Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware on old Windows XP SP2 inhibts automatic upgrade to SP3?


  • Please log in to reply

#31
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Nothing worked. I upgraded to IE 8, but no difference in behavior.

The file is attached

Attached Files


  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Make sure IE is closed.

Copy the next 5 lines:

net stop wuauserv
cd \windows
ren softwaredistribution oldsoftwaredistribution
del windowsupdate.log
net start wuauserv

Start, Run, cmd, OK then right click and Paste or Edit then Paste and the copied lines will appear. Hit Enter.

Now try another WindowsUpdate. If it fails, attach c:\windows\windowsupdate.log
  • 0

#33
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
This procedure worked.

112 updates were installed.
  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Great.

Any more problems?
  • 0

#35
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Many thanks for your help. Unfortunately, it did not solve my initial problem. I want to use an XSStick W21 from 4g to use mobile Internet via UMTS. This stick runs fine on my Windows 7 computer, but if I attach it to the laptop problems arise. In the explorer you see the stick as drive F:. If I click on it, an error occurs saying that I should put a data storage hardware into drive F:. Obviously the laptop cannot read the installation software on the stick. If I download the installation software externally, it says it cannot find the USB stick. Nevertheless, 4G says that the stick should work under XP SP3. Maybe you have an advice? It seems that the problem is the recognition of the stick by XP.
  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
You have a program called 1&1 Surf-Stick which seems to do the same thing. Try uninstalling it.

You may need to uninstall Autorun Eater for this thing to work. Also right click on the orange Avast ball and Avast Shields Control, Disable for 10 minutes before you plug it in.

If that doesn't help then run OTL with the stick plugged in.

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Also
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* Application
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
  • 0

#37
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I have attached the files. No change in behavior yet.
otl.txt
OTL logfile created on: 26.02.2013 19:55:19 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

510,92 Mb Total Physical Memory | 245,91 Mb Available Physical Memory | 48,13% Memory free
1,97 Gb Paging File | 1,79 Gb Available in Paging File | 90,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,44 Gb Total Space | 5,67 Gb Free Space | 20,67% Space Free | Partition Type: NTFS
Drive D: | 6,56 Gb Total Space | 5,59 Gb Free Space | 85,16% Space Free | Partition Type: NTFS
Drive E: | 309,45 Mb Total Space | 307,21 Mb Free Space | 99,28% Space Free | Partition Type: FAT32

Computer Name: AKS23 | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.08 19:36:22 | 014,054,968 | ---- | M] (VS Revo Group) -- C:\Programme\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
PRC - [2013.01.30 17:25:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 07:52:40 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2003.06.24 13:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2003.01.24 15:36:42 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003.01.17 09:02:18 | 000,831,549 | ---- | M] (Xpoint Technologies) -- C:\Programme\xpoint\EEClient\Xpclient.exe
PRC - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () -- C:\Programme\xpoint\xpadmin\xpadmin.exe
PRC - [2001.06.15 17:18:30 | 000,020,549 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\javaw.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.24 22:35:02 | 002,063,360 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\13022401\algo.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.08.23 21:41:22 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007.05.11 01:31:33 | 000,921,600 | ---- | M] () -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
MOD - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
MOD - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () -- C:\Programme\xpoint\xpadmin\xpadmin.exe
MOD - [2001.06.15 17:18:34 | 000,053,326 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\zip.dll
MOD - [2001.06.15 17:18:34 | 000,053,319 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\verify.dll
MOD - [2001.06.15 17:18:32 | 000,032,841 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\net.dll
MOD - [2001.06.15 17:18:30 | 000,086,093 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\java.dll
MOD - [2001.06.15 17:18:30 | 000,028,753 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\hpi.dll
MOD - [2001.06.15 17:18:30 | 000,020,549 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\javaw.exe
MOD - [2001.06.15 17:18:28 | 000,765,952 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\hotspot\jvm.dll
MOD - [1999.08.10 17:32:22 | 000,017,920 | ---- | M] () -- C:\Programme\xpoint\EEClient\Implode.dll


========== Services (SafeList) ==========

SRV - [2013.02.06 15:02:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.11 16:13:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2003.01.24 15:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) [On_Demand | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003.01.24 15:36:42 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003.01.17 09:05:44 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Programme\xpoint\pe\pcradmin.exe -- (PCRadminServer)
SRV - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Programme\xpoint\xpadmin\xpadmin.exe -- (XPadminServer)
SRV - [2002.08.12 02:17:04 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\Psasrv.exe -- (PsaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOKUME~1\Leonard\LOKALE~1\Temp\kbeepm.sys -- (kbeepm)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Stefan\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.01 06:48:26 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CESG502.SYS -- (PVUSB)
DRV - [2009.12.30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.09.25 14:10:05 | 000,034,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV5C.sys -- (SSHDRV5C)
DRV - [2009.08.23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.15 14:40:51 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.01.05 20:39:47 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.10.31 13:42:12 | 000,024,064 | ---- | M] (Sophos plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccess Filter)
DRV - [2007.10.31 13:41:46 | 000,080,128 | ---- | M] (Sophos plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccess Control)
DRV - [2007.02.28 18:54:30 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.04.04 14:17:40 | 000,054,144 | ---- | M] (ULi Electronics Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9206T02Q.sys -- (M9207)
DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004.08.04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.03.11 05:15:00 | 000,023,168 | R--- | M] (Knobloch GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftusb.sys -- (ftusb)
DRV - [2003.12.05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.04.29 22:01:06 | 000,542,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.03.27 02:06:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2003.03.12 14:16:44 | 002,390,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2003.01.17 01:32:00 | 000,015,360 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2003.01.12 16:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2002.12.26 02:10:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2002.12.26 01:32:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002.12.26 01:32:00 | 000,008,830 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002.11.20 14:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002.10.18 11:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002.09.19 18:41:28 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002.09.13 07:04:42 | 000,006,003 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2002.07.15 13:45:28 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001.08.17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 13:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [1999.11.11 09:23:02 | 000,029,788 | ---- | M] (Xpoint Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\srntflt.sys -- (SRFilter)
DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 81 97 0B 73 0E CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {D862D913-9255-42EB-AB1E-CC13CBD45E64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{D862D913-9255-42EB-AB1E-CC13CBD45E64}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...de-DE:official"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7BCE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B%7D:3.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.8


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.12.16 12:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.06 15:02:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.06 15:02:19 | 000,000,000 | ---D | M]

[2008.07.03 16:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Extensions
[2013.02.15 17:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions
[2010.02.06 20:32:05 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.12.16 12:17:47 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\[email protected]
[2012.12.16 12:18:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\[email protected]
[2013.02.11 09:44:37 | 000,328,332 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013.02.15 17:56:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.03 15:13:06 | 000,434,392 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.02.06 15:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.06 15:02:07 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.12.16 12:40:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.02.06 15:02:43 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.09.15 10:03:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.01.16 13:48:05 | 000,002,058 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003.10.07 06:36:00 | 000,001,043 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 134.169.44.164 aks1.org-chem.nat.tu-bs.de aks1
O1 - Hosts: 134.169.44.165 aks2.org-chem.nat.tu-bs.de aks2
O1 - Hosts: 134.169.44.168 aks4.org-chem.nat.tu-bs.de aks4
O1 - Hosts: 134.169.44.169 aks5.org-chem.nat.tu-bs.de aks5
O1 - Hosts: 134.169.44.170 aks6.org-chem.nat.tu-bs.de aks6
O1 - Hosts: 133.169.44.175 aks7.org-chem.nat.tu-bs.de aks8
O1 - Hosts: 134.169.44.176 aks8.org-chem.nat.tu-bs.de aks9
O1 - Hosts: 134.169.44.177 aks9.org-chem.nat.tu-bs.de aks10
O1 - Hosts: 134.169.44.178 aks10.org-chem.nat.tu-bs.de aks11
O1 - Hosts: 134.169.44.179 aks11.org-chem.nat.tu-bs.de aks12
O1 - Hosts: 134.169.44.187 aks12.org-chem.nat.tu-bs.de aks13
O1 - Hosts: 134.169.44.119 aks13.org-chem.nat.tu-bs.de aks14
O1 - Hosts: 134.169.44.91 aks14.org-chem.nat.tu-bs.de aks15
O1 - Hosts: 134.169.44.92 aks15.org-chem.nat.tu-bs.de aks16
O1 - Hosts: 134.169.44.89 aks16.org-chem.nat.tu-bs.de aks17
O1 - Hosts: 134.169.44.3 aks17.org-chem.nat.tu-bs.de andreas
O1 - Hosts: 134.169.44.76 andreas.org-chem.nat.tu-bs.de andreas
O1 - Hosts: 134.169.44.183 greg.org-chem.nat.tu-bs.de greg
O1 - Hosts: 134.169.44.79 jeroen.org-chem.nat.tu-bs.de jeroen
O1 - Hosts: 134.169.44.180 laptop.org-chem.nat.tu-bs.de laptop
O1 - Hosts: 134.169.44.134 pc322.org-chem.nat.tu-bs.de pc322
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 16
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: bahn.de ([reiseauskunft] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Vertrauenswürdige Sites)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1083585491781 (MSSecurityAdvisor Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-18.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1360246058424 (WUWebControl Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8019.0130092593 (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = org-chem.nat.tu-bs.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141AD400-7912-43B6-BD07-6B5186324C44}: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.04 17:20:47 | 000,000,077 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013.02.01 14:47:33 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013.02.01 14:47:33 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002.09.24 11:43:10 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.BBB -- [ FAT32 ]
O32 - AutoRun File - [2002.09.24 11:43:12 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002.09.24 11:43:12 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.ccc -- [ FAT32 ]
O32 - AutoRun File - [2013.02.01 14:47:36 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.25 10:22:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.25 09:42:47 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2013.02.25 09:37:54 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013.02.25 09:37:49 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2013.02.25 09:37:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2013.02.25 09:34:07 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2013.02.25 09:33:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2013.02.25 09:33:46 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2013.02.25 09:33:20 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2013.02.25 09:33:19 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2013.02.25 09:32:24 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2013.02.25 09:28:55 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2013.02.25 09:28:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2013.02.25 09:24:24 | 002,195,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013.02.25 09:24:21 | 000,737,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2013.02.25 09:24:20 | 002,151,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013.02.25 09:24:19 | 002,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013.02.25 09:22:25 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2013.02.25 09:22:19 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2013.02.25 09:19:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013.02.18 17:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013.02.18 17:19:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\oldsoftwaredistribution
[2013.02.18 16:12:23 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.18 14:50:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2013.02.18 14:50:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Fix it Center
[2013.02.18 14:37:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Stefan\IECompatCache
[2013.02.18 14:35:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Stefan\PrivacIE
[2013.02.18 14:33:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Stefan\IETldCache
[2013.02.18 14:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013.02.18 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013.02.18 14:09:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013.02.18 14:00:16 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013.02.18 13:58:32 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013.02.18 13:58:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013.02.18 13:58:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013.02.18 13:58:28 | 002,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013.02.18 13:58:26 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013.02.18 13:40:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Stefan\Recent
[2013.02.18 11:43:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\ElevatedDiagnostics
[2013.02.18 11:39:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows PowerShell 1.0
[2013.02.18 11:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013.02.15 17:50:30 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013.02.15 17:50:19 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013.02.13 09:56:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Desktop\Dial-a-fix-v0.60.0.24
[2013.02.13 09:56:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\WinRAR
[2013.02.12 09:42:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VS Revo Group
[2013.02.11 13:21:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013.02.07 15:08:10 | 000,015,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2013.02.07 15:07:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Stefan\UserData
[2013.02.07 14:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.02.07 14:29:39 | 001,371,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2013.02.07 14:29:39 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2013.02.07 14:24:40 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2013.02.07 14:24:38 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2013.02.07 14:24:36 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2013.02.07 14:24:22 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2013.02.07 14:24:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2013.02.07 14:24:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2013.02.07 14:24:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013.02.07 14:24:10 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2013.02.07 14:24:10 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013.02.07 14:24:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2013.02.07 14:24:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2013.02.07 14:24:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2013.02.07 14:24:07 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2013.02.07 14:24:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2013.02.07 14:24:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2013.02.07 14:24:06 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2013.02.07 14:24:06 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2013.02.07 14:24:06 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2013.02.07 14:24:05 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2013.02.07 14:24:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2013.02.07 14:24:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2013.02.07 14:24:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2013.02.07 14:23:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2013.02.07 14:23:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2013.02.07 14:23:57 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2013.02.07 14:23:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2013.02.07 14:23:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2013.02.07 14:23:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2013.02.07 14:23:56 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2013.02.07 14:23:55 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2013.02.07 14:23:55 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2013.02.07 14:23:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2013.02.07 14:23:55 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2013.02.07 14:23:52 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2013.02.07 14:23:52 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2013.02.07 14:23:51 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013.02.07 14:23:51 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2013.02.07 14:23:50 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2013.02.07 14:23:46 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013.02.07 14:23:45 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2013.02.07 14:23:44 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2013.02.07 14:23:44 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2013.02.07 14:14:49 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2013.02.07 13:57:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013.02.06 15:02:04 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.02.06 11:19:12 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2013.02.06 11:19:11 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013.02.06 11:19:10 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013.02.06 11:19:09 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013.02.06 11:19:07 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013.02.06 11:19:06 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2013.02.06 11:19:06 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2013.02.06 11:19:05 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013.02.06 11:19:04 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013.02.06 11:19:02 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013.02.06 11:19:00 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013.02.06 11:19:00 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013.02.06 11:19:00 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013.02.06 11:18:59 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013.02.06 11:18:58 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2013.02.06 11:18:57 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013.02.06 11:18:57 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013.02.06 11:18:56 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013.02.06 11:18:55 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013.02.06 11:15:50 | 000,640,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2013.02.06 11:15:50 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2013.02.06 11:15:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2013.02.06 11:15:49 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2013.02.06 11:15:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2013.02.06 11:15:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2013.02.06 11:15:49 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2013.02.06 11:15:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2013.02.06 11:15:48 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2013.02.06 11:15:47 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2013.02.06 11:15:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2013.02.06 11:15:47 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2013.02.06 11:15:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2013.02.06 11:15:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2013.02.06 11:15:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2013.02.06 11:15:43 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2013.02.06 11:15:43 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2013.02.06 11:15:43 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2013.02.06 11:15:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2013.02.06 11:15:43 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2013.02.06 11:15:42 | 001,867,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2013.02.06 11:15:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2013.02.06 11:15:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2013.02.06 11:15:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2013.02.06 11:15:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2013.02.06 11:15:40 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2013.02.06 11:15:40 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2013.02.06 11:15:39 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2013.02.06 11:15:39 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2013.02.06 11:15:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2013.02.06 11:15:38 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2013.02.06 11:15:36 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2013.02.06 11:15:36 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2013.02.06 11:15:36 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2013.02.06 11:15:33 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2013.02.06 11:15:32 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2013.02.06 11:15:31 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2013.02.06 11:15:31 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2013.02.06 11:15:30 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2013.02.06 11:15:30 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2013.02.06 11:15:30 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2013.02.06 11:15:29 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2013.02.06 11:15:29 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2013.02.06 11:15:28 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2013.02.06 11:15:28 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2013.02.06 11:15:28 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2013.02.06 11:15:26 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2013.02.06 11:15:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2013.02.06 11:15:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2013.02.06 11:15:25 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2013.02.06 11:15:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2013.02.06 11:15:23 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2013.02.06 11:15:22 | 002,072,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2013.02.06 11:15:22 | 000,081,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2013.02.06 11:15:20 | 002,195,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2013.02.05 08:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\VS Revo Group
[2013.02.05 08:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Revo Uninstaller Pro
[2013.02.05 08:30:31 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013.02.05 08:30:23 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2013.02.04 15:33:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Malwarebytes
[2013.02.04 15:33:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.02.04 15:33:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.02.04 15:33:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.02.04 15:33:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.02.01 15:22:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.01 15:19:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.01 15:19:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.01 15:19:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.01 15:19:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.01 15:19:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.01 15:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.01 14:47:33 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2013.01.31 14:41:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup
[2013.01.30 17:10:04 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2013.01.30 16:25:36 | 000,000,000 | ---D | C] -- C:\UserData
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1644 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.26 19:48:47 | 000,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.26 19:48:47 | 000,000,104 | ---- | M] () -- C:\WINDOWS\IBMVPD.INI
[2013.02.26 19:47:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.26 19:47:46 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.02.26 19:47:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.25 11:09:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.25 10:54:17 | 000,441,858 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.25 10:54:17 | 000,425,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.25 10:54:17 | 000,085,874 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.25 10:54:17 | 000,072,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.25 10:48:55 | 000,317,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.25 10:20:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.18 14:50:40 | 000,000,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Fix it Center.lnk
[2013.02.18 13:41:07 | 000,000,954 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\cc_20130218_134102.reg
[2013.02.18 13:33:45 | 000,010,548 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\cc_20130218_133340.reg
[2013.02.18 10:58:05 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013.02.12 10:15:43 | 000,000,749 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Verknüpfung mit ComboFix.exe.lnk
[2013.02.12 09:42:35 | 000,000,910 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013.02.07 14:46:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013.02.07 14:08:10 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2013.02.07 10:01:05 | 000,021,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\cc_20130207_100056.reg
[2013.02.06 14:36:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013.02.06 14:36:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013.02.06 09:55:03 | 012,591,104 | ---- | M] () -- C:\WINDOWS\sectest.db
[2013.02.06 09:43:06 | 000,049,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\AutoRuns.zip
[2013.02.06 09:42:15 | 001,161,258 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\AutoRuns.arn
[2013.02.01 15:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.02.01 15:14:41 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\MBR.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1644 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.25 09:40:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.02.25 09:40:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013.02.18 14:50:40 | 000,000,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Fix it Center.lnk
[2013.02.18 14:50:40 | 000,000,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Fix it Center.lnk
[2013.02.18 14:12:08 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013.02.18 13:41:03 | 000,000,954 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\cc_20130218_134102.reg
[2013.02.18 13:33:42 | 000,010,548 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\cc_20130218_133340.reg
[2013.02.12 10:15:43 | 000,000,749 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Verknüpfung mit ComboFix.exe.lnk
[2013.02.12 09:42:35 | 000,000,910 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013.02.07 14:24:46 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2013.02.07 14:24:46 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2013.02.07 14:24:45 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2013.02.07 14:24:45 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2013.02.07 14:24:45 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2013.02.07 14:24:45 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2013.02.07 14:24:45 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2013.02.07 14:24:44 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2013.02.07 14:24:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2013.02.07 14:24:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2013.02.07 14:24:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2013.02.07 14:24:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2013.02.07 14:24:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2013.02.07 14:24:44 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2013.02.07 14:24:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2013.02.07 14:24:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2013.02.07 14:24:43 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2013.02.07 14:24:41 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2013.02.07 14:24:41 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2013.02.07 14:24:41 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2013.02.07 14:24:41 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2013.02.07 14:24:40 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2013.02.07 14:24:40 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2013.02.07 14:24:40 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2013.02.07 14:24:40 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2013.02.07 14:24:40 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2013.02.07 14:24:40 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2013.02.07 14:24:40 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2013.02.07 14:24:40 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2013.02.07 14:24:40 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2013.02.07 14:24:40 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2013.02.07 14:24:40 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2013.02.07 14:24:40 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2013.02.07 14:24:40 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2013.02.07 14:24:40 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2013.02.07 14:24:40 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2013.02.07 14:24:40 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2013.02.07 14:24:40 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2013.02.07 14:24:40 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2013.02.07 14:24:40 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2013.02.07 14:24:40 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2013.02.07 14:24:40 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2013.02.07 14:24:40 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2013.02.07 14:24:39 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2013.02.07 14:24:39 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2013.02.07 14:24:39 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2013.02.07 14:24:39 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2013.02.07 14:24:39 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2013.02.07 14:24:39 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2013.02.07 14:24:39 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2013.02.07 14:24:39 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2013.02.07 14:24:39 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2013.02.07 14:24:39 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2013.02.07 14:24:39 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2013.02.07 14:24:39 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2013.02.07 14:24:39 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2013.02.07 14:24:39 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2013.02.07 14:24:39 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2013.02.07 14:24:39 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2013.02.07 14:24:39 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2013.02.07 14:24:39 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2013.02.07 14:24:39 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2013.02.07 14:24:39 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2013.02.07 14:24:39 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2013.02.07 14:24:38 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2013.02.07 14:24:38 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2013.02.07 14:24:37 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2013.02.07 14:24:36 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2013.02.07 14:24:35 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2013.02.07 14:24:35 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2013.02.07 14:24:34 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2013.02.07 14:24:34 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2013.02.07 14:24:34 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2013.02.07 14:24:34 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2013.02.07 14:24:34 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2013.02.07 14:24:34 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2013.02.07 14:24:34 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2013.02.07 14:24:34 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2013.02.07 14:24:34 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2013.02.07 14:24:34 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2013.02.07 10:00:58 | 000,021,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\cc_20130207_100056.reg
[2013.02.06 14:35:43 | 000,000,104 | ---- | C] () -- C:\WINDOWS\IBMVPD.INI
[2013.02.06 09:52:54 | 012,591,104 | ---- | C] () -- C:\WINDOWS\sectest.db
[2013.02.06 09:43:06 | 000,049,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\AutoRuns.zip
[2013.02.06 09:42:13 | 001,161,258 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\AutoRuns.arn
[2013.02.01 15:22:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.02.01 15:22:22 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.02.01 15:19:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.01 15:19:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.01 15:19:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.01 15:19:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.01 15:19:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.02.01 15:14:41 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\MBR.dat
[2012.09.26 11:32:37 | 000,317,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.26 15:29:37 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.10.31 14:42:32 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.06.29 18:31:49 | 000,000,406 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2006.09.20 17:10:58 | 000,173,860 | ---- | C] () -- C:\Programme\20.09.2006leo.saf
[2006.09.20 17:00:18 | 000,518,992 | ---- | C] () -- C:\Programme\2 9 2006.saf
[2006.09.07 18:46:36 | 000,563,080 | ---- | C] () -- C:\Programme\9 9 2006.saf
[2006.09.04 19:49:12 | 000,538,200 | ---- | C] () -- C:\Programme\i3 9 2006.saf
[2006.08.29 18:03:18 | 000,524,796 | ---- | C] () -- C:\Programme\leoletzterferientag2006.saf
[2006.05.17 18:55:57 | 000,382,096 | ---- | C] () -- C:\Programme\10.5.06.saf
[2005.01.19 10:58:24 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.12.06 14:30:11 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
[2003.12.23 19:42:24 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003.11.07 12:01:21 | 000,008,595 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\gsview32.ini
[2003.10.31 22:38:08 | 000,000,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\sversion.ini

========== ZeroAccess Check ==========

[2005.01.19 10:02:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

extras.txt

OTL Extras logfile created on: 26.02.2013 19:55:19 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

510,92 Mb Total Physical Memory | 245,91 Mb Available Physical Memory | 48,13% Memory free
1,97 Gb Paging File | 1,79 Gb Available in Paging File | 90,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,44 Gb Total Space | 5,67 Gb Free Space | 20,67% Space Free | Partition Type: NTFS
Drive D: | 6,56 Gb Total Space | 5,59 Gb Free Space | 85,16% Space Free | Partition Type: NTFS
Drive E: | 309,45 Mb Total Space | 307,21 Mb Free Space | 99,28% Space Free | Partition Type: FAT32

Computer Name: AKS23 | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\EXCEL.EXE" = C:\Programme\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)
"C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\ChemDraw.exe" = C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\ChemDraw.exe:*:Enabled:ChemBioDraw Ultra 12.0 -- (CambridgeSoft Corp.)
"C:\Programme\CambridgeSoft\ChemOffice2010\ChemFinder\CFWord.exe" = C:\Programme\CambridgeSoft\ChemOffice2010\ChemFinder\CFWord.exe:*:Enabled:ChemBioFinder for Office 12.0 -- (CambridgeSoft Corp.)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\Chem3D.exe" = C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\Chem3D.exe:*:Enabled:Chem3D Pro 12.0 -- (CambridgeSoft Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = IBM RecordNow Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{34245C50-792C-437D-A4AF-645FF041739B}" = Connection Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{5EAF9A83-3B91-45BF-8F2D-990BBEBDC9AB}" = Intel® Sebring API
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad-UltraNav-Assistent
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ONENOTE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ONENOTE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ONENOTE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ONENOTE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ONENOTE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ONENOTE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "IBM TrackPoint-Eingabehilfen"
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.32
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.6 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Citavi" = Citavi 2.4.7.1
"Defraggler" = Defraggler
"EasyEject Utility" = Dienstprogramm 'IBM ThinkPad EasyEject'
"IBM Rapid Restore PC" = IBM Rapid Restore PC
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MassLibUninstall.exe" = MassLib 8.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MiKTeX" = MiKTeX
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuVo Driver" = MuVo Driver
"NSchach_is1" = N Schach 2.3
"Office8.0" = Microsoft Office 97, Professional Edition
"ONENOTE" = Microsoft Office OneNote 2007
"Pegasus Mail" = Pegasus Mail
"Power Features" = IBM ThinkPad 'Akku-MaxiMiser' und Stromsparfunktionen
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad 'Präsentationsdirektor'
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThinkPad Configuration" = IBM ThinkPad-Konfiguration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Installationsprogramm für ThinkPad-Software
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinEdt" = WinEdt
"WinRAR archiver" = WinRAR 4.00 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StarOffice 7" = StarOffice 7

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05.02.2013 03:33:53 | Computer Name = AKS23 | Source = MsiInstaller | ID = 11721
Description = Produkt: Sophos Anti-Virus -- Fehler 1721. Es liegt ein dieses Windows
Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation
erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das
Supportpersonal oder den Hersteller des Pakets. Aktion: UnregisterSAVMain, Pfad:
C:\Programme\, Befehl: "C:\Programme\Sophos\Sophos Anti-Virus\\SavMain.exe" /unregserver


Error - 18.02.2013 09:51:53 | Computer Name = AKS23 | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072F8F

Error - 18.02.2013 12:24:12 | Computer Name = AKS23 | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072F8F

Error - 18.02.2013 12:45:56 | Computer Name = AKS23 | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072F8F

[ OSession Events ]
Error - 30.01.2009 17:14:28 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6424
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 26.02.2009 07:04:06 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 6196 seconds with 2280 seconds of active time. This session ended with a
crash.

Error - 12.03.2009 14:09:05 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9206
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 23.03.2009 07:06:26 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6544
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23.03.2009 07:06:31 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6537
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 11.07.2009 12:57:46 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 496
seconds with 120 seconds of active time. This session ended with a crash.

Error - 21.08.2009 07:09:14 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13886
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21.08.2009 07:09:15 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13810
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.09.2009 06:06:14 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 712
seconds with 540 seconds of active time. This session ended with a crash.

Error - 26.01.2011 16:29:29 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 153
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19.02.2013 03:03:14 | Computer Name = AKS23 | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 21.02.2013 14:50:13 | Computer Name = AKS23 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

Error - 21.02.2013 14:51:21 | Computer Name = AKS23 | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 21.02.2013 14:52:01 | Computer Name = AKS23 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.

Error - 25.02.2013 03:44:44 | Computer Name = AKS23 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

Error - 25.02.2013 03:46:22 | Computer Name = AKS23 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.

Error - 25.02.2013 05:49:18 | Computer Name = AKS23 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

Error - 25.02.2013 15:42:49 | Computer Name = AKS23 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

Error - 25.02.2013 15:43:28 | Computer Name = AKS23 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Cdrom

Error - 26.02.2013 14:47:42 | Computer Name = AKS23 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

[ TuneUp Events ]
Error - 28.12.2008 13:30:34 | Computer Name = AKS23 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 28.12.2008 13:30:54 | Computer Name = AKS23 | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >

vew.txt

Vino's Event Viewer v01c run on Windows XP in German
Report run at 26/02/2013 20:12:43

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Fehler Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/02/2013 17:45:56
Type: Fehler Category: 0
Event: 3 Source: MatSvc
The MATS service encountered a web service failure. hr=0x80072F8F

Log: 'Application' Date/Time: 18/02/2013 17:24:12
Type: Fehler Category: 0
Event: 3 Source: MatSvc
The MATS service encountered a web service failure. hr=0x80072F8F

Log: 'Application' Date/Time: 18/02/2013 14:51:53
Type: Fehler Category: 0
Event: 3 Source: MatSvc
The MATS service encountered a web service failure. hr=0x80072F8F

Log: 'Application' Date/Time: 05/02/2013 08:33:53
Type: Fehler Category: 0
Event: 11721 Source: MsiInstaller
Produkt: Sophos Anti-Virus -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: UnregisterSAVMain, Pfad: C:\Programme\, Befehl: "C:\Programme\Sophos\Sophos Anti-Virus\\SavMain.exe" /unregserver

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warnung Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/02/2013 11:18:31
Type: Warnung Category: 0
Event: 12 Source: MatSvc
The MATS service encountered a failure when getting HTTP proxy settings. hr=0x80072F94 .Keyword:GetUrlProxyInfo

Log: 'Application' Date/Time: 25/02/2013 11:18:01
Type: Warnung Category: 0
Event: 12 Source: MatSvc
The MATS service encountered a failure when getting HTTP proxy settings. hr=0x80072F94 .Keyword:GetUrlProxyInfo

Log: 'Application' Date/Time: 25/02/2013 11:17:55
Type: Warnung Category: 0
Event: 12 Source: MatSvc
The MATS service encountered a failure when getting HTTP proxy settings. hr=0x80072F94 .Keyword:GetUrlProxyInfo

Log: 'Application' Date/Time: 21/02/2013 19:57:32
Type: Warnung Category: 0
Event: 1517 Source: Userenv
Die Registrierung des Benutzers "AKS23\Leonard" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Log: 'Application' Date/Time: 18/02/2013 17:45:55
Type: Warnung Category: 0
Event: 12 Source: MatSvc
The MATS service encountered a failure when getting HTTP proxy settings. hr=0x80072F94 .Keyword:GetUrlProxyInfo

Log: 'Application' Date/Time: 18/02/2013 17:37:54
Type: Warnung Category: 0
Event: 1517 Source: Userenv
Die Registrierung des Benutzers "AKS23\Stefan" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Log: 'Application' Date/Time: 18/02/2013 17:24:10
Type: Warnung Category: 0
Event: 12 Source: MatSvc
The MATS service encountered a failure when getting HTTP proxy settings. hr=0x80072F94 .Keyword:GetUrlProxyInfo

Log: 'Application' Date/Time: 18/02/2013 14:51:52
Type: Warnung Category: 0
Event: 12 Source: MatSvc
The MATS service encountered a failure when getting HTTP proxy settings. hr=0x80072F94 .Keyword:GetUrlProxyInfo

Log: 'Application' Date/Time: 07/02/2013 14:46:13
Type: Warnung Category: 0
Event: 5603 Source: WinMgmt
Ein Anbieter Rsop Planning Mode Provider wurde im WMI-Namespace root\RSOP registriert ohne die HostingModel-Eigenschaft festzulegen. Dieser Anbieter wird unter dem Konto "LocalSystem" ausgeführt. Dieses Konto verfügt über besondere Berechtigungen und der Anbieter kann eine Sicherheitsverletzung verursachen, wenn er Benutzeranforderungen nicht richtig imitiert. Stellen Sie sicher, dass das Sicherheitsverhalten des Anbieters überprüft wurde und aktualisieren Sie die HostingModel-Eigenschaft der Anbieterregistrierung auf ein Konto, das über die minimal erforderlichen Berechtigungen für die angeforderte Funktionalität verfügt.

Log: 'Application' Date/Time: 07/02/2013 14:46:13
Type: Warnung Category: 0
Event: 5603 Source: WinMgmt
Ein Anbieter Rsop Planning Mode Provider wurde im WMI-Namespace root\RSOP registriert ohne die HostingModel-Eigenschaft festzulegen. Dieser Anbieter wird unter dem Konto "LocalSystem" ausgeführt. Dieses Konto verfügt über besondere Berechtigungen und der Anbieter kann eine Sicherheitsverletzung verursachen, wenn er Benutzeranforderungen nicht richtig imitiert. Stellen Sie sicher, dass das Sicherheitsverhalten des Anbieters überprüft wurde und aktualisieren Sie die HostingModel-Eigenschaft der Anbieterregistrierung auf ein Konto, das über die minimal erforderlichen Berechtigungen für die angeforderte Funktionalität verfügt.

Log: 'Application' Date/Time: 07/02/2013 14:30:53
Type: Warnung Category: 0
Event: 63 Source: WinMgmt
Ein Anbieter, HiPerfCooker_v1, wurde im WMI-Namespace, Root\WMI, zum Verwenden des Kontos "LocalSystem" registriert. Dieses Konto ist ein bevorzugtes Konto, d.h. der Anbieter kann Sicherheitsverletzungen verursachen, falls Benutzeranfragen nicht richtig verarbeitet werden.

Log: 'Application' Date/Time: 06/02/2013 14:32:10
Type: Warnung Category: 0
Event: 1517 Source: Userenv
Die Registrierung des Benutzers "AKS23\Stefan" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Log: 'Application' Date/Time: 06/02/2013 14:27:20
Type: Warnung Category: 0
Event: 5603 Source: WinMgmt
Ein Anbieter Rsop Planning Mode Provider wurde im WMI-Namespace root\RSOP registriert ohne die HostingModel-Eigenschaft festzulegen. Dieser Anbieter wird unter dem Konto "LocalSystem" ausgeführt. Dieses Konto verfügt über besondere Berechtigungen und der Anbieter kann eine Sicherheitsverletzung verursachen, wenn er Benutzeranforderungen nicht richtig imitiert. Stellen Sie sicher, dass das Sicherheitsverhalten des Anbieters überprüft wurde und aktualisieren Sie die HostingModel-Eigenschaft der Anbieterregistrierung auf ein Konto, das über die minimal erforderlichen Berechtigungen für die angeforderte Funktionalität verfügt.

Log: 'Application' Date/Time: 06/02/2013 14:27:20
Type: Warnung Category: 0
Event: 5603 Source: WinMgmt
Ein Anbieter Rsop Planning Mode Provider wurde im WMI-Namespace root\RSOP registriert ohne die HostingModel-Eigenschaft festzulegen. Dieser Anbieter wird unter dem Konto "LocalSystem" ausgeführt. Dieses Konto verfügt über besondere Berechtigungen und der Anbieter kann eine Sicherheitsverletzung verursachen, wenn er Benutzeranforderungen nicht richtig imitiert. Stellen Sie sicher, dass das Sicherheitsverhalten des Anbieters überprüft wurde und aktualisieren Sie die HostingModel-Eigenschaft der Anbieterregistrierung auf ein Konto, das über die minimal erforderlichen Berechtigungen für die angeforderte Funktionalität verfügt.

Log: 'Application' Date/Time: 05/02/2013 08:34:01
Type: Warnung Category: 0
Event: 1001 Source: MsiInstaller
Erkennung von Produkt "{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" und Funktion "SAVService" fehlgeschlagen beim Anfordern von Komponente "{D0457C5C-2602-48AF-9F0D-F73C1A499E8E}".

Log: 'Application' Date/Time: 05/02/2013 08:34:01
Type: Warnung Category: 0
Event: 1001 Source: MsiInstaller
Erkennung von Produkt "{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" und Funktion "SAVService" fehlgeschlagen beim Anfordern von Komponente "{D0457C5C-2602-48AF-9F0D-F73C1A499E8E}".

Log: 'Application' Date/Time: 05/02/2013 08:34:01
Type: Warnung Category: 0
Event: 1001 Source: MsiInstaller
Erkennung von Produkt "{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" und Funktion "SAVService" fehlgeschlagen beim Anfordern von Komponente "{D0457C5C-2602-48AF-9F0D-F73C1A499E8E}".

Log: 'Application' Date/Time: 05/02/2013 08:33:58
Type: Warnung Category: 0
Event: 1001 Source: MsiInstaller
Erkennung von Produkt "{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" und Funktion "SAVService" fehlgeschlagen beim Anfordern von Komponente "{D0457C5C-2602-48AF-9F0D-F73C1A499E8E}".

Log: 'Application' Date/Time: 05/02/2013 08:33:55
Type: Warnung Category: 0
Event: 1001 Source: MsiInstaller
Erkennung von Produkt "{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" und Funktion "SAVService" fehlgeschlagen beim Anfordern von Komponente "{D0457C5C-2602-48AF-9F0D-F73C1A499E8E}".
  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 16
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O32 - AutoRun File - [2013.02.01 14:47:33 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

:files
D:\autorun.inf
     
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will probably not need to reboot the PC when it is done. Save the log and copy and paste it to a reply.

What drive letter is the stick? D: ?
  • 0

#39
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
The stick drive letter is F:
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Plug in the stick and if it doesn't install, then copy the next lines:

f:
dir > \junk.txt
notepad \junk.txt

Start, Run, cmd, OK to bring up a command window. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter and notepad should open. Copy and paste the text from notepad.
  • 0

Advertisements


#41
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Otl did reboot

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
File not found.
========== FILES ==========
Folder move failed. D:\autorun.inf scheduled to be moved on reboot.

OTL by OldTimer - Version 3.2.69.0 log created on 02272013_230218

Files\Folders moved on Reboot...
Folder move failed. D:\autorun.inf scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

This is the junk file.

Datenträger in Laufwerk C: ist Festplatte C:
Volumeseriennummer: 4CAC-D219

Verzeichnis von C:\Dokumente und Einstellungen\Stefan

27.02.2013 23:02 <DIR> .
27.02.2013 23:02 <DIR> ..
18.02.2013 13:06 <DIR> Application Data
26.02.2013 20:15 <DIR> Desktop
18.02.2013 14:33 <DIR> Eigene Dateien
18.02.2013 14:37 <DIR> Favoriten
10.10.2005 12:45 8.595 gsview32.ini
27.02.2013 23:02 4.980.736 NTUSER.DAT
12.09.2007 02:34 5.242.880 NTUSER.DAT_BAK_31093
15.04.2008 21:46 4.456.448 NTUSER.DAT_BAK_54941
21.08.2009 12:09 4.718.592 NTUSER.DAT_BAK_79019
15.12.2009 13:34 4.718.592 NTUSER.DAT_BAK_82426
30.06.2008 11:35 4.456.448 NTUSER.DAT_BAK_90392
23.03.2009 18:48 4.718.592 NTUSER.DAT_BAK_93486
30.10.2008 15:17 4.718.592 NTUSER.DAT_BAK_94758
03.03.2012 18:42 4.980.736 NTUSER.DAT_BAK_97224
12.11.2009 08:58 <DIR> Startmenü
11.09.2003 14:05 <DIR> WINDOWS
10 Datei(en) 43.000.211 Bytes
8 Verzeichnis(se), 6.085.640.192 Bytes frei

After changing to F:, there was an Attached File  Dokument1.pdf   4.18KB   48 downloadserror (see attached file). I selected continue, so the file above was generated.
  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
I think you need to tell windows to remove the hardware safely using the Safely Remove Hardware icon near the clock. Then pull it out and stick it in again.
  • 0

#43
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
This did not change anything. Still the same behavior.
  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Try changing the drive letter to a different letter like she tells you here:

http://www.consuming...processing.html

If you put a different USB device in do you get the same problem?
  • 0

#45
Phom

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
No, only with this USB stick. On a Windows 7 system it runs without problems.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP