Okay, okay.
Hier kommt erst mal der Text aus OTL.txtOTL Logfile:
Code:
OTL logfile created on: 06.06.2013 21:51:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,96% Memory free
2,59 Gb Paging File | 2,08 Gb Available in Paging File | 80,24% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 13,91 Gb Free Space | 71,20% Space Free | Partition Type: NTFS
Drive D: | 44,99 Gb Total Space | 36,08 Gb Free Space | 80,19% Space Free | Partition Type: NTFS
Drive F: | 979,70 Mb Total Space | 856,13 Mb Free Space | 87,39% Space Free | Partition Type: FAT
Computer Name: SPO_19301N | User Name: Redaktion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.30 08:08:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012.06.26 06:22:52 | 000,337,256 | ---- | M] (Aventail Corporation) -- C:\WINNT\system32\ngvpnmgr.exe
PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.25 01:32:30 | 002,499,584 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2010.03.25 01:32:16 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2010.03.11 09:36:32 | 000,390,272 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
PRC - [2009.11.24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009.09.22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- c:\Programme\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2009.09.22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\Network Associates\Common Framework\UdaterUI.exe
PRC - [2009.09.22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- c:\Programme\Network Associates\Common Framework\FrameworkService.exe
PRC - [2009.09.22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- c:\Programme\Network Associates\Common Framework\McTray.exe
PRC - [2009.08.24 22:17:29 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.06.10 20:50:00 | 000,106,496 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009.06.10 20:50:00 | 000,049,152 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009.06.08 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009.03.04 13:12:54 | 001,134,008 | ---- | M] (coolspot AG, Düsseldorf) -- C:\coolspot AG\Personal ID\pid.exe
PRC - [2008.06.24 11:00:00 | 000,311,296 | ---- | M] (matrix42 AG) -- C:\WINNT\system32\EMPIRUM\SWDEPOT.EXE
PRC - [2008.02.05 11:00:00 | 000,143,360 | ---- | M] (matrix42 AG) -- C:\WINNT\system32\EMPIRUM\SETUPSVC.EXE
PRC - [2006.01.04 13:50:28 | 001,009,835 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2006.01.04 13:50:26 | 000,172,032 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2006.01.04 13:50:26 | 000,118,784 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2005.11.10 18:44:28 | 000,557,056 | ---- | M] (Motorola Inc.) -- C:\WINNT\sm56hlpr.exe
PRC - [2005.10.13 05:37:00 | 000,163,941 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Deskview\DNAgent\DNAgent.Exe
PRC - [2005.10.13 05:37:00 | 000,053,340 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Deskview\DVAnPMan\DVAnPMan.exe
PRC - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004.08.04 15:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2004.07.15 22:05:56 | 000,124,416 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.26 06:24:46 | 000,152,936 | ---- | M] () -- C:\WINNT\ngmsi.dll
MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2010.06.02 15:14:47 | 000,790,528 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.WwanWrapper\a65cf1de3cfc6147b7aa4bfc2cb06cbc\VMC.WwanWrapper.ni.dll
MOD - [2010.06.02 15:14:47 | 000,299,008 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\1fd9c8b1ac94cb458c4abe42dfa4b1bd\VMC.WindowsService.Core.ni.dll
MOD - [2010.06.02 15:14:46 | 000,335,872 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\CancelAutoPlay\505683b60bb6a745bb570117e94e7886\CancelAutoPlay.ni.dll
MOD - [2010.06.02 15:14:45 | 000,311,296 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.CsUtil\95d3181965762346aa9c81ee8916b597\VMC.CsUtil.ni.dll
MOD - [2010.06.02 15:14:45 | 000,069,632 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\c6e0ca7224c65c4d8bdbb7507d80c808\VMC.ConnectionServices.TrafficOptimiser.ni.dll
MOD - [2010.06.02 15:14:44 | 001,712,128 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\36a23e04eb53be41886639dfdf1852ef\VMC.ConnectionServices.ni.dll
MOD - [2010.06.02 15:14:44 | 000,118,784 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\26bc08c60e1e4d43b4bddf5accb5b0a2\Interop.Shell32.ni.dll
MOD - [2010.06.02 15:14:41 | 000,765,952 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\df7fcb22476af942bfa94133c3f0e041\VMC.BaseServices.XmlSerializers.ni.dll
MOD - [2010.06.02 15:14:41 | 000,032,256 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\8deb94cfc599504680650faff1146df9\VMC.BaseServices.OutlookConnector.ni.dll
MOD - [2010.06.02 15:14:40 | 000,241,664 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\b230f7f62c40644bbda8727726837d6e\Interop.FNCClient11Lib.ni.dll
MOD - [2010.06.02 15:14:39 | 000,548,864 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\f36df91b62f1a44390d9892b68414535\VMC.BaseServices.DataAccessor.ni.dll
MOD - [2010.06.02 15:14:34 | 001,060,864 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Management\9f6689a840974c4db5d1da250a353d66\System.Management.ni.dll
MOD - [2010.06.02 15:14:33 | 000,090,112 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\73791d63f9d45140bc0d425c84068235\VMC.WindowsService.Messaging.ni.dll
MOD - [2010.06.02 15:14:32 | 000,233,472 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0691770d11a0784291f98eae8b0c705f\System.ServiceProcess.ni.dll
MOD - [2010.06.02 15:14:29 | 000,815,104 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5ffbe7e019bab0408010c6ec1c5e50fb\System.Runtime.Remoting.ni.dll
MOD - [2010.06.02 15:14:27 | 000,544,768 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\20bdfddadb1ae048a3e456da232765f7\VMC.ConnectionServicesInterface.ni.dll
MOD - [2010.06.02 15:14:26 | 001,028,096 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\f9247d7503e93b4088161cfc15eece59\VMC.BaseServices.Platform.ni.dll
MOD - [2010.06.02 15:14:24 | 000,385,024 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\VMC.UI.CommonDialogs\cba778d08280d44792fb24f956203d56\VMC.UI.CommonDialogs.ni.dll
MOD - [2010.06.02 15:14:18 | 004,513,792 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\MobileConnect\4d33c1274b046d4d95e051235581218a\MobileConnect.ni.exe
MOD - [2010.06.02 12:53:28 | 000,260,096 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010.06.02 12:53:21 | 002,878,976 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.06.02 12:34:42 | 000,684,032 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Transactions\3044226cf1183e489b15f4fcaf590785\System.Transactions.ni.dll
MOD - [2010.06.02 12:34:41 | 000,729,088 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Security\dd734987f03e7a4b9f73772e38a30462\System.Security.ni.dll
MOD - [2010.06.02 12:34:33 | 000,962,560 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Configuration\1255b57ddd0dce4b9bee41f18df9b521\System.Configuration.ni.dll
MOD - [2010.06.02 12:32:30 | 006,688,768 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Data\77281483fe4c984fbb48947723ca9036\System.Data.ni.dll
MOD - [2010.06.02 12:32:19 | 005,640,192 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Xml\04e0b94633237945b5eec6a26f662705\System.Xml.ni.dll
MOD - [2010.06.02 12:32:06 | 013,107,200 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a678a8aabcc07345ad3dfa8d1f480b40\System.Windows.Forms.ni.dll
MOD - [2010.06.02 12:31:47 | 001,626,112 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Drawing\5b0cfae0188c5a4b8567f1a13a2b8df1\System.Drawing.ni.dll
MOD - [2010.06.02 12:31:40 | 008,093,696 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System\66a7f4427bc92a48a65ba1b33846563f\System.ni.dll
MOD - [2010.06.02 12:31:23 | 011,415,552 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\mscorlib\4b661b06d51654418b9ead9f00727e39\mscorlib.ni.dll
MOD - [2010.03.11 09:36:38 | 000,140,416 | ---- | M] () -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\components\bmboc_addon3.dll
MOD - [2009.09.22 16:00:00 | 000,057,344 | ---- | M] () -- c:\Programme\Network Associates\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2009.06.08 20:50:00 | 000,148,816 | ---- | M] () -- c:\Programme\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2009.02.03 04:15:28 | 003,771,296 | ---- | M] () -- C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
MOD - [2006.10.31 01:23:18 | 000,110,592 | ---- | M] () -- C:\coolspot AG\Personal ID\MxSWL32.dll
MOD - [2005.11.10 18:44:30 | 000,049,152 | ---- | M] () -- C:\WINNT\sm56cht.dll
MOD - [2005.11.10 18:44:30 | 000,049,152 | ---- | M] () -- C:\WINNT\sm56chs.dll
MOD - [2005.11.10 18:44:28 | 000,069,632 | ---- | M] () -- C:\WINNT\sm56spn.dll
MOD - [2005.11.10 18:44:28 | 000,069,632 | ---- | M] () -- C:\WINNT\sm56itl.dll
MOD - [2005.11.10 18:44:28 | 000,069,632 | ---- | M] () -- C:\WINNT\sm56eng.dll
MOD - [2005.11.10 18:44:28 | 000,069,632 | ---- | M] () -- C:\WINNT\sm56brz.dll
MOD - [2005.11.10 18:44:28 | 000,061,440 | ---- | M] () -- C:\WINNT\sm56ger.dll
MOD - [2005.11.10 18:44:28 | 000,061,440 | ---- | M] () -- C:\WINNT\sm56fra.dll
MOD - [2005.11.10 18:44:28 | 000,053,248 | ---- | M] () -- C:\WINNT\sm56jpn.dll
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- c:\Programme\Network Associates\Common Framework\cryptocme2.dll
MOD - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINNT\system32\redmonnt.dll
========== Services (SafeList) ==========
SRV - [2012.06.26 06:22:52 | 000,337,256 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINNT\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.25 01:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.09.22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.06.10 20:50:00 | 000,049,152 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009.06.08 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008.02.05 11:00:00 | 000,143,360 | ---- | M] (matrix42 AG) [Auto | Running] -- C:\WINNT\system32\EMPIRUM\SETUPSVC.EXE -- (SetupService)
SRV - [2006.01.04 13:50:26 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.10.13 05:37:00 | 000,163,941 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Deskview\DNAgent\DNAgent.Exe -- (DeskView Agent)
SRV - [2005.10.13 05:37:00 | 000,114,688 | ---- | M] (Fujitsu Siemens Computers) [On_Demand | Stopped] -- C:\Programme\Deskview\DVCC\MTAlerting.exe -- (MTAlerting)
SRV - [2005.10.13 05:37:00 | 000,053,340 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Deskview\DVAnPMan\DVAnPMan.exe -- (DVAnPMan)
SRV - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.06.23 06:01:26 | 000,081,480 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2012.06.23 06:01:26 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nglog.sys -- (NgLog)
DRV - [2012.06.23 06:01:26 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2012.06.23 06:01:26 | 000,023,112 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2010.06.02 12:19:57 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\timntr.sys -- (timounter)
DRV - [2010.06.02 12:19:57 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.06.02 12:19:55 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\snapman.sys -- (snapman)
DRV - [2010.06.02 12:16:50 | 000,028,684 | ---- | M] (Fujitsu Siemens Computers ) [Kernel | On_Demand | Stopped] -- d:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\OemF0211.sys -- (OEMF0211)
DRV - [2010.06.02 12:16:48 | 000,027,768 | ---- | M] (Fujitsu Siemens Computers ) [Kernel | On_Demand | Stopped] -- d:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\SniF0011.sys -- (SNIF0011)
DRV - [2010.06.02 12:16:47 | 000,029,300 | ---- | M] (Fujitsu Siemens Computers ) [Kernel | On_Demand | Stopped] -- d:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\SniF0010.sys -- (SNIF0010)
DRV - [2010.03.11 09:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010.03.11 09:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2010.03.01 18:35:22 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2009.08.18 12:06:56 | 000,028,416 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\g3grumdm.sys -- (G3GRUMDM)
DRV - [2009.08.18 12:06:56 | 000,024,576 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\g3gruser.sys -- (G3GRUSER)
DRV - [2009.08.18 12:06:56 | 000,019,328 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\g3grsc.sys -- (G3GRSC)
DRV - [2009.07.27 08:45:34 | 000,554,368 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\AVerAF15DMBTH.sys -- (AVerAF15DMBTH)
DRV - [2009.06.10 20:50:00 | 000,178,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.06.10 20:50:00 | 000,052,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009.06.08 20:50:00 | 000,073,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.06.08 20:50:00 | 000,065,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009.06.08 20:50:00 | 000,034,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008.11.20 09:50:52 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.11.20 09:50:52 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.11.18 13:23:44 | 000,075,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AGR1310b.sys -- (AGR1310b)
DRV - [2007.04.26 23:52:48 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006.06.29 07:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.02.28 16:57:22 | 000,084,836 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006.01.19 13:31:34 | 000,010,068 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.11.10 18:51:38 | 000,854,404 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.10.23 17:25:12 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.10.13 05:37:00 | 000,015,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | System | Running] -- C:\WINNT\system32\drivers\Snidmi.sys -- (snidmi)
DRV - [2005.08.31 10:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.08.31 10:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.07.29 16:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005.04.30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\VComm.sys -- (VComm)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.02.17 14:05:12 | 000,023,468 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ozscr.sys -- (O2SCBUS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.tagesspiegel.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesspiegel.de
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=10.100.0.31:8080;ftp=10.100.0.31:8080
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.ftp: "10.100.0.31"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.100.0.31"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "10.*,localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Programme\Videolan\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.06.02 15:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.09 11:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.20 22:54:16 | 000,000,000 | ---D | M]
[2010.06.03 14:17:39 | 000,000,000 | ---D | M] (No name found) -- d:\Dokumente und Einstellungen\Redaktion\Anwendungsdaten\Mozilla\Extensions
[2010.06.03 14:17:39 | 000,000,000 | ---D | M] (No name found) -- d:\Dokumente und Einstellungen\Redaktion\Anwendungsdaten\Mozilla\Firefox\Profiles\libhjd4q.default\extensions
[2011.11.15 23:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.03 14:37:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.02 12:49:13 | 000,000,000 | ---D | M] (Deutsches Wörterbuch) -- C:\Programme\Mozilla Firefox\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.06.02 15:11:38 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAMME\VODAFONE\VODAFONE MOBILE CONNECT\OPTIMIZATION CLIENT\ADDON
[2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.04.22 16:25:08 | 000,001,285 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.200.0.110 tspc1-ge0
O1 - Hosts: 10.200.0.112 tspc2-ge0
O1 - Hosts: 10.200.0.113 sybasefloat
O1 - Hosts: 10.200.0.111 ppifloat tsp-ppi-prodfs
O1 - Hosts: 10.200.0.15 tshermes
O1 - Hosts: 10.200.0.16 doccenter
O1 - Hosts: 10.100.0.99 tsredtest
O1 - Hosts: 10.100.0.220 tsbackup nsrhost
O1 - Hosts: 10.200.0.220 tsbackup.ge0 nsrhost
O1 - Hosts: 10.200.0.16 doccenter
O1 - Hosts: 10.200.0.211 TS_HERMES ts_hermes
O1 - Hosts: 10.200.0.212 TS_DOCCENTER ts_doccenter
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [_UserEnv] C:\WINNT\system32\EMPIRUM\ENV.EXE (matrix42 AG)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [McAfeeUpdaterUI] c:\Programme\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [RunSWDepot1] SWDEPOT /WU /S /T /Q File not found
O4 - HKLM..\Run: [RunSWDepot2] SWDEPOT \\%EmpirumServer%\Configurator$\User\SwDepot.dds /I\\%EmpirumServer%\Values$\MachineValues\%DomainName%\%Computername%.ddc /S /K-1 /F /Z2 File not found
O4 - HKLM..\Run: [ShStatEXE] c:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINNT\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Aventail VPN Connection.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteChangeNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: tsp_empirum ([]file in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tsp.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD88CA40-7582-4A7A-988D-6101CE6D8571}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: d:\Dokumente und Einstellungen\Redaktion\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: d:\Dokumente und Einstellungen\Redaktion\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINNT\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[6 d:\Dokumente und Einstellungen\Redaktion\Eigene Dateien\*.tmp files -> d:\Dokumente und Einstellungen\Redaktion\Eigene Dateien\*.tmp -> ]
[1 d:\Dokumente und Einstellungen\Redaktion\*.tmp files -> d:\Dokumente und Einstellungen\Redaktion\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.06 21:55:48 | 000,041,641 | ---- | M] () -- d:\Dokumente und Einstellungen\Redaktion\Eigene Dateien\Foto.JPG
[2013.06.06 21:41:00 | 000,001,096 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.06 21:41:00 | 000,001,092 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.06 20:13:52 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2013.06.06 20:13:50 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2013.05.30 08:58:59 | 000,673,456 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[6 d:\Dokumente und Einstellungen\Redaktion\Eigene Dateien\*.tmp files -> d:\Dokumente und Einstellungen\Redaktion\Eigene Dateien\*.tmp -> ]
[1 d:\Dokumente und Einstellungen\Redaktion\*.tmp files -> d:\Dokumente und Einstellungen\Redaktion\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.26 06:24:46 | 000,152,936 | ---- | C] () -- C:\WINNT\ngmsi.dll
[2012.06.26 06:24:00 | 000,017,768 | ---- | C] () -- C:\WINNT\ngutil.exe
[2011.06.19 20:05:20 | 000,000,064 | ---- | C] () -- C:\WINNT\AVerText.ini
[2011.06.19 19:54:34 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\PsisDecd.dll
[2011.06.19 19:54:18 | 000,000,350 | ---- | C] () -- C:\WINNT\System32\AP6RMHV.BIN
[2011.06.19 19:54:18 | 000,000,252 | ---- | C] () -- C:\WINNT\System32\AP6RMJX.BIN
[2011.06.19 19:54:18 | 000,000,252 | ---- | C] () -- C:\WINNT\System32\AP6RMJH.BIN
[2011.06.19 19:54:18 | 000,000,238 | ---- | C] () -- C:\WINNT\System32\AP6RMFP.BIN
[2011.06.19 19:54:18 | 000,000,189 | ---- | C] () -- C:\WINNT\System32\AP6RMKS.BIN
[2011.06.19 19:54:18 | 000,000,126 | ---- | C] () -- C:\WINNT\System32\AP6RMHR.BIN
[2011.01.08 09:10:52 | 000,003,584 | ---- | C] () -- d:\Dokumente und Einstellungen\Redaktion\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.02 12:10:28 | 000,019,052 | RHS- | C] () -- d:\Dokumente und Einstellungen\All Users\ntuser.pol
[2010.03.15 19:15:34 | 000,156,430 | R--- | C] () -- d:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
========== ZeroAccess Check ==========
[2010.06.02 12:30:37 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006.09.23 13:12:38 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINNT\system32\wbem\fastprox.dll -- [2004.08.04 15:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINNT\system32\wbem\wbemess.dll -- [2004.08.04 15:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- ---
Und jetzt der Text aus Extras.txt
OTL Extras logfile created on: 06.06.2013 21:51:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,96% Memory free
2,59 Gb Paging File | 2,08 Gb Available in Paging File | 80,24% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 13,91 Gb Free Space | 71,20% Space Free | Partition Type: NTFS
Drive D: | 44,99 Gb Total Space | 36,08 Gb Free Space | 80,19% Space Free | Partition Type: NTFS
Drive F: | 979,70 Mb Total Space | 856,13 Mb Free Space | 87,39% Space Free | Partition Type: FAT
Computer Name: SPO_19301N | User Name: Redaktion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\Videolan\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\Videolan\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10043:UDP" = 10043:UDP:*:Enabled:Empirum® SoftwareDepot Push
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Novell\Groupwise\grpwise.exe" = C:\Programme\Novell\Groupwise\grpwise.exe:*:Enabled:GroupWise -- (Novell, Inc.)
"C:\Programme\Novell\Groupwise\addrbook.exe" = C:\Programme\Novell\Groupwise\addrbook.exe:*:Enabled:Adressbuch -- (Novell, Inc.)
"C:\Programme\Novell\Groupwise\notify.exe" = C:\Programme\Novell\Groupwise\notify.exe:*:Enabled:Notify -- (Novell, Inc.)
"C:\Programme\Network Associates\Common Framework\FrameworkService.exe" = C:\Programme\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:FrameWork Services -- (McAfee, Inc.)
"C:\WINNT\system32\regsvr32.exe" = C:\WINNT\system32\regsvr32.exe:*:Disabled:Microsoft(C) Registerserver -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINNT\system32\EMPIRUM\SWDEPOT.EXE" = C:\WINNT\system32\EMPIRUM\SWDEPOT.EXE:*:Enabled:SoftwareDepot for software installation from a remote server -- (matrix42 AG)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64001313-1B41-4457-B884-049984772E6F}" = Adobe Flash Player 10 Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis*True*Image
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D329EE5C-0271-40B2-9105-943972D326A2}" = Nero Burning ROM 6.3 german
"{D91EEFEB-965F-4975-9094-14808CC0D651}" = Windows Media Player 9 Series
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E82C83C0-8897-4D91-949D-E051E3F24626}" = BlueSoleil
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Acronis True Image" = True Image 9.0
"Adobe Acrobat Reader" = Acrobat Reader 8.1
"Adobe SVG Viewer" = SVG Viewer 3.0
"Atex Hermes" = Hermes 10.2.23.3
"DeskAlert" = DeskAlert 2.13.000
"DeskFlash" = DeskFlash 4.60
"DeskInfo" = DeskInfo 3.08.000
"DeskOff" = DeskOff 4.06.000
"FreePDF_XP" = FreePDF XP (Remove only)
"FSC Deskview" = Deskview 5.31
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"matrix42 PM2Client" = PM2Client 11.0
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft DotNet" = DotNet 2.0
"Microsoft Office Compatibility Pack 3.0" = Office Compatibility Pack 3.0
"Mozilla Firefox" = Firefox 3.5.3
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Nero BurnRights!UninstallKey" = Nero BurnRights (Ahead Software)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Groupwise" = Groupwise 7.0.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Sun Java2Runtime" = Java2Runtime 1.6.18
"TSP Notebooksettings" = Notebooksettings 1.0
"TSP Schriftarten" = Schriftarten 1.0
"TSP Schriftarten Update" = Schriftarten Update 1.0
"TSP W2k_Custom_Settings" = W2k_Custom_Settings 1.0
"Videolan VLC Player 0.9.9" = VLC Player 0.9.9
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.06.2013 06:21:41 | Computer Name = SPO_19301N | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 04.06.2013 06:22:44 | Computer Name = SPO_19301N | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.
Error - 06.06.2013 14:14:08 | Computer Name = SPO_19301N | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 06.06.2013 14:15:08 | Computer Name = SPO_19301N | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.
Error - 06.06.2013 14:36:08 | Computer Name = SPO_19301N | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.06.2013 14:36:08 | Computer Name = SPO_19301N | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2078
Error - 06.06.2013 14:36:08 | Computer Name = SPO_19301N | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2078
Error - 06.06.2013 15:43:50 | Computer Name = SPO_19301N | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.06.2013 15:43:50 | Computer Name = SPO_19301N | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2094
Error - 06.06.2013 15:43:50 | Computer Name = SPO_19301N | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2094
[ Application Events ]
Error - 04.06.2013 06:21:41 | Computer Name = SPO_19301N | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 04.06.2013 06:22:44 | Computer Name = SPO_19301N | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.
Error - 06.06.2013 14:14:08 | Computer Name = SPO_19301N | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 06.06.2013 14:15:08 | Computer Name = SPO_19301N | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.
Und was sagt uns das?
:wtf:
AdwCleaner auf deinen Desktop.
SecurityCheck und:
Textbox. 
