Hi Leo,
alles nach Anweisung so gemacht.
adobe neu zu installieren ging erst nach verschiedenen Schritten die auf deren Seite erklärt waren. Ist aber jetzt auch drauf.
hier die beiden logs:
OTL Logfile: Code:
OTL logfile created on: 08.02.2013 13:32:54 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
253,98 Mb Total Physical Memory | 46,59 Mb Available Physical Memory | 18,35% Memory free
624,82 Mb Paging File | 295,16 Mb Available in Paging File | 47,24% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 16,14 Gb Free Space | 43,33% Space Free | Partition Type: NTFS
Computer Name: USER-7DF944BEE4 | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.08 13:28:29 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.02.05 11:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\OTL.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2009.11.24 10:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009.10.21 16:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) -- C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.14 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Programme\WinZip\WZQKPICK.EXE
PRC - [2004.06.08 17:20:00 | 000,327,680 | ---- | M] () -- C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe
PRC - [1999.03.11 18:22:06 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
========== Modules (No Company Name) ==========
MOD - [2004.06.08 17:20:00 | 000,327,680 | ---- | M] () -- C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe
MOD - [2004.06.07 10:46:00 | 000,159,744 | ---- | M] () -- C:\Programme\T-Com\Sinus 154 data II\res.dll
MOD - [2004.06.04 12:52:00 | 000,077,824 | ---- | M] () -- C:\Programme\T-Com\Sinus 154 data II\iface.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.08 13:28:29 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009.10.21 16:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe -- (DFSVC)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\T-Online\T-DSLT~1\PCANDIS5.SYS -- (PCANDIS5)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\msbwatmr.sys -- (msbwatmr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2013.02.04 11:29:09 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SFDRV01.SYS -- (sfdrv01)
DRV - [2011.06.02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.10.15 16:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009.10.15 16:14:38 | 000,014,624 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Home\Dialerschutz-Software\DFSYS.sys -- (DFSYS)
DRV - [2006.03.13 10:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005.12.10 12:50:44 | 000,001,792 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\zpmodemnt.sys -- (ZPMODEMSYSNTDRVNT)
DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.03.12 21:07:57 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
DRV - [2004.08.04 16:19:30 | 000,099,476 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STK013W2.sys -- (DCamUSBSTK013)
DRV - [2001.02.12 21:02:26 | 000,047,616 | ---- | M] (T-Online International AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TDSLAdap.sys -- (TDSLAdapter)
DRV - [2001.02.12 21:02:26 | 000,006,688 | ---- | M] (T-Online International AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDSLProt.sys -- (TDSLProtocol)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKCU\..\SearchScopes,DefaultScope = {752222CD-DB25-4386-A127-97D8AD232195}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{752222CD-DB25-4386-A127-97D8AD232195}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {c8810cc9-0aaa-4aed-8c67-b2b1918c1e08}:0.9.6
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2008.10.21 16:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Anwendungsdaten\Mozilla\Extensions
[2010.07.13 11:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Anwendungsdaten\Mozilla\Firefox\Profiles\toapyfth.default\extensions
[2008.10.21 16:42:43 | 000,000,000 | ---D | M] ("Travissimo") -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Anwendungsdaten\Mozilla\Firefox\Profiles\toapyfth.default\extensions\{c8810cc9-0aaa-4aed-8c67-b2b1918c1e08}
O1 HOSTS File: ([2013.02.06 13:37:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Programme\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe (Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\STK013 PNP Monitor.lnk = File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\T-Com WLAN Manager.lnk = C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe File not found
O15 - HKCU\..Trusted Domains: mobile.de ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} hxxp://god.t-online.de/download/ExentCtl.ocx (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359916086187 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22F3A328-1E8C-498D-B83F-2DB49C6E68F3}: NameServer = 217.0.43.17 217.0.43.33
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.28 19:38:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.08 13:30:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2013.02.08 13:29:33 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.02.08 13:29:31 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.02.08 13:29:31 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.08 13:29:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.08 13:29:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.08 13:29:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.08 13:28:05 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2013.02.08 12:42:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.08 10:26:02 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013.02.07 17:53:43 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.02.07 17:46:00 | 000,788,728 | ---- | C] (Emsisoft GmbH) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\mbrmastr.exe
[2013.02.07 17:45:10 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\esetsmartinstaller_enu.exe
[2013.02.07 14:16:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Anwendungsdaten\Malwarebytes
[2013.02.07 14:10:32 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.07 13:30:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.07 11:01:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.06 19:08:46 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\aswMBR.exe
[2013.02.06 12:42:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.06 12:35:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.06 12:35:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.06 12:35:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.06 12:35:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.06 12:35:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.06 12:34:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Startmenü\Programme\Verwaltung
[2013.02.06 12:34:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.06 12:20:49 | 005,029,686 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\ComboFix.exe
[2013.02.05 22:53:03 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013.02.05 17:22:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Skype
[2013.02.05 17:22:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.02.05 16:21:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\tdsskiller.exe
[2013.02.05 13:21:16 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2013.02.05 13:19:43 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2013.02.05 13:18:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2013.02.05 13:18:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2013.02.05 13:13:53 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2013.02.05 13:12:24 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2013.02.05 13:09:05 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2013.02.05 13:03:43 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2013.02.05 13:00:35 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2013.02.05 11:49:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\OTL.exe
[2013.02.03 19:37:34 | 000,051,200 | ---- | C] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\rpinjgdb.sys
[2013.02.03 03:10:31 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2013.02.03 02:52:37 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2013.02.03 02:43:12 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.03 02:43:11 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.03 02:25:46 | 000,290,560 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2013.02.02 23:53:56 | 000,000,000 | ---D | C] -- C:\gamigo
[2013.02.02 21:24:41 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013.02.02 21:13:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.02.02 21:11:59 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2013.02.02 20:59:43 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013.02.02 20:59:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013.02.02 20:58:54 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2013.02.02 20:58:33 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013.02.02 20:58:18 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[1999.03.11 18:22:04 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\IRAABOUT.DLL
[1998.12.09 03:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAREG.DLL
[1998.12.09 03:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAMDMTR.DLL
[1998.12.09 03:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRALPTTR.DLL
[1998.12.09 03:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAWEBTR.DLL
[1998.12.09 03:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\IRASRIAL.DLL
========== Files - Modified Within 30 Days ==========
[2013.02.08 13:28:34 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.08 13:28:25 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.08 13:28:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.08 13:28:24 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.02.08 13:28:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.08 13:28:21 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.02.08 13:28:20 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.02.08 13:20:08 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Adobe Reader XI.lnk
[2013.02.08 13:13:26 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2013.02.08 10:44:40 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013.02.08 10:34:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.07 21:33:51 | 000,000,524 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\MBR.zip
[2013.02.07 17:46:09 | 000,788,728 | ---- | M] (Emsisoft GmbH) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\mbrmastr.exe
[2013.02.07 17:45:18 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\esetsmartinstaller_enu.exe
[2013.02.07 14:10:54 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.07 10:45:53 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.06 20:02:59 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\MBR.dat
[2013.02.06 19:08:55 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\aswMBR.exe
[2013.02.06 13:37:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.02.06 12:42:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.02.06 12:21:25 | 005,029,686 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\ComboFix.exe
[2013.02.06 12:18:48 | 000,582,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\adwcleaner.exe
[2013.02.05 21:47:04 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.05 20:57:21 | 000,450,648 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.05 20:57:21 | 000,433,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.05 20:57:21 | 000,081,008 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.05 20:57:21 | 000,068,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.05 17:22:54 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Skype.lnk
[2013.02.05 16:21:57 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\tdsskiller.exe
[2013.02.05 11:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\OTL.exe
[2013.02.04 11:45:01 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.04 11:29:09 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\SFDRV01.SYS
[2013.02.03 19:37:34 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\rpinjgdb.sys
[2013.02.03 02:43:12 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.03 02:43:11 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.03 00:02:43 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\Golfstar.lnk
[2013.02.02 21:13:25 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
========== Files Created - No Company Name ==========
[2013.02.08 13:20:08 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Adobe Reader XI.lnk
[2013.02.08 13:20:07 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Adobe Reader XI.lnk
[2013.02.07 21:02:40 | 000,000,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\MBR.zip
[2013.02.06 20:02:58 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\MBR.dat
[2013.02.06 12:42:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.02.06 12:42:30 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.02.06 12:35:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.06 12:35:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.06 12:35:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.06 12:35:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.06 12:35:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.02.06 12:18:18 | 000,582,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\adwcleaner.exe
[2013.02.05 17:22:54 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Skype.lnk
[2013.02.03 00:02:40 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop\Golfstar.lnk
[2013.02.02 21:23:33 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013.02.02 21:13:25 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013.02.02 21:13:07 | 000,001,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Microsoft Security Essentials.lnk
[2005.03.14 18:43:55 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.06.08 18:53:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 08.02.2013 13:32:54 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
253,98 Mb Total Physical Memory | 46,59 Mb Available Physical Memory | 18,35% Memory free
624,82 Mb Paging File | 295,16 Mb Available in Paging File | 47,24% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 16,14 Gb Free Space | 43,33% Space Free | Partition Type: NTFS
Computer Name: USER-7DF944BEE4 | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\gamigo\Golfstar\GolfStarPatcherLoader.exe" = C:\gamigo\Golfstar\GolfStarPatcherLoader.exe:*:Enabled:GSPatcher_Updater -- ()
"C:\gamigo\Golfstar\GolfStar.exe" = C:\gamigo\Golfstar\GolfStar.exe:*:Enabled:GolfStar -- ()
"C:\gamigo\Golfstar\GolfStarPatcher.exe" = C:\gamigo\Golfstar\GolfStarPatcher.exe:*:Enabled:GolfStar_Patcher -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511A5609-446A-11D5-9FA6-0060087051D5}" = T-DSL Treiber
"{75CC4631-B04D-4AD2-BA55-05EA00BD73B1}" = STK013
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8283FCCD-AC71-4DC1-A81E-4F244FBBE11D}" = T-Online 5.0
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91E0258F-5EB1-4790-A92C-F5882DF1D3B5}" = DVAG Online-System
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C53FB914-C1F6-4F9D-93E2-A3A84935EC15}" = Sinus 154 data II
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"kAmel V." = kAmel V. 3.2.9
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Passage 3 Christmas Edition" = Passage 3 Christmas Edition
"PokerStars.net" = PokerStars.net
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.02.2013 05:58:00 | Computer Name = USER-7DF944BEE4 | Source = Userenv | ID = 1508
Description = Die Registrierung konnte nicht geladen werden. Dies wird oft durch
zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen
Prozess verwendet wird. for C:\Dokumente und Einstellungen\Besitzer.USER-7DF944BEE4\ntuser.dat
Error - 07.02.2013 05:58:31 | Computer Name = USER-7DF944BEE4 | Source = Userenv | ID = 1502
Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche
Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigter lokales
Profil. Wenden Sie sich an den Netzwerkadministrator, wenn das Problem weiterhin
besteht. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem
anderen Prozess verwendet wird.
Error - 07.02.2013 05:58:31 | Computer Name = USER-7DF944BEE4 | Source = Userenv | ID = 1515
Description = Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung
dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error - 07.02.2013 05:59:02 | Computer Name = USER-7DF944BEE4 | Source = Userenv | ID = 1511
Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem
temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen,
gehen bei der Abmeldung verloren.
Error - 07.02.2013 06:18:00 | Computer Name = USER-7DF944BEE4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 07.02.2013 08:30:00 | Computer Name = USER-7DF944BEE4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 07.02.2013 09:13:15 | Computer Name = USER-7DF944BEE4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 07.02.2013 12:47:46 | Computer Name = USER-7DF944BEE4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 08.02.2013 05:35:43 | Computer Name = USER-7DF944BEE4 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 08.02.2013 08:09:42 | Computer Name = USER-7DF944BEE4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mse.exe, Version 6.1.83.92, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
[ System Events ]
Error - 08.02.2013 07:32:42 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
Error - 08.02.2013 07:33:57 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
Error - 08.02.2013 07:34:55 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
Error - 08.02.2013 07:36:08 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
Error - 08.02.2013 07:37:19 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
Error - 08.02.2013 07:39:11 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
Error - 08.02.2013 07:42:09 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
Error - 08.02.2013 08:27:47 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
Error - 08.02.2013 08:29:42 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 08.02.2013 08:29:42 | Computer Name = USER-7DF944BEE4 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1083" aufgetreten, als der Dienst "winmgmt"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
< End of report > --- --- ---
Lg Andrea |