Trojaner-Board - Verbindung kann derzeit nicht aufgebaut werden / kein wind32-Anwendung

OTL:OTL Logfile:

Code:

OTL logfile created on: 20.01.2013 15:15:40 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Christian\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,41% Memory free

4,84 Gb Paging File | 4,35 Gb Available in Paging File | 89,85% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme

Drive C: | 298,08 Gb Total Space | 237,41 Gb Free Space | 79,65% Space Free | Partition Type: NTFS

Drive D: | 384,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: ICH-F6C64EDF672 | User Name: Christian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.01.20 15:12:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christian\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.12.18 18:44:47 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe

PRC - [2012.11.28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe

PRC - [2012.11.28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe

PRC - [2012.10.09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe

PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe

PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe

PRC - [2011.06.30 18:09:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.04.28 06:40:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.04 19:16:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.04.07 09:55:11 | 000,312,784 | ---- | M] () -- C:\Programme\InternetEverywhere\WTGService.exe

PRC - [2010.04.07 09:54:44 | 000,464,336 | ---- | M] (TODO: <Company name>) -- C:\Programme\InternetEverywhere\Launcher.exe

PRC - [2010.03.19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010.02.01 12:02:26 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2010.02.01 12:00:40 | 001,043,784 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe

PRC - [2008.01.16 17:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\WINXP\system32\StkCSrv.exe

PRC - [2007.12.20 20:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe

PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2007.08.03 02:37:34 | 000,364,629 | ---- | M] (Atheros) -- C:\WINXP\system32\ACS.exe

PRC - [2007.04.01 09:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

PRC - [2002.03.12 09:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINXP\system32\nwtray.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.04.07 09:55:11 | 000,312,784 | ---- | M] () -- C:\Programme\InternetEverywhere\WTGService.exe

MOD - [2010.01.28 11:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

MOD - [2007.10.26 14:28:18 | 000,197,408 | ---- | M] () -- C:\WINXP\system32\vpnapi.dll

MOD - [2007.04.01 09:00:28 | 002,842,624 | ---- | M] () -- C:\WINXP\system32\btwicons.dll

MOD - [2005.01.28 13:16:18 | 000,241,750 | ---- | M] () -- C:\WINXP\system32\nwshlxnt.dll

MOD - [2004.06.08 08:41:08 | 000,121,660 | ---- | M] () -- C:\WINXP\system32\nls\DEUTSCH\nwshlxnr.dll

MOD - [2001.10.28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINXP\system32\pdfcmnnt.dll

MOD - [2001.07.31 04:17:12 | 000,094,274 | ---- | M] () -- C:\WINXP\system32\HPBHEALR.DLL

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)

SRV - File not found [Auto | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /svc -- (gupdate1ca258cc9a2fb92)

SRV - [2013.01.20 14:34:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.12.18 18:44:47 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012.11.28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2012.11.13 16:17:56 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll -- (Akamai)

SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.10.13 08:12:34 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.06.30 18:09:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.28 06:40:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.04.08 17:56:03 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2010.04.07 09:55:11 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Programme\InternetEverywhere\WTGService.exe -- (WTGService)

SRV - [2010.03.19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010.02.01 12:00:40 | 001,043,784 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2010.02.01 11:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINXP\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2008.01.16 17:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINXP\system32\StkCSrv.exe -- (StkSSrv)

SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007.08.03 02:37:34 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINXP\system32\ACS.exe -- (ACS)

SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

SRV - [2004.12.09 08:43:14 | 000,036,864 | ---- | M] (Novell, Inc.) [Auto | Stopped] -- C:\WINXP\system32\cusrvc.exe -- (cusrvc)

SRV - [2003.03.27 13:38:56 | 000,110,665 | ---- | M] (Novell, Inc.) [Auto | Stopped] -- C:\WINXP\system32\wm.exe -- (WM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINXP\SYSTEM32\DRIVERS\jeoi4.sys -- (jeoi4)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.06.30 18:09:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.30 18:09:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.05.09 17:56:36 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)

DRV - [2011.05.09 17:56:36 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2011.05.09 17:56:36 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)

DRV - [2011.05.09 17:56:36 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2011.05.09 17:56:36 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2011.05.09 17:56:36 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)

DRV - [2011.05.09 17:56:36 | 000,015,360 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEWMSD_637.sys -- (ZTEWMSD_637)

DRV - [2009.12.08 19:19:12 | 000,114,432 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009.12.07 18:53:12 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009.10.14 06:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.10.12 14:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009.05.11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.05.21 04:19:18 | 003,630,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NETw5x32.sys -- (NETw5x32)

DRV - [2008.05.20 17:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2008.05.14 22:13:00 | 000,038,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2008.03.28 19:19:52 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\StkCMini.sys -- (StkCMini)

DRV - [2008.01.14 19:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)

DRV - [2007.12.28 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.07.03 19:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\wsimd.sys -- (WSIMD)

DRV - [2007.05.09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007.05.09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\LV302V32.SYS -- (PID_PEPI)

DRV - [2007.03.31 13:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007.03.23 10:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007.03.23 10:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007.03.23 10:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btport.sys -- (BTDriver)

DRV - [2007.03.23 10:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2005.11.22 12:07:22 | 000,018,357 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINXP\system32\NetWare\nwdhcp.sys -- (NWDHCP)

DRV - [2005.11.22 09:32:58 | 000,479,987 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINXP\system32\NetWare\nwfs.sys -- (NetWareWorkstation)

DRV - [2005.11.22 09:30:20 | 000,039,604 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINXP\system32\NetWare\nwdns.sys -- (NWDNS)

DRV - [2005.11.22 09:27:50 | 000,159,989 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINXP\system32\NetWare\srvloc.sys -- (SRVLOC)

DRV - [2005.03.14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINXP\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2005.01.26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\vsdatant.sys -- (vsdatant)

DRV - [2005.01.04 16:16:20 | 000,020,339 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINXP\system32\NetWare\nwslp.sys -- (NWSLP)

DRV - [2004.06.01 17:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\NetWare\resmgr.sys -- (RESMGR)

DRV - [2004.05.24 10:58:52 | 000,037,856 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\nicm.sys -- (NICM)

DRV - [2004.03.11 14:57:54 | 000,041,888 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINXP\system32\NetWare\nwsipx32.sys -- (NWSIPX32)

DRV - [2004.03.05 08:45:50 | 000,015,762 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINXP\system32\NetWare\nwfilter.sys -- (NWFILTER)

DRV - [2004.02.17 14:16:58 | 000,011,856 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINXP\system32\NetWare\nwhost.sys -- (NWHOST)

DRV - [2003.02.26 13:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINXP\system32\NetWare\nwsap.sys -- (NWSAP)

DRV - [2003.02.13 06:27:38 | 000,005,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINXP\system32\NetWare\nwsns.sys -- (NWSNS)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine &#45; Better Web Search

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {241C8E6E-4B17-4547-8F30-03DBC80A9468}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=9EB5C03A-E053-4924-A77C-6CB8C2B596D5&apn_sauid=4646675A-7067-4E20-A0B3-309492F7E9A6&

IE - HKCU\..\SearchScopes\{241C8E6E-4B17-4547-8F30-03DBC80A9468}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=971163&p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0

FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:6.6

FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.6

FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100010

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:5.1

FF - prefs.js..extensions.enabledItems: {B7D3E479-CC68-42B5-A338-938ECE35F419}:2.59

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.1

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=9EB5C03A-E053-4924-A77C-6CB8C2B596D5&apn_ptnrs=PV&apn_sauid=4646675A-7067-4E20-A0B3-309492F7E9A6&apn_dtid=&&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINXP\system32\15001.012 [2012.10.20 10:48:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\WINXP\system32\15001.027 [2012.01.14 17:54:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.13 08:12:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.18 18:45:05 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINXP\system32\15001.012 [2012.10.20 10:48:25 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\WINXP\system32\15001.027 [2012.01.14 17:54:29 | 000,000,000 | ---D | M]

 

[2009.01.14 18:02:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Extensions

[2012.12.04 22:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\k3ao8od9.default\extensions

[2010.05.15 12:51:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\k3ao8od9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.05.15 12:51:41 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\k3ao8od9.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

[2011.12.11 09:37:15 | 000,000,000 | ---D | M] (ra e Toolbar) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\k3ao8od9.default\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}

[2012.02.03 15:57:28 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\k3ao8od9.default\extensions\toolbar@ask.com

[2012.07.29 09:10:02 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\k3ao8od9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.04.02 10:38:17 | 000,002,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\k3ao8od9.default\searchplugins\askcom.xml

[2012.04.02 11:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.02.19 18:13:05 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

[2012.12.04 22:57:34 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM

[2012.12.04 22:57:35 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF

[2012.10.20 10:48:25 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\WINXP\SYSTEM32\15001.012

[2012.01.14 17:54:29 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\WINXP\SYSTEM32\15001.027

[2012.10.13 08:12:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2010.05.27 19:09:00 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll

[2010.05.27 19:08:27 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll

[2008.12.18 23:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npstrlnk.dll

[2012.04.02 11:00:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.13 08:12:31 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.04.02 11:00:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.02 11:00:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.02 11:00:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.02 11:00:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: Google

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {C0F1636E-13A8-4C84-BB11-774BE45E1F83} - C:\WINXP\system32\AcroIEHelpe252.dll ()

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Alcmtr] C:\WINXP\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINXP\System32\nwiz.exe ()

O4 - HKLM..\Run: [NWTRAY] C:\WINXP\System32\nwtray.exe (Novell, Inc.)

O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [Steam] C:\Programme\Steam\Steam.exe (Valve Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINXP\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -update plugin File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\InternetEverywhere\Launcher.exe (TODO: <Company name>)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINXP\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Citavi Picker... - C:\Programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINXP\system32\NetWare\nwws2nds.dll (Novell, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINXP\system32\NetWare\nwws2sap.dll (Novell, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINXP\system32\NetWare\nwws2slp.dll (Novell, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD56022C-8D33-4B21-8695-BB0BDFA732EE}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\appConf32.exe) - C:\WINXP\system32\appConf32.exe ()

O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINXP\System32\nwgina.dll (Novell, Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINXP\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINXP\Web\Wallpaper\Grüne Idylle.bmp

O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINXP\System32\nwv1_0.dll (Novell, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.01.09 13:08:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.03.08 09:52:34 | 000,000,474 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2012.03.08 09:52:34 | 000,000,012 | R--- | M] () - D:\autorun.tag -- [ UDF ]

O32 - AutoRun File - [2012.01.03 15:26:26 | 000,958,384 | R--- | M] (mirabyte GmbH & Co. KG) - D:\autostart.exe -- [ UDF ]

O33 - MountPoints2\{30dc4daa-7a5d-11e0-b3ee-0013779ee090}\Shell - "" = AutoRun

O33 - MountPoints2\{30dc4daa-7a5d-11e0-b3ee-0013779ee090}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{30dc4daa-7a5d-11e0-b3ee-0013779ee090}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1

O33 - MountPoints2\{4bda84ec-878c-11df-b2ba-0016ead1b95c}\Shell - "" = AutoRun

O33 - MountPoints2\{4bda84ec-878c-11df-b2ba-0016ead1b95c}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4bda84ec-878c-11df-b2ba-0016ead1b95c}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{6f7b5bbe-8670-11df-b2b9-0013779ee090}\Shell - "" = AutoRun

O33 - MountPoints2\{6f7b5bbe-8670-11df-b2b9-0013779ee090}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6f7b5bbe-8670-11df-b2b9-0013779ee090}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6f7b5bc2-8670-11df-b2b9-0013779ee090}\Shell - "" = AutoRun

O33 - MountPoints2\{6f7b5bc2-8670-11df-b2b9-0013779ee090}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6f7b5bc2-8670-11df-b2b9-0013779ee090}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {054CD9A1-FF85-EE2A-9AD8-91C0324B8B27} - DirectAnimation

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINXP\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINXP\system32\Rundll32.exe c:\WINXP\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F17928C1-9C76-282D-AE5C-08DFAF882D65} - Browseranpassungen

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINXP\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINXP\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINXP\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINXP\system32\rundll32.exe" "C:\WINXP\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: UxTuneUp - C:\WINXP\system32\uxtuneup.dll (TuneUp Software)

NetSvcs: WmdmPmSp -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.01.20 14:42:26 | 000,000,000 | ---D | C] -- C:\WINXP\LastGood

[2012.12.27 11:20:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christian\Desktop\Grundschuld

[3 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

[13 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.01.20 15:04:35 | 000,000,160 | ---- | M] () -- C:\WINXP\System32\blckdom.res

[2013.01.20 14:49:16 | 000,002,603 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Microsoft Office Outlook 2003.lnk

[2013.01.20 14:34:29 | 000,000,880 | ---- | M] () -- C:\WINXP\tasks\Adobe Flash Player Updater.job

[2013.01.04 15:26:17 | 000,000,179 | ---- | M] () -- C:\WINXP\hpbafd.ini

[2012.12.28 11:22:00 | 000,670,177 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Ausweis.pdf

[2012.12.22 12:01:49 | 000,270,192 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT

[3 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

[13 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.28 11:22:00 | 000,670,177 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Ausweis.pdf

[2012.12.05 16:54:42 | 000,002,207 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\.heldEinstellungen4_1.xml

[2012.12.05 16:54:42 | 000,000,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\.dsa4.properties

[2012.10.16 13:17:17 | 000,000,018 | ---- | C] () -- C:\WINXP\System32\urhtps.dat

[2012.10.13 06:48:12 | 083,023,306 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad

[2012.02.17 14:30:25 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll

[2012.01.19 12:13:16 | 000,324,192 | ---- | C] () -- C:\WINXP\System32\AcroIEHelpe252.dll

[2010.10.29 14:12:41 | 000,004,157 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf

[2009.01.25 20:09:41 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2009.02.19 18:11:15 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINXP\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINXP\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2011.01.07 23:24:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Boss Media

[2009.06.29 16:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canon

[2012.12.09 10:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular

[2011.09.17 15:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet

[2009.08.26 11:37:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster

[2010.03.09 21:05:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLive

[2010.04.08 17:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2009.08.26 14:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2009.01.14 17:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN

[2010.04.27 11:30:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.04.08 17:30:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2009.04.27 12:27:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Academic Software Zurich

[2009.03.05 13:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Canneverbe_Limited

[2010.02.10 16:31:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Canon

[2012.12.09 10:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\elsterformular

[2011.05.10 11:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\InternetEverywhere

[2009.05.18 21:03:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Leadertech

[2009.08.26 14:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\MSNInstaller

[2010.01.12 14:11:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\pdfforge

[2010.03.09 21:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\ppstream

[2012.12.04 22:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Search Settings

[2010.04.08 17:55:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\TuneUp Software

[2010.05.27 19:09:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\webex

[2012.06.14 19:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\wtxpcom

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2010.02.10 13:42:14 | 000,000,000 | -H-D | M] -- C:\BJPrinter

[2010.02.10 13:40:04 | 000,000,000 | -H-D | M] -- C:\CanonMP

[2010.10.29 14:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2009.08.15 11:55:39 | 000,000,000 | ---D | M] -- C:\f546205ed171ed7677c8a6afdc60

[2009.01.14 18:22:13 | 000,000,000 | ---D | M] -- C:\Fotos

[2009.03.12 12:40:12 | 000,000,000 | ---D | M] -- C:\I386

[2010.04.08 18:55:19 | 000,000,000 | ---D | M] -- C:\IDE

[2009.01.14 16:53:09 | 000,000,000 | ---D | M] -- C:\Intel

[2009.01.14 18:05:57 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2010.05.18 08:34:09 | 000,000,000 | -H-D | M] -- C:\NALCache

[2009.08.26 14:03:19 | 000,000,000 | ---D | M] -- C:\PCWELT

[2009.01.09 13:48:55 | 000,000,000 | ---D | M] -- C:\Postinstall

[2012.12.05 16:54:19 | 000,000,000 | R--D | M] -- C:\Programme

[2009.01.14 18:15:14 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2012.01.19 17:17:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.12.09 10:27:33 | 000,000,000 | ---D | M] -- C:\temp

[2013.01.20 14:42:26 | 000,000,000 | ---D | M] -- C:\WINXP

 
 < %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

 
 < %systemroot%\*. /mp /s >

 
 < C:\Windows\system32\*.tsp >

[2009.01.09 13:06:28 | 000,000,065 | RH-- | C] () -- C:\WINXP\Tasks\desktop.ini

[2009.01.09 13:12:56 | 000,000,006 | -H-- | C] () -- C:\WINXP\Tasks\SA.DAT

[2009.01.14 18:35:41 | 000,000,276 | ---- | C] () -- C:\WINXP\Tasks\AppleSoftwareUpdate.job

[2009.04.27 10:53:41 | 000,000,256 | ---- | C] () -- C:\WINXP\Tasks\WGASetup.job

[2010.03.09 21:54:42 | 000,000,234 | ---- | C] () -- C:\WINXP\Tasks\Scheduled Update for Ask Toolbar.job

[2010.04.08 17:56:07 | 000,000,578 | ---- | C] () -- C:\WINXP\Tasks\Automatische Problemsuche.job

[2012.07.02 13:13:47 | 000,000,880 | ---- | C] () -- C:\WINXP\Tasks\Adobe Flash Player Updater.job

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\dllcache\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\drivers\atapi.sys

[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\dllcache\eventlog.dll

[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\eventlog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\explorer.exe

[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\system32\dllcache\explorer.exe

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\dllcache\netlogon.dll

[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\dllcache\scecli.dll

[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\dllcache\user32.dll

[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\dllcache\userinit.exe

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\dllcache\winlogon.exe

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\dllcache\ws2ifsl.sys

[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2009.01.09 13:49:02 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav

[2009.01.09 13:49:02 | 001,093,632 | ---- | M] () -- C:\WINXP\System32\config\software.sav

[2009.01.09 13:49:02 | 000,462,848 | ---- | M] () -- C:\WINXP\System32\config\system.sav

 
 < %systemroot%\system32\*.dll /lockedfiles >

[3 C:\WINXP\system32\*.tmp files -> C:\WINXP\system32\*.tmp -> ]

 
 < %USERPROFILE%\*.* >

[2012.12.05 16:54:43 | 000,000,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\.dsa4.properties

[2012.12.05 16:54:42 | 000,002,207 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\.heldEinstellungen4_1.xml

[2012.01.20 14:21:23 | 005,021,696 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\ntuser.dat

[2013.01.20 15:13:17 | 000,274,432 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\ntuser.dat.LOG

[2012.01.20 14:21:24 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Christian\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 <           >
 

< End of report >

--- --- ---

Extras:OTL Logfile:

Code:

OTL Extras logfile created on: 20.01.2013 15:15:40 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Christian\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,41% Memory free

4,84 Gb Paging File | 4,35 Gb Available in Paging File | 89,85% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme

Drive C: | 298,08 Gb Total Space | 237,41 Gb Free Space | 79,65% Space Free | Partition Type: NTFS

Drive D: | 384,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: ICH-F6C64EDF672 | User Name: Christian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3070:TCP" = 3070:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe" = C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe:*:Enabled:PokerStrategy Equilator -- (PokerStrategy)

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Programme\Poker Pro Labs\Table Shark\InstallationSettings.xml" = C:\Programme\Poker Pro Labs\Table Shark\InstallationSettings.xml:*:Enabled:TableShark.exe -- ()

"C:\Programme\Poker Pro Labs\Table Shark\TableSharkUpdate.exe" = C:\Programme\Poker Pro Labs\Table Shark\TableSharkUpdate.exe:*:Enabled:TableSharkUpdate.exe -- (Poker Pro Labs)

"C:\Programme\Poker Pro Labs\Smart Buddy\SmartBuddy.exe" = C:\Programme\Poker Pro Labs\Smart Buddy\SmartBuddy.exe:*:Enabled:SmartBuddy.exe -- (Poker Pro Labs)

"C:\Programme\Poker Pro Labs\Smart Buddy\SmartBuddyUpdate.exe" = C:\Programme\Poker Pro Labs\Smart Buddy\SmartBuddyUpdate.exe:*:Enabled:SmartBuddyUpdate.exe -- (Poker Pro Labs)

"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket)

"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket)

"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\sid meier's civilization v\CivilizationV.exe" = C:\Programme\Steam\SteamApps\common\sid meier's civilization v\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)

"C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)

"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Programme\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe" = C:\Programme\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)

"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam

"{109AB81D-9732-40B3-9C1F-113A86CE6F93}" = Canon MP Navigator 1.0

"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter

"{1996809B-2215-4C99-9DE3-E75C8FE3B8C9}" = Tournament Shark

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21F5098D-0C9E-4637-AD49-F037F6275990}" = NMAS-Client-Komponenten

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP Drivers 6.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008

"{65739FA2-0444-4AB2-B598-872406539EBD}" = pdfforge Toolbar v6.6

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)

"{83A810B6-D602-4DBF-AA77-F96947965863}" = Poker Calculator Pro

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090

"{873027A1-AA67-420E-8068-7B765CC6BE4A}" = Smart Buddy

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" = 

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0EE99B4-F6DD-4A8A-8258-C3427D3CD28D}" = Table Shark

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D4EB3763-9586-405D-B376-DE98C8C9285E}" = PokerStrategy Equilator

"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.65

"ActiveTouchMeetingClient" = WebEx

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2

"Akamai" = Akamai NetSession Interface Service

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Canon LBP3010/LBP3018/LBP3050" = Canon LBP3010/LBP3018/LBP3050

"Citavi" = Citavi 2.4.9.0

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DPP" = Canon Utilities Digital Photo Professional 2.2

"ElsterFormular 13.1.1.8479p" = ElsterFormular

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EOS Utility" = Canon Utilities EOS Utility

"Everest Poker" = Everest Poker (Remove Only)

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"InternetEverywhere" = Internet Everywhere

"KONICA MINOLTA magicolor 4650 Installer" = KONICA MINOLTA magicolor 4650

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mobile Partner" = Mobile Partner

"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Novell Client for Windows" = Novell Client für Windows

"NVIDIA Drivers" = NVIDIA Drivers

"PartyPoker" = PartyPoker

"PDF Blender" = PDF Blender

"PDF-XChange 3_is1" = PDF-XChange 3

"PhotoScape" = PhotoScape

"PhotoStitch" = Canon Utilities PhotoStitch

"Poker Heaven" = Poker Heaven

"Samsung ML-2010 Series" = Samsung ML-2010 Series

"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows

"SopCast" = SopCast 3.2.8

"Steam App 8930" = Sid Meier's Civilization V

"TuneUp Utilities" = TuneUp Utilities

"VLC media player" = VLC media player 0.9.9

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.11 (32-Bit)

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 05.01.2013 11:00:46 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

 

Error - 05.01.2013 11:00:48 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.01.2013 11:00:48 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3906

 

Error - 05.01.2013 11:00:48 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3906

 

Error - 05.01.2013 11:00:50 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.01.2013 11:00:50 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6000

 

Error - 05.01.2013 11:00:50 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6000

 

Error - 05.01.2013 11:00:52 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.01.2013 11:00:52 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7984

 

Error - 05.01.2013 11:00:52 | Computer Name = ICH-F6C64EDF672 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7984

 

[ OSession Events ]

Error - 15.04.2010 04:39:08 | Computer Name = ICH-F6C64EDF672 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5430

 seconds with 3240 seconds of active time.  This session ended with a crash.

 

Error - 25.05.2010 07:37:30 | Computer Name = ICH-F6C64EDF672 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12374

 seconds with 900 seconds of active time.  This session ended with a crash.

 

Error - 09.07.2011 05:49:44 | Computer Name = ICH-F6C64EDF672 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3550

 seconds with 3000 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 20.01.2013 09:37:18 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 20.01.2013 09:39:53 | Computer Name = ICH-F6C64EDF672 | Source = Windows Update Agent | ID = 16

Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst

 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 

angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,

 eine Verbindung herzustellen.

 

Error - 20.01.2013 09:53:27 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 20.01.2013 09:53:30 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 20.01.2013 09:53:34 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 20.01.2013 09:53:37 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 20.01.2013 10:07:31 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 20.01.2013 10:07:34 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 20.01.2013 10:07:37 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 20.01.2013 10:07:39 | Computer Name = ICH-F6C64EDF672 | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

 

< End of report >

--- --- ---

Und nun?