OTL.Txt: Code:
OTL logfile created on: 11/17/2011 12:57:47 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149.04 Gb Total Space | 98.26 Gb Free Space | 65.93% Space Free | Partition Type: NTFS
Drive D: | 3.82 Gb Total Space | 3.82 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2011/06/07 08:55:18 | 003,519,864 | ---- | M] (pcvisit Software ag) [On_Demand] -- C:\Dokumente und Einstellungen\n.Koch\Lokale Einstellungen\Temp\nsrBF.tmp\caloa_app.exe -- (Caloa Agent Service 1.0)
SRV - [2011/05/05 03:57:45 | 000,327,680 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand] -- C:\Programme\Immunet\tetra\scan.dll -- (scan)
SRV - [2011/05/05 03:57:43 | 000,741,272 | ---- | M] (Sourcefire, Inc.) [Auto] -- C:\Programme\Immunet\3.0.1\agent.exe -- (ImmunetProtect)
SRV - [2009/08/19 07:27:37 | 000,054,784 | ---- | M] (Macrovision) [Auto] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/05/05 03:57:45 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2011/05/05 03:57:44 | 000,047,440 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/05/05 03:57:44 | 000,031,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/02/24 08:11:07 | 000,455,680 | ---- | M] () [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/08/19 07:27:38 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2009/02/03 11:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/02/27 06:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/03 16:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/22 03:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\a.kuchnia_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
IE - HKU\a.kuchnia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb
IE - HKU\a.kuchnia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\admin.MICHALSKI.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin.MICHALSKI_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
IE - HKU\Admin.MICHALSKI_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb
IE - HKU\Admin.MICHALSKI_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\administrator.MICHALSKI.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\administrator.MICHALSKI_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\c.vorwald_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.surfmusic.de/
IE - HKU\c.vorwald_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ehlert_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\ehlert_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\n.Koch_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
IE - HKU\n.Koch_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maler-michalski.de/
IE - HKU\n.Koch_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rupprecht.MICHALSKI_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rupprecht_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\t.krause_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/14 02:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/09/14 02:05:39 | 000,000,000 | ---D | M]
[2010/07/27 05:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\mozilla\Extensions
[2011/09/14 02:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\mozilla\Firefox\Profiles\pd5wlvuz.default\extensions
[2010/11/25 02:50:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\mozilla\Firefox\Profiles\pd5wlvuz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/14 02:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/05/06 03:29:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/25 02:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/05 04:02:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/06 03:43:23 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/07/01 04:18:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 14:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/14 02:05:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/14 02:05:32 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/14 02:05:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/14 02:05:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/14 02:05:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O3 - HKLM\..\Toolbar: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O3 - HKU\n.Koch_ON_C\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Ats81dFW1TA5VRA] C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\54uhjseiu6rtjut.exe ( )
O4 - HKLM..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe (Broadgun Software)
O4 - HKLM..\Run: [eDoc] C:\Programme\Gemeinsame Dateien\MAYComputer\eDocPrintPro\eDoc.exe (May Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Immunet Protect] C:\Programme\Immunet\3.0.1\iptray.exe (Immunet)
O4 - HKLM..\Run: [SfWinStartInfo] C:\Programme\SFirm32\sfWinStartupInfo.exe (SFirm Hannover)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WireLessKeyboard ] C:\Programme\TCM\TCM COMBO SET\PS2USBKbdDrv.exe ()
O4 - HKLM..\Run: [WireLessMouse ] C:\Programme\TCM\TCM COMBO SET\MouseDrv.exe ()
O4 - HKU\.DEFAULT..\Run: [45huys55hy5rts] File not found
O4 - HKU\.DEFAULT..\Run: [Ats81dFW1TA5VRA] File not found
O4 - HKU\n.Koch_ON_C..\Run: [45huys55hy5rts] C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\4aygerhye4.exe ( )
O4 - HKU\n.Koch_ON_C..\Run: [Ats81dFW1TA5VRA] C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\54uhjseiu6rtjut.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\a.kuchnia_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\a.kuchnia_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\a.kuchnia_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\admin.MICHALSKI.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\admin.MICHALSKI.000_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\admin.MICHALSKI.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin.MICHALSKI_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\Admin.MICHALSKI_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\Admin.MICHALSKI_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\Admin_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator.MICHALSKI.000_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\administrator.MICHALSKI.000_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\administrator.MICHALSKI.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator.MICHALSKI_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\administrator.MICHALSKI_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\administrator.MICHALSKI_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\c.vorwald_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\c.vorwald_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\c.vorwald_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ehlert_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\ehlert_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\ehlert_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\n.Koch_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\n.Koch_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\n.Koch_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\n.Koch_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\n.Koch_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\n.Koch_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\rupprecht.MICHALSKI_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\rupprecht.MICHALSKI_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\rupprecht.MICHALSKI_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\rupprecht_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\rupprecht_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\rupprecht_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\t.krause_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\t.krause_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\t.krause_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267082229455 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = michalski.local
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\54uhjseiu6rtjut.exe) - C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\54uhjseiu6rtjut.exe ( )
O20 - HKU\.DEFAULT Winlogon: Shell - (\54uhjseiu6rtjut.exe) - File not found
O20 - HKU\n.Koch_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\54uhjseiu6rtjut.exe) - C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\54uhjseiu6rtjut.exe ( )
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/26 05:47:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0e9a970e-f569-11e0-aa1c-002354a54a48}\Shell - "" = AutoRun
O33 - MountPoints2\{0e9a970e-f569-11e0-aa1c-002354a54a48}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e9a970e-f569-11e0-aa1c-002354a54a48}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MENNEKEN.vbs
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/17 05:32:23 | 000,528,384 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\54uhjseiu6rtjut.exe
[2011/11/17 03:13:12 | 000,528,384 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\54uhjseiu6rtjut.exe
[2011/11/17 03:13:12 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dwlGina3.dll
[2011/11/17 03:12:44 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2011/11/15 11:11:55 | 000,528,384 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\4aygerhye4.exe
[2011/11/15 11:11:55 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\dwlGina3.dll
[2011/11/15 11:07:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2011/11/15 11:06:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2011/11/15 11:05:22 | 000,528,384 | ---- | C] ( ) -- C:\54uhjseiu6rtjut.exe
[2011/11/15 11:05:22 | 000,528,384 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\4aygerhye4.exe
[2011/11/15 11:05:22 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\dwlGina3.dll
[2011/11/15 11:04:27 | 000,528,384 | ---- | C] ( ) -- C:\4aygerhye4.exe
[2010/04/21 00:55:53 | 003,567,616 | ---- | C] ( ) -- C:\WINDOWS\System32\itextsharp.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/17 05:32:52 | 000,487,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/11/17 05:32:52 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/17 05:32:52 | 000,095,348 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/11/17 05:32:52 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/17 05:31:36 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/17 05:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3010C1AF-4F8F-494F-9795-ACFE4FCA4220}.job
[2011/11/17 05:29:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/17 05:23:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F6B97B13-1082-4A7F-B7BA-D5290DD717B6}.job
[2011/11/17 03:13:12 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dwlGina3.dll
[2011/11/17 03:12:45 | 000,528,384 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\54uhjseiu6rtjut.exe
[2011/11/17 03:12:45 | 000,528,384 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\4aygerhye4.exe
[2011/11/15 11:11:55 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\dwlGina3.dll
[2011/11/15 11:11:32 | 000,528,384 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\54uhjseiu6rtjut.exe
[2011/11/15 11:11:32 | 000,528,384 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\4aygerhye4.exe
[2011/11/15 11:05:22 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\dwlGina3.dll
[2011/11/15 11:04:53 | 000,528,384 | ---- | M] ( ) -- C:\54uhjseiu6rtjut.exe
[2011/11/15 11:04:53 | 000,528,384 | ---- | M] ( ) -- C:\4aygerhye4.exe
[2011/11/15 09:48:12 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\n.Koch\Desktop\Microsoft Office Excel 2003.lnk
[2011/11/15 03:00:01 | 000,271,360 | ---- | M] () -- C:\Dokumente und Einstellungen\n.Koch\Eigene Dateien\archive.pst
[2011/11/07 13:32:51 | 000,105,277 | ---- | M] () -- C:\Dokumente und Einstellungen\n.Koch\Desktop\103751 Kreis Unna Lippe BK WDVS.pdf
[2011/11/04 07:46:32 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\n.Koch\Desktop\Microsoft Office Word 2003.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/07 13:27:30 | 000,105,277 | ---- | C] () -- C:\Dokumente und Einstellungen\n.Koch\Desktop\103751 Kreis Unna Lippe BK WDVS.pdf
[2011/04/01 04:03:49 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\administrator.MICHALSKI.000\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011/03/22 04:57:29 | 000,216,208 | ---- | C] () -- C:\WINDOWS\System32\bgsserv.exe
[2011/03/22 04:57:29 | 000,122,000 | ---- | C] () -- C:\WINDOWS\System32\bgsreses.dll
[2011/03/22 04:57:29 | 000,115,856 | ---- | C] () -- C:\WINDOWS\System32\bgsresfr.dll
[2011/03/22 04:57:29 | 000,114,320 | ---- | C] () -- C:\WINDOWS\System32\bgsresde.dll
[2011/03/22 04:57:29 | 000,112,784 | ---- | C] () -- C:\WINDOWS\System32\bgsresen.dll
[2011/03/22 04:57:29 | 000,062,096 | ---- | C] () -- C:\WINDOWS\System32\bgspmnt.dll
[2011/03/16 02:59:25 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\n.Koch\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/11 01:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\0mandanten.ini
[2010/10/30 04:11:13 | 000,000,816 | RHS- | C] () -- C:\Dokumente und Einstellungen\a.kuchnia\ntuser.pol
[2010/10/30 04:10:39 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\a.kuchnia\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/07/28 08:18:35 | 000,000,816 | RHS- | C] () -- C:\Dokumente und Einstellungen\n.Koch\ntuser.pol
[2010/07/27 06:42:54 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\admin.MICHALSKI.000\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/07/27 05:06:29 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\n.Koch\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/03/09 05:31:18 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\rupprecht.MICHALSKI\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/02/25 03:02:53 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\rupprecht\ntuser.pol
[2010/02/25 03:02:36 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\rupprecht\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/04 07:41:53 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\ehlert\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 03:08:23 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\SYSPWL.DLL
[2009/08/19 03:05:32 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TCOMM32.INI
[2009/08/19 03:01:29 | 000,010,716 | ---- | C] () -- C:\WINDOWS\ASS_150E.INI
[2009/07/30 02:09:26 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\ehlert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/07/28 09:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/28 04:54:57 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\c.vorwald\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/28 01:53:42 | 000,001,179 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/07/21 09:23:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2009/07/21 09:23:41 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2009/07/21 09:23:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2009/07/21 08:51:20 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\administrator.MICHALSKI\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/04/15 04:50:00 | 000,349,696 | ---- | C] () -- C:\WINDOWS\System32\MBUtil.dll
[2009/04/15 04:49:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\MBLibMySQL.dll
[2009/04/15 04:45:20 | 000,006,421 | ---- | C] () -- C:\WINDOWS\oe_response.ini
[2009/04/08 03:38:31 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/17 07:09:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\uno.ini
[2009/03/16 11:46:18 | 000,000,226 | ---- | C] () -- C:\WINDOWS\ktel.ini
[2009/03/16 08:23:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\sfdaten.ini.lock
[2009/03/16 02:16:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009/03/13 06:16:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\c.vorwald\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/03/12 09:36:53 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\t.krause\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/03/12 09:33:54 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/12 09:20:30 | 000,000,816 | RHS- | C] () -- C:\Dokumente und Einstellungen\Admin.MICHALSKI\ntuser.pol
[2009/03/12 09:20:23 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin.MICHALSKI\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/03/12 09:16:42 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/02/26 06:35:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/26 06:22:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/02/26 06:02:53 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/02/26 05:59:54 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2009/02/26 05:48:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/26 05:45:40 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/26 05:41:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/26 05:41:23 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/26 05:35:54 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/02/26 05:35:53 | 000,002,480 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/02/26 05:35:51 | 000,487,476 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009/02/26 05:35:51 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009/02/26 05:35:51 | 000,095,348 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009/02/26 05:35:51 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009/02/26 05:35:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/26 05:35:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/02/26 05:35:46 | 000,444,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/26 05:35:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/02/26 05:35:46 | 000,072,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/26 05:35:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/02/26 05:35:46 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/02/26 05:35:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/02/26 05:35:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/02/26 05:35:45 | 000,455,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2009/02/26 05:35:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/02/26 05:35:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/02/26 05:35:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/03/13 09:19:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\eDocPrintPro
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Windows Desktop Search
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\a.kuchnia\Anwendungsdaten\Windows Desktop Search
[2010/10/30 04:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\a.kuchnia\Anwendungsdaten\Windows Small Business Server
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin.MICHALSKI.000\Anwendungsdaten\Windows Desktop Search
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin.MICHALSKI\Anwendungsdaten\Windows Desktop Search
[2009/04/15 04:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin.MICHALSKI\Anwendungsdaten\Windows Search
[2009/03/12 09:20:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin.MICHALSKI\Anwendungsdaten\Windows Small Business Server
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search
[2011/05/09 06:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.MICHALSKI.000\Anwendungsdaten\Immunet
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.MICHALSKI.000\Anwendungsdaten\Windows Desktop Search
[2011/04/01 04:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.MICHALSKI.000\Anwendungsdaten\Windows Small Business Server
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.MICHALSKI\Anwendungsdaten\Windows Desktop Search
[2009/07/21 09:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.MICHALSKI\Anwendungsdaten\Windows Search
[2009/07/21 08:51:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.MICHALSKI\Anwendungsdaten\Windows Small Business Server
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search
[2009/03/13 06:41:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.vorwald\Anwendungsdaten\eDocPrintPro
[2009/03/17 01:25:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.vorwald\Anwendungsdaten\klickTel
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.vorwald\Anwendungsdaten\Windows Desktop Search
[2009/03/16 03:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.vorwald\Anwendungsdaten\Windows Search
[2009/03/13 06:16:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.vorwald\Anwendungsdaten\Windows Small Business Server
[2009/08/19 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\Autodesk
[2010/07/20 07:41:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\DBAV
[2009/10/20 00:49:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\eDocPrintPro
[2009/08/25 09:12:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\klickTel
[2009/08/19 03:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\Siemens
[2009/08/31 08:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\TeamViewer
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\Windows Desktop Search
[2009/07/30 09:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\Windows Search
[2009/07/30 02:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ehlert\Anwendungsdaten\Windows Small Business Server
[2009/03/13 06:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\eDocPrintPro
[2011/03/29 05:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\CommunicationClients
[2010/09/15 07:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\eDocPrintPro
[2011/05/05 03:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\Immunet
[2011/03/08 08:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\TeamViewer
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\Windows Desktop Search
[2010/09/08 02:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\Windows Search
[2010/07/28 08:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\n.Koch\Anwendungsdaten\Windows Small Business Server
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rupprecht.MICHALSKI\Anwendungsdaten\Windows Desktop Search
[2010/03/09 05:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rupprecht.MICHALSKI\Anwendungsdaten\Windows Small Business Server
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rupprecht\Anwendungsdaten\Windows Desktop Search
[2010/02/25 03:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rupprecht\Anwendungsdaten\Windows Small Business Server
[2009/02/26 06:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\t.krause\Anwendungsdaten\Windows Desktop Search
[2009/03/12 09:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\t.krause\Anwendungsdaten\Windows Small Business Server
[2009/08/19 07:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2011/04/21 00:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BIVG Hannover
[2011/03/29 05:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CC-Logs
[2011/11/15 01:43:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CommunicationsClients
[2009/03/16 02:16:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF_XP
[2011/04/19 23:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SFirm Hannover
[2011/11/17 05:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3010C1AF-4F8F-494F-9795-ACFE4FCA4220}.job
[2011/11/17 05:23:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F6B97B13-1082-4A7F-B7BA-D5290DD717B6}.job
========== Purity Check ==========
< End of report > Extras.Txt: Code:
OTL Extras logfile created on: 11/17/2011 12:57:47 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149.04 Gb Total Space | 98.26 Gb Free Space | 65.93% Space Free | Partition Type: NTFS
Drive D: | 3.82 Gb Total Space | 3.82 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = localsubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Anti-Virus 7.0 -- (Kaspersky Lab)
"C:\Programme\MOSaik\Gilde.exe" = C:\Programme\MOSaik\Gilde.exe:*:Enabled:MOS'aik Projektverwaltung
"C:\Programme\MOSaik\Jade.exe" = C:\Programme\MOSaik\Jade.exe:*:Enabled:MOS'aik Datenbankverwaltung
"C:\Programme\MOSaik\Rubin.exe" = C:\Programme\MOSaik\Rubin.exe:*:Enabled:MOS'aik Dokumentverwaltung
"C:\Programme\MOSaik\Dracula.exe" = C:\Programme\MOSaik\Dracula.exe:*:Enabled:MOS'aik Finanzverwaltung
"C:\Programme\MOSaik\Topas.exe" = C:\Programme\MOSaik\Topas.exe:*:Enabled:MOS'aik Formularverwaltung
"C:\Programme\SFirm32\sfirm.exe" = C:\Programme\SFirm32\sfirm.exe:*:Enabled:SFirm -- (SFirm Hannover)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24
"{292A9286-58C7-11D4-9882-005004EDBBBD}" = HiPath 3000 Manager C 62.50.40.0
"{33DC06E3-24D0-430A-B920-F60511F184F4}" = CommunicationsClients
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D65631B-B94E-47C9-9AEA-E80AA431E841}" = OpenEdge 10.1B
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5581645F-E404-4A5B-8A16-CD6E796704CE}" = MOS'aik
"{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004
"{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}" = TCM Combo Set
"{67BA3CCF-0255-429F-AA2C-B00D22D2DF0C}" = Fa'MOS Farb- und Objektgestaltung
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{888A6CDE-E161-492A-B94C-514E76C6A143}" = SFirm
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D18FCB8E-A5A1-45D0-9E5E-DDB5826ECA70}" = klickTel Telefon- und Branchenbuch Frühjahr 2009
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{E407425C-B34B-465E-B00D-013B4BA3C3CF}" = HiPath TAPI 120 SP V2
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk Express Viewer" = Autodesk Express Viewer
"Belarc Advisor" = Belarc Advisor 7.2
"BroadGun pdfMachine" = BroadGun pdfMachine
"BZW 9.00 für Progress 10_is1" = BZW 9.00 für Progress 10
"CdaC13Ba" = SafeCast Shared Components
"Digitaler Berufsausbildungsvertrag 09_is1" = Digitaler Berufsausbildungsvertrag 09
"Digitaler Berufsausbildungsvertrag V.07_is1" = Digitaler Berufsausbildungsvertrag V.07
"eDocPrintPro" = eDocPrintPro
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Handicraft" = Handicraft für Windows
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Immunet Protect" = Immunet 3.0
"InstallShield_{5581645F-E404-4A5B-8A16-CD6E796704CE}" = MOS'aik - Die Software für den Mittelstand
"InstallShield_{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}" = TCM Combo Set
"InstallShield_{67BA3CCF-0255-429F-AA2C-B00D22D2DF0C}" = Fa'MOS Farb- und Objektgestaltung
"klickIdent 22_is1" = klickIdent 22
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PERFIDIA Standalone" = PERFIDIA Standalone
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\ehlert_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus
< End of report > |