Schoeni1983 | 19.01.2012 02:26 | Windows durch das besuchen spezieller Seiten gesperrt - 50 Euro zahlen Hallo liebes Board Team,
hab genau das gleiche Problem wie schon einige User gepostet haben.
Folgende meine erstellten Logs.
OTL: Code:
OTL logfile created on: 19.01.2012 02:10:46 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\fnscho\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,45 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 69,92% Memory free
6,90 Gb Paging File | 5,83 Gb Available in Paging File | 84,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 10,05 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive D: | 109,05 Gb Total Space | 69,03 Gb Free Space | 63,30% Space Free | Partition Type: NTFS
Computer Name: NUEL-102297 | User Name: fnscho | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\fnscho\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\fnscho\AppData\Roaming\Microsoft\dllhsts.exe (TrueCrypt Foundation)
PRC - C:\Programme\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
PRC - C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\slClient.exe (ScriptLogic Software Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\CNAC8SWK.EXE (CANON INC.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
PRC - C:\Programme\Oracle\ora92\bin\omtsreco.exe (Oracle Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Programme\McAfee\Common Framework\cryptocme2.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (SR_Watchdog) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SLClient) -- C:\Windows\System32\slClient.exe (ScriptLogic Software Corporation)
SRV - (APUpdService) -- C:\Windows\System32\APUpdService.exe (cobra GmbH)
SRV - (OracleMTSRecoveryService) -- C:\Programme\Oracle\ora92\bin\omtsreco.exe (Oracle Corporation)
SRV - (OracleOraHome92ClientCache) -- C:\Programme\oracle\ora92\bin\ONRSD.EXE ()
========== Driver Services (SafeList) ==========
DRV - (avkmgr) -- File not found
DRV - (V0520Vid) -- C:\Windows\System32\drivers\V0520Vid.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CP_OMDRV) -- C:\Windows\System32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\Windows\System32\drivers\fw.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\Windows\System32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\Windows\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://gfk4u
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gfk4u/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = isa:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://emea-webproxy.gfk.com/proxy.pac
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://gfk4u/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearching.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://emea-webproxy.gfk.com/proxy.pac"
FF - prefs.js..network.proxy.type: 2
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearching.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\fnscho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\fnscho\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\fnscho\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.26 09:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.08.26 09:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fnscho\AppData\Roaming\mozilla\Extensions
[2011.08.26 09:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.12 07:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.20 19:01:38 | 000,000,161 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\fnscho\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\fnscho\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\fnscho\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\fnscho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\fnscho\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\fnscho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\fnscho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\fnscho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (datango Extension Helper BHO 2011) - {85100005-9FDB-48BA-8929-4CF6FC74D4C5} - C:\Programme\datango\producer85\BHO2.dll (datango AG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (instplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\fnscho\AppData\Roaming\instplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BGINFO] C:\Windows\bginfo.exe (Sysinternals)
O4 - HKLM..\Run: [C:\Windows\system32\V0520Ext.ax] C:\Windows\System32\V0520Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [{E8F1C85C-69CB-11E0-B950-806E6F6E6963}] C:\Users\fnscho\AppData\Roaming\Microsoft\dllhsts.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 3600
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\fnscho\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: datango Extension 2011 8.5 - {85100004-9FDB-48BA-8929-4CF6FC74D4C5} - C:\Programme\datango\producer85\BHO2.dll (datango AG)
O13 - gopher Prefix: missing
O16 - DPF: {0B56235A-3372-11D3-9036-00500411D639} https://intranet.gfkms.com/ppub/downloads/mdm_ctrl/tvctrl.CAB (tvctrl.UserControl1)
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} hxxp://r00t.dyndns-home.com/JMWiseCam.cab (JMWiseCam Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gfk.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E76C293-C19A-41F9-9A9F-E91340C6B5CC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.01.19 01:57:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\fnscho\Desktop\OTL.exe
[2012.01.18 23:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.18 23:26:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.11 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\fnscho\Documents\Outlook-Dateien
[2012.01.04 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\fnscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.01.04 23:05:24 | 000,000,000 | ---D | C] -- C:\Users\fnscho\AppData\Local\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.01.19 02:10:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328376081-1279679187-339368940-3568UA.job
[2012.01.19 02:09:57 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 02:09:57 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 02:04:38 | 000,000,392 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2012.01.19 02:02:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.19 02:02:05 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.19 01:57:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\fnscho\Desktop\OTL.exe
[2012.01.19 00:23:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1328376081-1279679187-339368940-3568UA.job
[2012.01.18 23:10:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328376081-1279679187-339368940-3568Core.job
[2012.01.17 20:50:16 | 000,727,644 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.17 20:50:16 | 000,670,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.17 20:50:16 | 000,159,396 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.17 20:50:16 | 000,130,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.15 22:19:21 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1328376081-1279679187-339368940-3568Core.job
[2012.01.10 08:35:07 | 000,369,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.07 15:07:33 | 000,002,370 | ---- | M] () -- C:\Users\fnscho\Desktop\Google Chrome.lnk
[2011.12.30 15:20:30 | 000,002,036 | ---- | M] () -- C:\Users\fnscho\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.01.04 23:05:53 | 000,002,370 | ---- | C] () -- C:\Users\fnscho\Desktop\Google Chrome.lnk
[2012.01.04 23:05:26 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328376081-1279679187-339368940-3568UA.job
[2012.01.04 23:05:26 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328376081-1279679187-339368940-3568Core.job
[2011.06.28 09:54:25 | 000,000,094 | ---- | C] () -- C:\Users\fnscho\AppData\Local\fusioncache.dat
[2011.04.27 07:30:45 | 000,000,218 | ---- | C] () -- C:\Windows\oraodbc.ini
[2011.04.20 16:10:34 | 000,000,151 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.20 16:09:33 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.04.19 12:19:39 | 000,002,516 | ---- | C] () -- C:\Windows\System32\drivers\default.bin
[2011.04.19 12:19:39 | 000,002,516 | ---- | C] () -- C:\Windows\System32\default.bin
[2011.04.18 17:02:28 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011.04.18 16:33:37 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.04.18 16:30:44 | 000,013,228 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.04.18 16:04:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.18 16:00:44 | 000,000,392 | ---- | C] () -- C:\Windows\SMSCFG.INI
[2011.04.18 15:40:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011.04.18 15:40:40 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.04.18 15:40:36 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011.04.18 15:40:36 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.04.18 15:40:33 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.12.15 12:41:14 | 000,004,133 | ---- | C] () -- C:\Windows\entrust.ini
[2009.12.15 12:40:24 | 000,112,016 | ---- | C] () -- C:\Windows\System32\fwnetcfg.dll
[2009.07.14 09:50:01 | 000,727,644 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:50:01 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:50:01 | 000,159,396 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:50:01 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,369,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,670,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,130,952 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011.10.20 22:48:35 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\Amazon
[2011.09.14 14:37:32 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\Audacity
[2011.04.19 11:50:47 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\Citrix
[2011.08.16 23:35:13 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\DVDVideoSoft
[2011.05.16 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.19 11:48:25 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\FileZilla
[2011.04.27 11:57:16 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\ICAClient
[2011.11.20 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\instplugin
[2011.04.26 07:56:25 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\JAM Software
[2011.04.19 11:26:37 | 000,000,000 | ---D | M] -- C:\Users\fnscho\AppData\Roaming\Xerox
[2012.01.15 22:19:21 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1328376081-1279679187-339368940-3568Core.job
[2012.01.19 00:23:07 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1328376081-1279679187-339368940-3568UA.job
[2011.12.15 22:58:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extra: Code:
OTL Extras logfile created on: 19.01.2012 02:10:46 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\fnscho\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,45 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 69,92% Memory free
6,90 Gb Paging File | 5,83 Gb Available in Paging File | 84,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 10,05 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive D: | 109,05 Gb Total Space | 69,03 Gb Free Space | 63,30% Space Free | Partition Type: NTFS
Computer Name: NUEL-102297 | User Name: fnscho | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:enabled:SCCM Remote Control" = 135:TCP:*:enabled:SCCM Remote Control
"2701:TCP:*:enabled:SCCM Remote Control" = 2701:TCP:*:enabled:SCCM Remote Control
"2702:TCP:*:enabled:SCCM Remote Control" = 2702:TCP:*:enabled:SCCM Remote Control
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AECCB0-53D7-4CE7-A0F7-9F3D6F6D22FD}" = WinRAR 3.91 German
"{062219AC-E307-4FFF-847F-28BD3B63969F}" = datango producer 2011 8.5.1.149
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{17F87DFD-7DFE-401D-8A66-1FE837D6D354}" = Internet Explorer
"{18108CAD-ED6E-4F25-A525-CC335D5817D9}" = SocksCap
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{2617CEC0-EC1C-42D6-83C1-041470C1BC82}" = ILGM
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2C2553A0-5E95-4CAF-A802-7B7C8DD7E75E}" = Oracle Client 9i
"{2F7ADBBB-86D5-4193-B2F8-935BAC8CDFEF}" = RCI-Installer VB6 ADO
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin für gehostete Anwendungen
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C1FBBAF-14C8-4A23-A4A7-BCF19A979890}" = McAfee Agent
"{64001313-1B41-4457-B884-049984772E6F}" = Adobe Flash Player 10 Plugin
"{69B5FE70-08A3-4BFC-9B30-6903CF378B8B}" = BGinfo_1.02
"{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1
"{7067E219-F48C-4AC6-AD2F-F90CB23C3616}" = UltraEdit 16.10
"{8875731E-E187-40E3-AADD-50D4CE482E51}" = Putty 0.60
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{233CE951-DA0E-4A49-9194-FCC8B1DEA286}" =
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{98A58CEC-C2B6-4C72-BC49-316312B2FEC2}" = PManagerSetup
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A498B1CD-A0CC-4871-ABE9-F6E1E113262C}" = WinCOS
"{A5D942B1-E0C7-4AC7-8C2A-E4FD446BD3E2}" = cobra Component Update 02
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{be839ba5-dc35-4ea7-83fb-a7bf5779ab6d}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA3
"{C31FFAEC-E9AD-44DF-8B07-CAC8B0A82AF3}" = Oracle Provider OLE DB
"{C8B8C745-D288-41B4-9512-01E397F77449}" = Dell System Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{E9303299-F395-4F63-8D6D-97F118386EDB}" = FileZilla
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Canon LBP5050" = Canon LBP5050
"Creative VF0520" = Creative Live! Cam Sync (VF0520) Driver (1.01.04.00)
"FileZilla Client" = FileZilla Client 3.3.0.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"GfK-Screensaver-V002" = GfK-Screensaver-V002
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"instplugin" = instplugin
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"microTOOL in-Step 4.7" = microTOOL in-Step 4.7
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealAlt_is1" = Real Alternative 1.9.0
"RealVNC_is1" = VNC Free Edition 4.1.3
"SocksCap V2" = SocksCap V2
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3b2f2a8cd21e6654" = FirmensucherEx2
"FA94FDD9397920018A965A6CF0272E6781F272A6" = GfKMS.ExcelAddIns.QueryAddIn
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2012 06:53:04 | Computer Name = NUEL-102297.gfk.com | Source = Group Policy Registry | ID = 100737028
Description = Die clientseitige Erweiterung hat die nicht behandelte Ausnahme "filter
expand" abgefangen in: "Access violation (0xc0000005) occurred at 0x6172676f; the
memory at 0x6172676f could not be ???Æ."%100790275
Error - 11.01.2012 08:43:06 | Computer Name = NUEL-102297.gfk.com | Source = Group Policy Registry | ID = 100737028
Description = Die clientseitige Erweiterung hat die nicht behandelte Ausnahme "filter
expand" abgefangen in: "Access violation (0xc0000005) occurred at 0x00000000; the
memory at 0x00000000 could not be ???Ç."%100790275
Error - 11.01.2012 10:28:08 | Computer Name = NUEL-102297.gfk.com | Source = Group Policy Registry | ID = 100737028
Description = Die clientseitige Erweiterung hat die nicht behandelte Ausnahme "filter
expand" abgefangen in: "Access violation (0xc0000005) occurred at 0xf8458966; the
memory at 0xf8458966 could not be ???Æ."%100790275
Error - 13.01.2012 07:28:54 | Computer Name = NUEL-102297.gfk.com | Source = Group Policy Registry | ID = 100737028
Description = Die clientseitige Erweiterung hat die nicht behandelte Ausnahme "filter
expand" abgefangen in: "Access violation (0xc0000005) occurred at 0x3bb21b89; the
memory at 0x3bb21b89 could not be ???D."%100790275
Error - 13.01.2012 09:53:06 | Computer Name = NUEL-102297.gfk.com | Source = Group Policy Registry | ID = 100737028
Description = Die clientseitige Erweiterung hat die nicht behandelte Ausnahme "filter
expand" abgefangen in: "Access violation (0xc0000005) occurred at 0xf8458966; the
memory at 0xf8458966 could not be ???a."%100790275
Error - 13.01.2012 13:49:12 | Computer Name = NUEL-102297.gfk.com | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe, Version:
3.10.8.815, Zeitstempel: 0x4e4a84e5 Name des fehlerhaften Moduls: VideoFileToIPOD.dll,
Version: 1.7.20.808, Zeitstempel: 0x4e452895 Ausnahmecode: 0xc0000005 Fehleroffset:
0x000131d2 ID des fehlerhaften Prozesses: 0x1338 Startzeit der fehlerhaften Anwendung:
0x01ccd21b3f17a6f0 Pfad der fehlerhaften Anwendung: C:\Program Files\DVDVideoSoft\Free
YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Common Files\DVDVideoSoft\Dll\VideoFileToIPOD.dll Berichtskennung:
e6420a64-3e0e-11e1-9489-545df658e00d
Error - 17.01.2012 13:01:17 | Computer Name = NUEL-102297.gfk.com | Source = Group Policy Registry | ID = 100737028
Description = Die clientseitige Erweiterung hat die nicht behandelte Ausnahme "filter
expand" abgefangen in: "Access violation (0xc0000005) occurred at 0x00000000; the
memory at 0x00000000 could not be ???è."%100790275
Error - 17.01.2012 15:41:38 | Computer Name = NUEL-102297.gfk.com | Source = Group Policy Registry | ID = 100737028
Description = Die clientseitige Erweiterung hat die nicht behandelte Ausnahme "filter
expand" abgefangen in: "Access violation (0xc0000005) occurred at 0x11892ab2; the
memory at 0x11892ab2 could not be ???÷."%100790275
Error - 18.01.2012 17:57:06 | Computer Name = NUEL-102297.gfk.com | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768,
Zeitstempel: 0x4d6878c3 Name des fehlerhaften Moduls: Explorer.EXE, Version: 6.1.7600.16768,
Zeitstempel: 0x4d6878c3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0009dc8a ID des fehlerhaften
Prozesses: 0x8b0 Startzeit der fehlerhaften Anwendung: 0x01ccd62372ca9b34 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\Explorer.EXE
Berichtskennung:
5be65e05-421f-11e1-9900-545df658e00d
Error - 18.01.2012 19:23:07 | Computer Name = NUEL-102297.gfk.com | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 31.08.2011 03:12:41 | Computer Name = NUEL-102297.gfk.com | Source = DCOM | ID = 10016
Description =
Error - 31.08.2011 16:52:41 | Computer Name = NUEL-102297.gfk.com | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne GFK aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 31.08.2011 16:52:40 | Computer Name = NUEL-102297.gfk.com | Source = FW1 | ID = 1
Description = FW1: FW-1: module VPN is registered twice
Error - 31.08.2011 16:52:45 | Computer Name = NUEL-102297.gfk.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 31.08.2011 16:53:36 | Computer Name = NUEL-102297.gfk.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 31.08.2011 16:54:38 | Computer Name = NUEL-102297.gfk.com | Source = DCOM | ID = 10016
Description =
Error - 01.09.2011 03:22:34 | Computer Name = NUEL-102297.gfk.com | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne GFK aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 01.09.2011 03:22:34 | Computer Name = NUEL-102297.gfk.com | Source = FW1 | ID = 1
Description = FW1: FW-1: module VPN is registered twice
Error - 01.09.2011 03:24:00 | Computer Name = NUEL-102297.gfk.com | Source = DCOM | ID = 10016
Description =
Error - 01.09.2011 06:09:21 | Computer Name = NUEL-102297.gfk.com | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report > Danke schonmal für eure Hilfe.
Flo |