Lauersau | 13.05.2013 08:17 | Entschuldigung, hier nochmal die OTL logs
OTL: Code:
OTL logfile created on: 30.04.2013 09:42:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,80% Memory free
3,72 Gb Paging File | 2,89 Gb Available in Paging File | 77,74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 113,58 Gb Free Space | 76,21% Space Free | Partition Type: NTFS
Drive F: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS
Drive M: | 923,57 Gb Total Space | 903,98 Gb Free Space | 97,88% Space Free | Partition Type: NTFS
Drive S: | 49,98 Gb Total Space | 48,26 Gb Free Space | 96,55% Space Free | Partition Type: NTFS
Drive Z: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS
Computer Name: WXP016 | User Name: jens-uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\jens-uwe.HH\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\UPS\WSTD\UPSNA1Msgr.exe ()
PRC - C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\UPS\WSTD\UPSNA1Msgr.exe ()
MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll ()
MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll ()
MOD - C:\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll ()
MOD - C:\UPS\WSTD\UPSResourceManager.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\ICQ\dll\mramenu.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\ssi2mlm.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Programme\Spybot File not found
SRV - (SDUpdateService) -- C:\Programme\Spybot File not found
SRV - (SDScannerService) -- C:\Programme\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20130429.023\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20130429.023\NAVENG.SYS (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (SSPORT) -- C:\WINDOWS\system32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (k57w2k) -- C:\WINDOWS\system32\drivers\k57xp32.sys (Broadcom Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042PR2) -- C:\WINDOWS\system32\drivers\L8042PR2.SYS (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&k=0
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{49BC12DF-D1B7-4E78-8D3F-9489BEBF5933}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{4CF787CA-B34D-447F-8DC5-EF5C212AD5DC}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{6B681554-66C2-45DC-8C03-8BC497B152F7}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{73D31A96-13DB-4C78-B477-B552CA39D74F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{A6772F5B-6A29-4C1F-AFF3-27C1220BD273}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{D2A4D64D-D14D-4E0D-A999-66E14E23B0FF}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2011.12.02 10:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.20 08:35:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
O1 HOSTS File: ([2013.04.22 16:37:13 | 000,447,215 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15355 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128..\Run: [icq] C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\icq.exe (ICQ)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O4 - Startup: C:\Dokumente und Einstellungen\jens-uwe.HH\Startmenü\Programme\Autostart\Versandhelfer.lnk = C:\Programme\Versandhelfer\Versandhelfer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252925802546 (MUWebControl Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.3 192.168.100.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hh.martechnic.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A15B09A-1CEB-4954-A511-222808D35D57}: DhcpNameServer = 192.168.100.3 192.168.100.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.16 21:18:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.30 09:41:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\OTL.exe
[2013.04.30 08:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.04.30 08:48:21 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.30 08:46:31 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\JRT.exe
[2013.04.29 11:45:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.04.29 11:45:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.29 11:45:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.04.29 08:30:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.04.29 08:30:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.04.29 08:30:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.04.26 09:21:00 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\jens-uwe.HH\Recent
[2013.04.22 14:49:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2013.04.22 14:49:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2013.04.22 14:49:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013.04.22 14:49:38 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2013.04.22 13:49:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Malwarebytes
[2013.04.22 13:49:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.04.16 13:12:22 | 000,000,000 | ---D | C] -- C:\HP_P2055_default_install_v6.1_ww
[2013.04.16 13:01:43 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppccompio.dll
[2013.04.16 13:01:42 | 000,189,952 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmml140.dll
[2013.04.16 13:01:42 | 000,164,352 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmja140.dll
[2013.04.16 13:01:42 | 000,151,552 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmpm081.dll
[2013.04.16 13:01:42 | 000,128,512 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmtp140.dll
[2013.04.16 13:01:42 | 000,096,768 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpmlm135.dll
[2013.04.16 13:01:42 | 000,056,320 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmpw081.dll
[2013.04.16 13:01:42 | 000,049,252 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmnque.dll
[2013.04.16 13:01:42 | 000,049,250 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmnndps.dll
[2013.04.16 13:01:41 | 000,391,680 | ---- | C] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpcpn140.dll
[2013.04.16 13:01:41 | 000,113,152 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpcjpm.dll
[2013.04.16 13:01:40 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\fxcompchannel.dll
[2013.04.16 13:00:27 | 000,000,000 | ---D | C] -- C:\Drivers
[2013.04.16 12:23:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP
[2013.04.16 09:53:27 | 000,000,000 | ---D | C] -- C:\HP_P2050_full_solution_v6.1_AM-EMEA
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.30 09:41:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\OTL.exe
[2013.04.30 09:28:03 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.30 09:23:18 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013.04.30 09:23:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.30 09:23:10 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.30 09:23:10 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.04.30 09:21:06 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\piuordq.job
[2013.04.30 09:20:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.30 09:20:23 | 2012,856,320 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 09:17:39 | 000,001,464 | RHS- | M] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\ntuser.pol
[2013.04.30 09:15:55 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\adwcleaner.exe
[2013.04.30 08:46:36 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\JRT.exe
[2013.04.29 16:25:44 | 000,000,172 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013.04.29 16:02:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.29 11:45:54 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.26 11:50:42 | 001,185,863 | ---- | M] () -- \\MARTECHNICSRV\USERS$\jens-uwe\ServiceIntervallE90.pdf
[2013.04.24 06:55:11 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.04.24 06:55:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.04.23 08:23:38 | 000,459,588 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.23 08:23:38 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.23 08:23:38 | 000,084,960 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.23 08:23:38 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.22 16:57:25 | 000,592,120 | ---- | M] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\pcpholasetup.exe
[2013.04.22 16:37:13 | 000,447,215 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.04.22 14:50:04 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.04.22 14:50:04 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.04.22 14:49:52 | 000,001,806 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013.04.22 09:49:45 | 000,002,689 | ---- | M] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2013.04.16 16:31:36 | 000,094,208 | RHS- | M] () -- C:\WINDOWS\System32\wintrust9.dll
[2013.04.16 14:05:22 | 000,000,561 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[2013.04.16 13:12:20 | 046,847,480 | ---- | M] () -- \\MARTECHNICSRV\USERS$\jens-uwe\P2055_default_install_v6.1_ww.exe
[2013.04.16 13:01:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HPMProp.INI
[2013.04.16 13:00:08 | 016,951,168 | ---- | M] () -- \\MARTECHNICSRV\USERS$\jens-uwe\upd-pcl6-x32-5.6.0.14430.exe
[2013.04.16 11:53:49 | 005,115,208 | ---- | M] () -- C:\HPPSdr.exe
[2013.04.10 09:04:11 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.30 09:15:50 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\adwcleaner.exe
[2013.04.29 11:45:54 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.26 11:50:40 | 001,185,863 | ---- | C] () -- \\MARTECHNICSRV\USERS$\jens-uwe\ServiceIntervallE90.pdf
[2013.04.22 16:56:32 | 000,592,120 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\pcpholasetup.exe
[2013.04.22 15:38:32 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013.04.22 14:50:04 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.04.22 14:50:04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.04.22 14:50:03 | 000,000,612 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.04.22 14:49:52 | 000,001,812 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2013.04.22 14:49:52 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013.04.22 09:49:45 | 000,002,689 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2013.04.16 16:31:38 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\piuordq.job
[2013.04.16 16:31:36 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\System32\wintrust9.dll
[2013.04.16 13:11:55 | 046,847,480 | ---- | C] () -- \\MARTECHNICSRV\USERS$\jens-uwe\P2055_default_install_v6.1_ww.exe
[2013.04.16 13:01:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2013.04.16 12:59:44 | 016,951,168 | ---- | C] () -- \\MARTECHNICSRV\USERS$\jens-uwe\upd-pcl6-x32-5.6.0.14430.exe
[2013.04.16 11:53:25 | 005,115,208 | ---- | C] () -- C:\HPPSdr.exe
[2013.03.11 14:08:08 | 000,000,284 | ---- | C] () -- C:\WINDOWS\GvSaveImage.ini
[2013.03.11 14:08:08 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GeoLan.ini
[2013.03.11 14:02:48 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.28 09:51:23 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2012.12.06 17:41:38 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2012.12.06 17:40:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2012.12.06 14:22:21 | 000,000,381 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\dpdhl.versandhelfer_state.xml
[2012.05.03 09:04:56 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2012.05.03 08:55:18 | 000,000,561 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2012.05.03 08:53:02 | 000,093,406 | ---- | C] () -- C:\WINDOWS\hppins05.dat
[2012.05.03 08:53:02 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
[2012.04.24 09:19:36 | 001,105,417 | ---- | C] () -- C:\WINDOWS\HPISExe.dat
[2012.04.18 08:34:08 | 000,001,464 | RHS- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\ntuser.pol
[2012.04.10 14:29:20 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssi2mlm.dll
[2012.02.15 09:23:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.06 14:34:52 | 000,076,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.05.10 14:43:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.09.18 10:13:20 | 000,010,188 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
========== ZeroAccess Check ==========
[2009.03.16 21:28:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.09.25 07:35:26 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report > und das Extra: Code:
OTL Extras logfile created on: 30.04.2013 09:42:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,80% Memory free
3,72 Gb Paging File | 2,89 Gb Available in Paging File | 77,74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 113,58 Gb Free Space | 76,21% Space Free | Partition Type: NTFS
Drive F: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS
Drive M: | 923,57 Gb Total Space | 903,98 Gb Free Space | 97,88% Space Free | Partition Type: NTFS
Drive S: | 49,98 Gb Total Space | 48,26 Gb Free Space | 96,55% Space Free | Partition Type: NTFS
Drive Z: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS
Computer Name: WXP016 | User Name: jens-uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Programme\Safari\Safari.exe (Apple Inc.)
[HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\hp_LJ_P2015_Full_Solution\setup\HPZnet01.exe" = C:\hp_LJ_P2015_Full_Solution\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\hp_LJ_P2015_Full_Solution\setup\hppapd.exe" = C:\hp_LJ_P2015_Full_Solution\setup\hppapd.exe:*:Enabled:hppapd.exe -- ()
"C:\hp_LJ_P2015_Full_Solution\setup\hpntwkexe.exe" = C:\hp_LJ_P2015_Full_Solution\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe -- (Hewlett-Packard)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\icq.exe" = C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\icq.exe:*:Enabled:ICQ -- (ICQ)
"C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppniprint01.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe -- (Hewlett-Packard)
"C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppniprint64.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe -- (Hewlett-Packard)
"C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppnicifs01.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe -- ()
"C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hpbtpg.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe -- (Hewlet-Packard)
"C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\LaunchApp.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\LaunchApp.exe:*:Enabled:launchapp.exe -- (Hewlett Packard)
"C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS7E2C\HPDiagnosticCoreUI.exe" = C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS7E2C\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS2CD2\HPDiagnosticCoreUI.exe" = C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS2CD2\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS45ED\HPDiagnosticCoreUI.exe" = C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS45ED\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint01.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe -- (Hewlett-Packard)
"C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint64.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe -- (Hewlett-Packard)
"C:\HP_P2055_default_install_v6.1_ww\setup\hppnicifs01.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe -- ()
"C:\HP_P2055_default_install_v6.1_ww\setup\hpbtpg.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe -- (Hewlet-Packard)
"C:\HP_P2055_default_install_v6.1_ww\setup\LaunchApp.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\LaunchApp.exe:*:Enabled:launchapp.exe -- (Hewlett Packard)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F68F89-FC69-CA21-EC2C-0BF8BAC84CE8}" = Versandhelfer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1EB9429A-A874-4BF0-961D-BDAAFB1641A6}" = Microsoft SQL Server 2005 Backward compatibility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FAF0F08-7120-4192-BF6A-B1EC7E26A935}" = UPSVCMM
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5540F934-06D9-4DCE-B7D4-93DBA58D0338}" = WorldShip
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7ECB87DE-FF47-4A8F-97FD-1024F7885BB3}" = FOSS
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM
"{98C4DE92-27C8-482C-8431-514828756E80}" = Reconciler
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{B20A5104-24DD-4435-B965-ED84BE258F59}" = 32 Bit HP CIO Components Installer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}" = ReportServer
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E85B767C-AD1B-41FA-8CEF-C927ABB1D275}" = AlignmentUtility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4FDE018-28CF-47AC-9B01-E5F63D9F5BC1}" = ImpExpSafety
"{FAAF59A3-4B9A-4B8F-A43F-821E8DA8DA95}" = WSShared
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12
"CCleaner" = CCleaner (remove only)
"DiskAid_is1" = DiskAid 5.41
"dpdhl.versandhelfer" = Versandhelfer
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FreePDF_XP" = FreePDF (Remove only)
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MODupRemover-E-MailDuplikateentfernen" = MODupRemover - Outlook E-Mail Duplikate entfernen
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 12.11.1661" = Opera 12.11
"Pidgin" = Pidgin
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"UPS WorldShip" = UPS WorldShip
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5990, für aktuellen Benutzer)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.04.2013 08:15:40 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711726
Description = Sicherheitsrisiko gefunden!Adware.Crossid in Datei: C:\Programme\Savings
Sidekick\ButtonUtil.dll von: - Auto-Protect-Scan. Aktion: Isolieren erfolgreich.
Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert.
Error - 22.04.2013 08:15:42 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711685
Description = Risiko gefunden!Adware.Crossid in Datei: c:\programme\savings sidekick\buttonutil.dll
von: - Auto-Protect-Scan. Aktion: Isolieren erfolgreich. Beschreibung der Aktion:
Die Datei wurde erfolgreich isoliert.
Error - 22.04.2013 08:18:48 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!Adware.Crossid in Datei: C:\Programme\Savings
Sidekick\ButtonUtil.dll von: - Auto-Protect-Scan. Aktion: Isolieren erfolgreich
: Zugriff verweigert. Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert.
Error - 22.04.2013 08:38:03 | Computer Name = WXP016 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 22.04.2013 10:19:50 | Computer Name = WXP016 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 22.04.2013 10:40:30 | Computer Name = WXP016 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WorldShipTD.exe, Version 16.0.31.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.04.2013 10:42:46 | Computer Name = WXP016 | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -812496469.
Error - 29.04.2013 07:35:00 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711726
Description = Sicherheitsrisiko gefunden!Adware.Gen in Datei: C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Symantec\SRTSP\Quarantine\APQ30D.tmp von: - Auto-Protect-Scan.
Aktion: Bereinigt durch Löschen. Beschreibung der Aktion: Die Datei wurde erfolgreich
gelöscht.
Error - 29.04.2013 07:35:38 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!Adware.Gen in Datei: C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Symantec\SRTSP\Quarantine\APQ30D.tmp von: - Auto-Protect-Scan.
Aktion: Bereinigt durch Löschen. Beschreibung der Aktion: Die Datei wurde erfolgreich
gelöscht.
Error - 30.04.2013 03:17:01 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Programme\Symantec\Symantec
Endpoint Protection\SmcGui.exe Ereignisinformationen: Beenden Vorgang Durchgeführte
Aktion: Protokolliert Angreifender Prozess: C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\adwcleaner.exe
(PID 1876) Zeit: Dienstag, 30. April 2013 09:17:01
[ System Events ]
Error - 30.04.2013 03:04:49 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.
Error - 30.04.2013 03:04:49 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 30.04.2013 03:04:49 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst SearchAnonymizer.
Error - 30.04.2013 03:04:49 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 30.04.2013 03:09:44 | Computer Name = WXP016 | Source = Print | ID = 23
Description = Der Drucker HP LaserJet 2200 #2 konnte nicht initialisiert werden,
da der Treiber HP LaserJet P2015 Series PCL 5e nicht gefunden wurde.
Error - 30.04.2013 03:23:03 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.
Error - 30.04.2013 03:23:03 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 30.04.2013 03:25:30 | Computer Name = WXP016 | Source = EventLog | ID = 6004
Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig.
Die Daten sind das Paket.
Error - 30.04.2013 03:25:30 | Computer Name = WXP016 | Source = EventLog | ID = 6004
Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig.
Die Daten sind das Paket.
Error - 30.04.2013 03:47:31 | Computer Name = WXP016 | Source = Print | ID = 23
Description = Der Drucker HP LaserJet 2200 #2 konnte nicht initialisiert werden,
da der Treiber HP LaserJet P2015 Series PCL 5e nicht gefunden wurde.
< End of report > |