d1a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8a2bf77c-a286-11dd-9544-000ea6c9b6cf}\Shell\AutoRun\command - "" = K:\CarryItEasy.exe /AUTORUN
O33 - MountPoints2\{8a2bf77c-a286-11dd-9544-000ea6c9b6cf}\Shell\configure\command - "" = K:\CarryItEasy.exe
O33 - MountPoints2\{8a2bf77c-a286-11dd-9544-000ea6c9b6cf}\Shell\install\command - "" = K:\CarryItEasy.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/01 17:42:56 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012/05/01 17:42:25 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe
[2012/04/28 04:45:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Rgrgrgrvuv
[2012/04/28 04:44:28 | 000,065,536 | -H-- | C] (Pigna colada) -- C:\WINDOWS\System32\4EE747C7CC15FE84734F.exe
[2012/04/15 03:01:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Search Settings
[2012/04/15 03:01:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2012/04/15 03:01:48 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2012/04/15 03:01:48 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012/04/06 01:02:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bärbel\Desktop\Bilder_von_Kaffeemaschine_und_Sendungs-ID_01087169836298
[2010/02/08 03:17:55 | 000,102,400 | ---- | C] (Bewerbung & Software Robl) -- C:\Dokumente und Einstellungen\Bärbel\UpdateCheck_BEWERBUNGSMASTER.exe
[2006/02/18 21:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\*.tmp files -> C:\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/02 10:13:06 | 000,000,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\ContactKeeper.ldb
[2012/05/02 10:10:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 10:10:48 | 2146,152,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/01 16:39:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe
[2012/05/01 12:00:02 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/28 04:44:28 | 000,065,536 | -H-- | M] (Pigna colada) -- C:\WINDOWS\System32\4EE747C7CC15FE84734F.exe
[2012/04/28 02:55:00 | 000,000,187 | ---- | M] () -- C:\WINDOWS\buhl.ini
[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/04/26 12:36:46 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/04/26 12:34:58 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/04/26 12:33:28 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/04/26 12:32:36 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/04/21 16:25:47 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/14 02:56:51 | 000,492,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/13 04:32:13 | 000,086,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\klenk 13.04.12.pub
[2012/04/13 02:53:41 | 000,071,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\Christina Inkasso 13.04.2012.pub
[2012/04/13 02:39:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office
[2012/04/13 02:23:50 | 000,002,347 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2012/04/11 09:27:47 | 000,488,038 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/04/11 09:27:47 | 000,444,532 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 09:27:47 | 000,096,080 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/04/11 09:27:47 | 000,072,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 09:21:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 12:15:07 | 000,651,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\Ereignisse1.accdb
[2012/04/10 12:14:56 | 000,172,916 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\Events.accdt
[2012/04/10 12:13:13 | 000,417,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Desktop\Adressen.mdb
[2012/04/09 11:45:27 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Desktop\WOKAL Organizer.lnk
[2012/04/06 03:23:07 | 000,004,096 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\00000312.LCS
[2012/04/06 03:22:31 | 000,089,205 | ---- | M] () -- C:\Dokumente und Einstellungen\Bärbel\Desktop\0stern 2012.PAD
[2012/04/05 12:14:17 | 1610,612,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[6 C:\*.tmp files -> C:\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/29 06:38:02 | 000,000,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\ContactKeeper.ldb
[2012/04/28 04:46:11 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/04/28 04:46:11 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/04/28 04:46:11 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/04/28 04:46:11 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/04/28 04:46:11 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/04/28 04:46:11 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/04/13 04:32:13 | 000,086,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\klenk 13.04.12.pub
[2012/04/13 02:52:44 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\Christina Inkasso 13.04.2012.pub
[2012/04/10 12:14:56 | 000,172,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\Events.accdt
[2012/04/10 12:14:53 | 000,651,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Eigene Dateien\Ereignisse1.accdb
[2012/04/06 03:22:30 | 000,089,205 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Desktop\0stern 2012.PAD
[2012/02/16 10:30:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2012/02/15 02:19:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/12 14:29:26 | 000,042,329 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\2010_Georg_Seitz Gewerbe.elfo
[2012/02/12 14:12:57 | 000,042,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\GewSt2010_Georg_Seitz.elfo
[2012/02/12 13:59:49 | 000,003,595 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\LStA2011_Georg_Seitz_Malerservice.elfo
[2012/01/18 16:57:49 | 000,254,912 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012/01/03 08:05:00 | 000,004,110 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wxvcstjb.doa
[2012/01/03 07:26:12 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MFPD.INI
[2012/01/02 13:42:10 | 000,000,001 | R--- | C] () -- C:\Dokumente und Einstellungen\Bärbel\serverport
[2011/11/08 05:27:18 | 000,057,396 | -H-- | C] () -- C:\Dokumente und Einstellungen\Bärbel\._CIMG5709.jpg
[2011/11/08 05:27:17 | 000,057,513 | -H-- | C] () -- C:\Dokumente und Einstellungen\Bärbel\._CIMG5708.jpg
[2011/11/08 05:27:17 | 000,056,904 | -H-- | C] () -- C:\Dokumente und Einstellungen\Bärbel\._CIMG5707.jpg
[2011/11/08 05:27:16 | 000,057,186 | -H-- | C] () -- C:\Dokumente und Einstellungen\Bärbel\._CIMG5706.jpg
[2011/11/07 19:36:03 | 001,998,237 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\CIMG5709.jpg
[2011/11/07 19:30:10 | 001,853,525 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\CIMG5708.jpg
[2011/11/07 19:27:38 | 001,830,134 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\CIMG5707.jpg
[2011/11/07 19:25:32 | 001,008,273 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\CIMG5706.jpg
[2011/07/22 11:31:34 | 000,015,364 | -H-- | C] () -- C:\Dokumente und Einstellungen\Bärbel\.DS_Store
[2011/04/13 04:59:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/04/13 04:59:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011/04/03 11:50:22 | 000,001,208 | ---- | C] () -- C:\WINDOWS\System32\ati_32a.sys
[2010/10/04 10:22:07 | 000,078,117 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2010/10/04 09:54:53 | 000,105,818 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2010/10/04 09:48:52 | 000,151,182 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2010/09/17 05:35:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\tsinstallfb.bin
[2010/06/10 08:32:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/06/10 06:25:50 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/06/09 09:07:00 | 000,127,751 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/06/09 08:19:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/09 08:18:59 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/03/11 07:23:01 | 000,106,910 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/02/25 06:29:09 | 000,035,122 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2010/02/18 07:20:10 | 000,697,897 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/02/18 07:20:10 | 000,026,029 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/02/16 04:40:14 | 000,023,645 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/25 07:27:07 | 000,000,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\IfolorJavaUpload.data
[2009/12/11 11:18:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Ÿ9Ÿ9
[2009/12/11 10:56:13 | 000,010,567 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/12/11 10:44:30 | 000,203,087 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2009/12/11 10:44:30 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/08/27 12:36:07 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/11 06:22:37 | 000,000,081 | ---- | C] () -- C:\WINDOWS\loge.dat
[2009/08/11 03:45:57 | 000,000,011 | ---- | C] () -- C:\WINDOWS\MKKKXWGD.INI
[2009/08/11 03:45:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\HLOHNIWU.INI
[2009/08/06 11:43:47 | 000,000,036 | ---- | C] () -- C:\WINDOWS\winlohn9.ini
[2009/07/30 10:41:53 | 000,000,031 | ---- | C] () -- C:\WINDOWS\LxTrans.INI
[2009/07/29 03:45:57 | 000,001,575 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Lohnrechner2009.pref
[2009/07/25 06:34:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tm.ini
[2009/07/06 12:48:38 | 000,003,008 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009/06/30 05:18:23 | 000,000,018 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\SYS386LS.DAT
[2009/06/30 04:59:24 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\LZ0APROT
[2009/06/29 11:34:18 | 000,000,082 | ---- | C] () -- C:\WINDOWS\odbc_merge.INI
[2009/06/16 10:07:22 | 000,000,332 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/25 05:29:50 | 000,127,880 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2009/03/25 05:29:50 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2009/02/02 14:10:14 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2009/02/02 14:08:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2009/02/02 14:08:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2009/01/27 05:05:28 | 000,005,152 | ---- | C] () -- C:\WINDOWS\ouwininit.exe
[2008/12/07 07:48:16 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/06 19:39:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\twxapi32.dll
[2008/11/06 12:57:23 | 000,000,018 | ---- | C] () -- C:\WINDOWS\xkasse35.dat
[2008/11/06 08:54:21 | 000,000,018 | ---- | C] () -- C:\WINDOWS\xkalFREE2009.dat
[2008/11/06 07:42:49 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2008/10/17 06:40:39 | 000,000,010 | ---- | C] () -- C:\WINDOWS\SHISETUP.SYS
[2008/10/07 07:24:33 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini
[2008/09/11 10:09:55 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/08/07 10:06:30 | 000,000,364 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/06 03:54:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/08/03 10:57:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\mshtmrsa.dll
[2008/08/03 05:50:14 | 000,081,700 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/07/31 11:59:21 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/07/31 10:27:06 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MB.ini
[2008/07/31 10:27:05 | 000,000,187 | ---- | C] () -- C:\WINDOWS\buhl.ini
[2008/07/30 09:47:50 | 000,048,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Bärbel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/30 09:43:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/30 09:41:10 | 000,720,896 | ---- | C] () -- C:\WINDOWS\System32\Audio3d.dll
[2008/07/30 09:41:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/07/30 09:39:12 | 000,002,884 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/30 09:39:11 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/30 08:19:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/30 08:18:57 | 000,492,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/30 07:39:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/30 07:36:08 | 000,023,836 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 17:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 17:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 17:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 16:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 16:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/08/16 10:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2006/05/05 19:21:14 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/12/21 11:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 11:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2003/04/02 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/02 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/02 08:00:00 | 000,488,038 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/02 08:00:00 | 000,444,532 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/02 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/02 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/04/02 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/02 08:00:00 | 000,096,080 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/02 08:00:00 | 000,072,508 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/02 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/02 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/04/02 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/02 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/02 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/02 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 21:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999/08/24 08:00:00 | 000,063,030 | ---- | C] () -- C:\WINDOWS\Hea.ini
[1999/08/24 08:00:00 | 000,037,376 | ---- | C] () -- C:\WINDOWS\HSUN32.EXE
========== LOP Check ==========
[2010/02/18 07:21:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater
[2009/09/05 04:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\A-Shop
[2008/10/17 12:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\AlfBanCo2
[2010/11/10 06:32:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\ALFBanCo3
[2012/04/28 04:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\ALFBanCo4
[2009/03/18 07:57:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Alltags-Programme
[2008/09/30 16:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\B+P Heyer
[2008/11/07 08:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\BirthdayRemember
[2009/07/25 06:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Buhl Data Service
[2008/08/02 03:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Buhl Data Service GmbH
[2008/08/02 03:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\DataDesign
[2008/08/02 03:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\deltra Software GmbH
[2012/02/11 14:17:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\elsterformular
[2011/04/04 05:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\facemoods.com
[2009/08/27 12:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Foxit
[2008/10/22 06:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\FRITZ!
[2012/01/04 10:08:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\GetRightToGo
[2010/04/21 09:43:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Image Zone Express
[2012/01/04 04:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Kalenderchen
[2009/07/30 09:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Lexware
[2009/08/01 06:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Lohn
[2009/06/29 11:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Most Effective Software
[2009/01/13 05:28:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\OpenOffice.org
[2011/09/05 13:31:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Opera
[2010/06/11 08:59:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\passport_photo
[2011/10/04 05:39:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\PasswordSafe
[2010/02/18 07:22:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\pdfforge
[2012/04/26 04:09:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\PriceGong
[2012/04/28 04:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Rgrgrgrvuv
[2012/04/15 03:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Search Settings
[2009/05/18 15:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\SF Software
[2012/01/03 14:01:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Snappy Fax
[2012/01/03 12:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Snappy Fax Archives
[2010/12/09 06:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\T-Online
[2009/06/26 07:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Thinstall
[2010/12/08 12:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Thunderbird
[2011/04/07 04:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Toolbar4
[2010/12/08 06:08:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Uniblue
[2011/12/23 05:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Win LohnInfo
[2011/03/16 04:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Windows Desktop Search
[2011/03/16 04:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\Windows Search
[2012/04/02 09:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bärbel\Anwendungsdaten\WOKAL
[2009/12/09 12:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\FRITZ!
[2010/10/18 05:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Opera
[2012/02/20 04:24:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon
[2008/10/17 12:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AlfBanCo2
[2010/11/10 06:32:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AlfBanCo3
[2012/04/28 04:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AlfBanCo4
[2009/07/30 09:41:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2009/07/25 06:30:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012/02/20 04:24:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2011/10/10 07:09:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2011/04/13 04:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2008/07/31 09:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications
[2009/08/11 13:35:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G & G Soft
[2009/03/26 04:42:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hemar-Soft
[2008/09/11 10:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2011/04/07 04:34:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IMinent
[2008/09/11 10:48:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2011/10/04 05:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2009/06/29 11:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2009/08/11 12:54:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2012/01/18 11:29:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2012/02/15 11:43:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011/03/23 10:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Photo Notifier and Animation Creator
[2010/09/27 10:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoMail
[2009/03/23 03:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
[2010/12/09 06:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010/12/21 11:11:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2010/06/10 07:19:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010/12/16 12:42:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012/02/15 11:43:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB
[2012/02/20 04:24:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2009/12/16 03:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010/04/26 03:10:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{36AF0A4E-E451-4D3C-8259-9E814C3D608D}
[2010/06/10 07:35:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4E00022D-C03D-435D-A476-F2896A3CED79}
[2009/08/28 05:30:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B9369FA5-AAD2-4B3E-AAD2-14FD62B33A71}
[2012/01/18 11:19:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
< End of report >
--- --- --- |
