Code:
# AdwCleaner v2.104 - Datei am 31/12/2012 um 16:23:56 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : AdminRW - MEPHISTO-1
# Bootmodus : Normal
# Ausgeführt unter : G:\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Dokumente und Einstellungen\AdminRW\Desktop\eBay.lnk
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKCU\Software\pdfforge.org
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\Software\pdfforge.org
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}]
***** [Internet Browser] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1335 octets] - [31/12/2012 16:11:18]
AdwCleaner[S1].txt - [1268 octets] - [31/12/2012 16:23:56]
########## EOF - C:\AdwCleaner[S1].txt - [1328 octets] ##########
Code:
OTL Extras logfile created on: 31.12.2012 16:35:22 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\AdminRW\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,19 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 44,48% Memory free
2,83 Gb Paging File | 2,26 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 17,80 Gb Total Space | 1,08 Gb Free Space | 6,07% Space Free | Partition Type: NTFS
Drive D: | 7,25 Gb Total Space | 0,53 Gb Free Space | 7,27% Space Free | Partition Type: NTFS
Drive E: | 16,06 Gb Total Space | 14,33 Gb Free Space | 89,28% Space Free | Partition Type: FAT32
Drive G: | 35,56 Gb Total Space | 6,92 Gb Free Space | 19,45% Space Free | Partition Type: FAT32
Drive Y: | 100,01 Gb Total Space | 42,61 Gb Free Space | 42,61% Space Free | Partition Type: NTFS
Computer Name: MEPHISTO-1 | User Name: AdminRW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1801674531-299502267-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\aocwiz.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\aocwiz.exe:*:enabled:Octopus CTI (aocwiz.exe) -- (Alcatel)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\aoconfig.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\aoconfig.exe:*:enabled:Octopus CTI (aoconfig.exe)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\uaproc.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\uaproc.exe:*:enabled:Octopus CTI (uaproc.exe) -- (ALCATEL)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\abers.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\abers.exe:*:enabled:Octopus CTI (abers.exe) -- (ALCATEL-LUCENT)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\appdiag\appdiag.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\appdiag\appdiag.exe:*:enabled:Octopus CTI (appdiag.exe) -- (Alcatel-Lucent)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe:*:enabled:Octopus CTI (aocphone.exe) -- (Alcatel)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\ACT\Act for Windows\ActSage.exe" = D:\Programme\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Programme\Sony Ericsson\Update Service\Update Service.exe" = E:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Programme\Iomega Storage Manager\IomegaStorageManager.exe" = C:\Programme\Iomega Storage Manager\IomegaStorageManager.exe:*:Enabled:Iomega Storage Manager 1.1.0.36768 -- (EMC)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\aocwiz.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\aocwiz.exe:*:enabled:Octopus CTI (aocwiz.exe) -- (Alcatel)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\uaproc.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\uaproc.exe:*:enabled:Octopus CTI (uaproc.exe) -- (ALCATEL)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\abers.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\abers.exe:*:enabled:Octopus CTI (abers.exe) -- (ALCATEL-LUCENT)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\appdiag\appdiag.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\appdiag\appdiag.exe:*:enabled:Octopus CTI (appdiag.exe) -- (Alcatel-Lucent)
"E:\Programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe" = E:\Programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe:*:enabled:Octopus CTI (aocphone.exe) -- (Alcatel)
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\Programme\BirdieSync\BirdieSync.exe" = C:\Programme\BirdieSync\BirdieSync.exe:*:Enabled:BirdieSync -- ()
"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Thunderbird -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09B71899-5174-4995-AD57-B326C128584C}" = klickTel Toolbar
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell-Druckersoftware
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CD66034-70BA-4EFE-9974-02094ABD07B1}" = Elcomsoft Blackberry Backup Explorer
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54FA5000-9FF8-47D5-BF65-4A17BE040242}" = klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2010
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.115.12060
"{831ADA8C-C73B-4915-AF8D-83D22BD58AA8}" = Octopus CTI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C8631E61-A148-4256-8B15-3D3C05FB69E0}" = Altova DatabaseSpy® 2010 rel. 3 sp 1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Link Webcam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"a-squared Free_is1" = a-squared Free 4.0
"asterisk key" = Asterisk Key 10.0
"avast" = avast! Free Antivirus
"BirdieSync" = BirdieSync 2.4.5.0
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exifer_is1" = Exifer
"FinitySoft Network Monitor" = FinitySoft Network Monitor 1.3
"Google Updater" = Google Updater
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"Iomega Storage Manager" = Iomega Storage Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PDF Editor 3" = PDF Editor 3
"PDFCreator Toolbar" = PDFCreator Toolbar
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Ericsson Update Service
"uTorrent" = µTorrent
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR
"winusb0100" = Microsoft WinUsb 1.0
"winusb0200" = Microsoft WinUsb 2.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.99.5
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 20.01.2010 05:00:00 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 21.01.2010 04:10:33 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 21.01.2010 04:10:33 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 21.01.2010 05:45:38 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 22.01.2010 04:42:36 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 22.01.2010 04:42:36 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 05.02.2010 04:05:55 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 05.02.2010 04:05:55 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 09.02.2010 03:53:27 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
Error - 09.02.2010 03:53:28 | Computer Name = MEPHISTO-1 | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 19.12.2012 04:22:18 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 19.12.2012 08:36:08 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 20.12.2012 03:18:20 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 21.12.2012 07:59:22 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 24.12.2012 05:58:45 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 24.12.2012 11:10:14 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 27.12.2012 07:47:24 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 27.12.2012 08:05:27 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 31.12.2012 08:31:57 | Computer Name = MEPHISTO-1 | Source = ACT! Scheduler | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.Exception: Unable to
start scheduler service. Fehlende Informationen zur Serverkonfiguration. bei
Act.Scheduler.SchedulerService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 31.12.2012 10:40:08 | Computer Name = MEPHISTO-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pev.exe, Version 0.0.0.0, fehlgeschlagenes
Modul pev.exe, Version 0.0.0.0, Fehleradresse 0x0008d1c0.
[ System Events ]
Error - 31.12.2012 11:40:09 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:40:39 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:41:09 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:41:39 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:42:09 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:42:39 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:43:09 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:43:39 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:44:09 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 31.12.2012 11:44:39 | Computer Name = MEPHISTO-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
verdammt, warum hab ich da zweimal das Extras Logfile? Code:
OTL logfile created on: 31.12.2012 16:35:22 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\AdminRW\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,19 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 44,48% Memory free
2,83 Gb Paging File | 2,26 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 17,80 Gb Total Space | 1,08 Gb Free Space | 6,07% Space Free | Partition Type: NTFS
Drive D: | 7,25 Gb Total Space | 0,53 Gb Free Space | 7,27% Space Free | Partition Type: NTFS
Drive E: | 16,06 Gb Total Space | 14,33 Gb Free Space | 89,28% Space Free | Partition Type: FAT32
Drive G: | 35,56 Gb Total Space | 6,92 Gb Free Space | 19,45% Space Free | Partition Type: FAT32
Drive Y: | 100,01 Gb Total Space | 42,61 Gb Free Space | 42,61% Space Free | Partition Type: NTFS
Computer Name: MEPHISTO-1 | User Name: AdminRW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\AdminRW\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - E:\Programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe (Alcatel)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Iomega Storage Manager\pCloudd.exe (Iomega Corp)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)
PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - D:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - E:\Programme\BySoft FreeRAM\FreeRAM.exe (BySoft)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
PRC - C:\Programme\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Alwil Software\Avast5\defs\12123100\algo.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AocDial\601edca6371b6b96640d83437492b0f0\AocDial.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\aocCS\056b3f4126aa483523856e3686722d70\aocCS.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\aocCommon\1058e37f8085b5ef16b9d2e650922c20\aocCommon.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CSBase\a716d30b6f8dc01a8392afd2ea43b9dc\CSBase.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll ()
MOD - E:\Programme\Deutsche_Telekom\Octopus_CTI\AocDial.XmlSerializers.dll ()
MOD - E:\Programme\Deutsche_Telekom\Octopus_CTI\aocCS.XmlSerializers.dll ()
MOD - E:\Programme\Deutsche_Telekom\Octopus_CTI\CSBase.XmlSerializers.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - E:\Programme\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2010\ktaddin.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - E:\Programme\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2010\ktworda.dll ()
MOD - C:\Programme\Exifer\ExiferShellExt.dll ()
MOD - E:\Programme\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2010\KSDB32.DLL ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (PCloudd) -- C:\Programme\Iomega Storage Manager\pCloudd.exe (Iomega Corp)
SRV - (nosGetPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACT! Scheduler) -- D:\Programme\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
SRV - (DLPWD) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
SRV - (a2free) -- C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (MSSQL$ACT7) -- D:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (DLSDB) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOKUME~1\AdminRW\LOKALE~1\Temp\catchme.sys File not found
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vNICdrv) -- C:\WINDOWS\system32\drivers\vNICdrv.sys (Iomega Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (VIAudio) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1801674531-299502267-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1801674531-299502267-725345543-1003\..\SearchScopes\{00000000-0000-0000-0000-474f4f474c45}: "URL" = hxxp://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1801674531-299502267-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1801674531-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Programme\Virtual Earth 3D\ [2009.11.05 15:15:24 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Programme\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Programme\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.10.01 13:59:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2012.12.27 13:16:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.12.06 15:27:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.06 15:26:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.11.21 10:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Programme\BirdieSync\Sunbird Service [2012.12.19 10:11:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Programme\BirdieSync\Thunderbird Service [2012.12.19 10:11:06 | 000,000,000 | ---D | M]
[2011.04.20 08:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Extensions
[2010.03.24 11:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.20 08:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.10.24 10:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Firefox\Profiles\drkp85kh.default\extensions
[2009.01.16 15:33:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Firefox\Profiles\drkp85kh.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012.09.17 11:08:32 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Firefox\Profiles\drkp85kh.default\extensions\ich@maltegoetz.de
[2011.11.07 12:15:01 | 000,000,000 | ---D | M] (Firebomb) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Firefox\Profiles\drkp85kh.default\extensions\jid1-b0kjLv16eZMFBw@jetpack
[2011.10.05 08:18:38 | 000,021,093 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Firefox\Profiles\drkp85kh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.09.14 08:57:12 | 000,698,867 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Mozilla\Firefox\Profiles\drkp85kh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.12.06 15:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.06 15:27:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.20 08:55:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 07:34:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.20 08:55:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 08:55:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 08:55:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 08:55:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.12.31 15:44:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} - C:\Programme\klickTel\klickTel Toolbar\kttoolbar.dll (klickTel AG)
O3 - HKLM\..\Toolbar: (&klickTel Toolbar) - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\Programme\klickTel\klickTel Toolbar\kttoolbar.dll (klickTel AG)
O4 - HKLM..\Run: [Act! Preloader] D:\Programme\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [DLPSP] C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLQLU] C:\Programme\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLUPDR] C:\Programme\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-1801674531-299502267-725345543-1003..\Run: [BirdieSync] C:\Programme\BirdieSync\BirdieSync.exe ()
O4 - HKU\S-1-5-21-1801674531-299502267-725345543-1003..\Run: [BySoft FreeRAM] E:\Programme\BySoft FreeRAM\FreeRAM.exe (BySoft)
O4 - Startup: C:\Dokumente und Einstellungen\AdminRW\Startmenü\Programme\Autostart\Octopus CTI.lnk = E:\Programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe (Alcatel)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SideACT!.lnk = C:\Programme\ACT\SideACT.exe (Interact Commerce Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Bischof-UWS\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-299502267-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-299502267-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-299502267-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-1801674531-299502267-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-299502267-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47103326-EBF2-403D-9F35-083F65DE6239}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47103326-EBF2-403D-9F35-083F65DE6239}: NameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\AdminRW\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\AdminRW\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.05.08 13:31:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.01.06 13:32:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.31 15:37:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.12.31 15:26:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.12.31 15:26:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.12.31 15:26:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.12.31 15:26:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.12.31 15:26:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.31 15:25:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.12.28 14:20:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminRW\Desktop\mbar
[2012.12.28 12:10:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\AdminRW\Desktop\OTL.exe
[2012.12.27 17:11:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\Malwarebytes
[2012.12.27 17:10:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.12.27 17:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.12.27 17:10:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.12.27 17:10:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.12.24 14:47:15 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.19 11:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\MyPhoneExplorer
[2012.12.19 11:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MyPhoneExplorer
[2012.12.19 11:35:27 | 000,000,000 | ---D | C] -- C:\Programme\MyPhoneExplorer
[2012.12.19 10:11:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\BirdieSync
[2012.12.19 10:11:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BirdieSync
[2012.12.19 10:10:40 | 000,000,000 | ---D | C] -- C:\Programme\BirdieSync
[2012.12.06 15:26:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.12.31 16:29:37 | 000,000,952 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2012.12.31 16:29:18 | 000,000,008 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2053B4AD07.sys
[2012.12.31 16:25:47 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.31 16:25:45 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.12.31 16:25:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.31 16:24:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.31 16:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.12.31 15:44:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.12.31 15:37:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.12.31 13:31:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.28 14:20:27 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminRW\Desktop\mbar-1.01.0.1011.zip
[2012.12.28 12:10:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\AdminRW\Desktop\OTL.exe
[2012.12.28 11:35:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.12.27 17:10:24 | 000,000,761 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.27 13:16:16 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.12.24 13:07:52 | 000,003,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.21 12:49:38 | 000,000,259 | ---- | M] () -- C:\WINDOWS\ktel.ini
[2012.12.19 11:45:03 | 000,000,060 | ---- | M] () -- C:\settings.dat
[2012.12.19 11:36:39 | 000,001,725 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MyPhoneExplorer.lnk
[2012.12.12 12:04:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.12.12 12:04:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.12.12 10:17:21 | 000,001,708 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.12.31 16:29:18 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2053B4AD07.sys
[2012.12.31 15:37:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.12.31 15:37:03 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.12.31 15:26:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.12.31 15:26:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.12.31 15:26:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.12.31 15:26:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.12.31 15:26:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.12.28 14:19:48 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminRW\Desktop\mbar-1.01.0.1011.zip
[2012.12.27 17:10:24 | 000,000,761 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.27 13:16:15 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.12.24 13:07:52 | 000,003,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.19 11:45:03 | 000,000,060 | ---- | C] () -- C:\settings.dat
[2012.12.19 11:36:38 | 000,001,725 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MyPhoneExplorer.lnk
[2012.12.12 10:17:21 | 000,001,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk
[2011.05.18 19:24:46 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2010.08.17 16:28:30 | 001,058,792 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.08.12 10:33:54 | 000,000,952 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.08.09 14:57:08 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini
[2009.05.15 19:00:44 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminRW\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.16 16:57:17 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat
[2001.05.13 08:42:57 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminRW\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2001.05.12 09:43:06 | 000,000,966 | -H-- | C] () -- C:\Dokumente und Einstellungen\AdminRW\Anwendungsdaten\xpy.ini
========== ZeroAccess Check ==========
[2001.05.13 08:01:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2010.08.12 10:30:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Desktop
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008.04.14 06:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
so, hab mal die doppelten Einträge der Übersicht halber gelöscht... |
Textbox. 