Hier ist das Ergebnis des neuen OTL Scans:
OTL Logfile: Code:
OTL logfile created on: 23.09.2012 20:17:49 - Run 5
OTL by OldTimer - Version 3.2.66.0 Folder = D:\Dokumente und Einstellungen\xxx\Desktop\Trojaner-bord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,37 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 78,08% Memory free
5,21 Gb Paging File | 4,59 Gb Available in Paging File | 88,25% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 5,86 Gb Total Space | 5,74 Gb Free Space | 97,92% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 262,61 Gb Free Space | 89,64% Space Free | Partition Type: NTFS
Drive E: | 632,67 Gb Total Space | 296,79 Gb Free Space | 46,91% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.23 15:45:05 | 000,601,600 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\xxx\Desktop\Trojaner-bord\02_OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.08 17:10:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.09 13:44:46 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- D:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012.05.08 19:18:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:18:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:18:21 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.09.20 21:50:32 | 003,196,800 | ---- | M] (Super Flexible Software Ltd. & Co. KG) -- D:\Programme\SuperFlexible\ExtremeVSS.exe
PRC - [2010.01.09 11:30:26 | 002,326,920 | ---- | M] (Acronis) -- D:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
PRC - [2009.12.23 19:24:07 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- D:\Programme\a-squared Anti-Malware\a2service.exe
PRC - [2009.09.12 19:09:48 | 000,357,800 | ---- | M] (Acronis) -- D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2009.09.12 19:09:44 | 000,660,936 | ---- | M] (Acronis) -- D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2009.09.12 19:09:14 | 005,082,488 | ---- | M] (Acronis) -- D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.12.18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- D:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- D:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007.02.02 13:07:32 | 000,675,840 | ---- | M] (Sonix) -- D:\WINDOWS\vsnp2std.exe
PRC - [2007.02.02 11:23:40 | 000,258,048 | ---- | M] (SONIX) -- D:\WINDOWS\tsnp2std.exe
PRC - [2006.01.19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- D:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2005.01.31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- D:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004.04.06 20:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) -- D:\Programme\Ahead\InCD\incdsrv.exe
PRC - [2004.04.06 19:36:14 | 001,298,542 | ---- | M] (Ahead Software AG) -- D:\Programme\Ahead\InCD\InCD.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.06.14 16:15:15 | 011,817,472 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 15:26:19 | 012,433,920 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 15:26:05 | 001,592,320 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 22:54:01 | 000,303,104 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.08 22:10:26 | 005,450,752 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.08 22:07:58 | 007,953,408 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.08 22:07:46 | 011,492,352 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.08 19:18:21 | 000,398,288 | ---- | M] () -- D:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.01.11 21:29:36 | 003,391,488 | ---- | M] () -- d:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ac191f8a\mscorlib.dll
MOD - [2012.01.11 21:29:25 | 002,088,960 | ---- | M] () -- d:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_41954a2b\system.xml.dll
MOD - [2012.01.11 21:28:54 | 001,966,080 | ---- | M] () -- d:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_568b4a66\system.dll
MOD - [2012.01.11 21:28:34 | 001,232,896 | ---- | M] () -- d:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010.11.25 20:18:23 | 000,126,976 | ---- | M] () -- d:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2010.11.25 20:18:22 | 001,294,336 | ---- | M] () -- d:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2010.11.25 20:18:18 | 001,339,392 | ---- | M] () -- d:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010.11.25 20:18:17 | 000,323,584 | ---- | M] () -- d:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2010.11.25 20:18:11 | 000,131,072 | ---- | M] () -- d:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2010.11.25 20:18:10 | 000,241,664 | ---- | M] () -- d:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll
MOD - [2010.11.25 20:18:10 | 000,066,560 | ---- | M] () -- d:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.thunk.dll
MOD - [2010.11.25 20:16:54 | 000,233,472 | ---- | M] () -- d:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.25 20:16:53 | 000,114,688 | ---- | M] () -- d:\windows\assembly\gac\system.xml.resources\1.0.5000.0_de_b77a5c561934e089\system.xml.resources.dll
MOD - [2010.11.25 20:16:53 | 000,040,960 | ---- | M] () -- d:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2009.12.13 20:19:15 | 001,679,360 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3009.39983__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:15 | 000,483,328 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3009.40202__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:15 | 000,253,952 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3009.39941__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,196,608 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3009.39997__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:15 | 000,135,168 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3009.40208__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:15 | 000,102,400 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3009.39990__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:15 | 000,077,824 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3009.40172__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,073,728 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3009.39955__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:15 | 000,065,536 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3009.40135__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3009.39975__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:15 | 000,036,864 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,028,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3009.39990__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3009.39962__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:14 | 000,802,816 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:14 | 000,401,408 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3009.40163__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:14 | 000,352,256 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3009.40143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:14 | 000,090,112 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3009.40149__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:14 | 000,073,728 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:14 | 000,061,440 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3009.40142__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,585,728 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3009.40010__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,479,232 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3009.40095__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,442,368 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3009.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,438,272 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3009.39963__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,217,088 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3009.40004__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,118,784 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3009.40116__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,061,440 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3009.40016__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3009.40101__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,036,864 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3009.40115__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3009.40128__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,006,656 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.12.13 20:19:12 | 000,065,536 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,049,152 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,045,056 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.12.13 20:19:12 | 000,045,056 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,028,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.12.13 20:19:12 | 000,028,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,028,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.12.13 20:19:11 | 000,491,520 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3009.39969__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.12.13 20:19:11 | 000,413,696 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3009.40186__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.12.13 20:19:11 | 000,102,400 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3009.40194__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.12.13 20:19:11 | 000,073,728 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.12.13 20:19:11 | 000,061,440 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3009.40193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.12.13 20:19:11 | 000,045,056 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.12.13 20:19:11 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.12.13 20:19:11 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3009.40217__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.12.13 20:19:11 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.12.13 20:19:11 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.12.13 20:19:11 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.12.13 20:19:11 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009.12.13 20:19:11 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.12.13 20:19:11 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.12.13 20:19:11 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.12.13 20:19:11 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.12.13 20:19:11 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009.12.13 20:19:11 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.12.13 20:19:11 | 000,011,264 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3009.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009.12.13 20:19:11 | 000,006,656 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.12.13 20:19:10 | 001,507,328 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3009.39949__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.12.13 20:19:10 | 000,065,536 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3009.39934__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.12.13 20:19:10 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3009.39931__90ba9c70f846762e\APM.Server.dll
MOD - [2009.12.13 20:19:10 | 000,045,056 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3009.39932__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.12.13 20:19:10 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.12.13 20:19:10 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3009.40194__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.12.13 20:19:10 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.12.13 20:19:10 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- D:\WINDOWS\system32\pdfcmnnt.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.20 15:51:53 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Stopped] -- D:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.09.09 09:44:45 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.11 14:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- D:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.07.09 13:44:46 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- D:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.05.08 19:18:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:18:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.20 21:50:32 | 003,196,800 | ---- | M] (Super Flexible Software Ltd. & Co. KG) [Auto | Running] -- D:\Programme\SuperFlexible\ExtremeVSS.exe -- (ExtremeVSSService)
SRV - [2010.01.09 11:30:26 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- D:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.12.23 19:24:07 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programme\a-squared Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2009.12.01 20:43:02 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- D:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.09.12 19:09:44 | 000,660,936 | ---- | M] (Acronis) [Auto | Running] -- D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.12.18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- D:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006.01.19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- D:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005.01.31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- D:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.04.06 20:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto | Running] -- D:\Programme\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.07.11 14:00:46 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- D:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012.07.09 13:45:00 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- D:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012.05.08 19:18:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:18:21 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.09 18:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012.01.09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012.01.09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.06 19:35:12 | 000,020,645 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\IwUSB.sys -- (IwUSB)
DRV - [2011.09.25 19:05:25 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2011.02.04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.07.12 10:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.09 11:30:28 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.01.09 11:30:24 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251)
DRV - [2010.01.09 11:30:22 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010.01.09 11:30:17 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009.10.27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009.06.30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008.04.17 10:33:00 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.03.29 08:21:53 | 002,873,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.11.20 13:09:22 | 000,104,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.04.16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.02.02 11:24:54 | 012,027,904 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2005.06.02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.02.23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004.06.11 02:00:00 | 000,016,384 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2004.04.06 20:43:22 | 000,005,504 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- D:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [2004.04.06 20:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004.04.06 20:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- D:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.08.21 16:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..\SearchScopes\{0C522CCA-D14D-4577-ABE8-9C7D6FC84ADF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..\SearchScopes\{BCF135C2-2F38-4FD7-9514-BB49CDA64A58}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-616249376-2147125571-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.53
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.114
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: mail@shopping-preise.de:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://utils.chatzum.com/?url="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: D:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: D:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: D:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: D:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: D:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.07.21 09:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.09.09 09:44:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.09.22 12:18:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\mail@shopping-preise.de [2012.04.15 11:18:05 | 000,000,000 | ---D | M]
[2011.07.17 12:10:54 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2011.07.17 12:10:54 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de
[2012.09.15 17:26:15 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions
[2010.04.28 09:07:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.27 19:29:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.19 19:29:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.12.14 18:54:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.04.15 11:18:05 | 000,000,000 | ---D | M] (Shopping-preise.de) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\mail@shopping-preise.de
[2012.07.27 17:53:42 | 000,741,958 | ---- | M] () (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.09 09:44:37 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2012.09.11 21:25:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.09 09:44:37 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.09 09:44:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- D:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.17 09:00:11 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 06:00:49 | 000,002,465 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.17 09:00:11 | 000,001,153 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 09:00:11 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 09:00:11 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 09:00:11 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.10.13 15:36:55 | 000,437,963 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15063 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - D:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - D:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - D:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [InCD] D:\Programme\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [snp2std] D:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnp2std] D:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [ZoneAlarm] D:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-839522115-616249376-2147125571-1004..\Run: [PowerBar] File not found
O4 - HKU\S-1-5-21-839522115-616249376-2147125571-1004..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-616249376-2147125571-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-839522115-616249376-2147125571-1004\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9965178-8016-4BF4-9F70-9ADF3C5E4286}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.25 20:09:18 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan.lnk - - File not found
MsConfig - StartUpReg: a-squared - hkey= - key= - D:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - D:\Programme\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: Aim - hkey= - key= - D:\Programme\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: avgnt - hkey= - key= - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig - StartUpReg: FixCamera - hkey= - key= - D:\WINDOWS\FixCamera.exe ()
MsConfig - StartUpReg: ICQ - hkey= - key= - File not found
MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - D:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Personal ID - hkey= - key= - D:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - D:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: UVS10 Preload - hkey= - key= - D:\Programme\Ulead Systems\Ulead VideoStudio 10\uvPL.exe (Ulead Systems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - D:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited )
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - D:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited )
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - D:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.dvacm - D:\Programme\Gemeinsame Dateien\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - D:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - D:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - D:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - pclepim1.dll File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.09.20 16:10:20 | 000,000,000 | ---D | C] -- D:\Programme\ESET
[2012.09.15 20:39:23 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\xxx\Desktop\Trojaner-bord
[2012.09.14 15:20:35 | 000,000,000 | -HSD | C] -- D:\WINDOWS\ftpcache
[2012.09.14 15:20:30 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Natura Sound Therapy
[2012.09.14 15:20:28 | 000,000,000 | ---D | C] -- D:\Programme\Natura Sound Therapy
[2012.09.14 15:16:14 | 051,038,360 | ---- | C] (Blissive Software) -- D:\Dokumente und Einstellungen\xxx\Desktop\naturademo.exe
[2012.09.09 09:44:36 | 000,000,000 | ---D | C] -- D:\Programme\Mozilla Firefox
[2012.09.06 14:59:45 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AIM
[2012.08.28 21:23:42 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\StreamTransport
[2012.08.28 17:59:06 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\StreamTransport
[2012.08.28 17:59:05 | 000,000,000 | ---D | C] -- D:\Programme\StreamTransport
[2011.09.25 19:06:35 | 000,092,064 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmmdm.sys
[2011.09.25 19:06:35 | 000,079,328 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmserd.sys
[2011.09.25 19:06:35 | 000,066,656 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmbus.sys
[2011.09.25 19:06:35 | 000,009,232 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmmdfl.sys
[2011.09.25 19:06:35 | 000,006,208 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmcmnt.sys
[2011.09.25 19:06:35 | 000,005,936 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmwhnt.sys
[2011.09.25 19:06:35 | 000,004,048 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmcr.sys
[2010.02.16 10:39:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\Dokumente und Einstellungen\xxx\usbsermptxp.sys
[2010.02.16 10:39:05 | 000,022,768 | ---- | C] (Microsoft Corporation) -- D:\Dokumente und Einstellungen\xxx\usbsermpt.sys
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\System32\drivers\*.tmp files -> D:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.23 14:15:51 | 041,099,857 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\ryu_sunshine2.flv
[2012.09.23 14:14:40 | 041,091,368 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\ryu_sunshine1.flv
[2012.09.23 11:49:40 | 000,000,484 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.09.23 11:47:57 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012.09.20 15:52:06 | 000,000,064 | ---- | M] () -- D:\WINDOWS\System32\rp_stats.dat
[2012.09.20 15:52:06 | 000,000,044 | ---- | M] () -- D:\WINDOWS\System32\rp_rules.dat
[2012.09.20 15:39:10 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012.09.19 22:44:01 | 035,911,087 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\BSimmerrattig.flv
[2012.09.19 22:26:12 | 044,780,502 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\funpaar1807.flv
[2012.09.19 22:25:37 | 012,771,248 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\sgcouple.flv
[2012.09.19 18:56:01 | 000,000,276 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.09.19 16:17:53 | 018,679,525 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\nimmersatt_27b.flv
[2012.09.19 16:16:57 | 015,247,979 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\nimmersatt_27a.flv
[2012.09.17 21:07:10 | 063,331,399 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Mrs007b.flv
[2012.09.16 11:04:48 | 000,000,000 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.09.15 16:44:33 | 000,000,762 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.14 18:04:40 | 037,594,397 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Armenius001a.flv
[2012.09.14 18:04:00 | 009,744,973 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Armenius001b.flv
[2012.09.14 17:58:00 | 009,473,881 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\zuzkagee.flv
[2012.09.14 15:20:30 | 000,455,911 | ---- | M] () -- D:\WINDOWS\Natura Sound Therapy Uninstaller.exe
[2012.09.14 15:20:30 | 000,000,732 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Desktop\natura.lnk
[2012.09.14 15:17:51 | 051,038,360 | ---- | M] (Blissive Software) -- D:\Dokumente und Einstellungen\xxx\Desktop\naturademo.exe
[2012.09.14 15:11:53 | 052,790,960 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Mrs007.flv
[2012.09.12 21:48:22 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2012.09.12 17:06:48 | 046,328,036 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\aahbipaar_andi.flv
[2012.09.09 09:16:51 | 041,320,018 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\MHpaar7886.flv
[2012.09.08 13:13:11 | 000,769,902 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Desktop\tattoos1.png
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2012.09.06 17:36:00 | 000,000,010 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mbam.context.scan
[2012.09.06 16:38:08 | 000,131,349 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Desktop\image1.jpg
[2012.09.06 15:00:23 | 000,000,936 | -H-- | M] () -- D:\IPH.PH
[2012.09.06 14:59:45 | 000,001,544 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\AIM.lnk
[2012.09.05 16:05:07 | 000,002,243 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.08.28 18:34:20 | 032,376,196 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\wildcouplehoney1.flv
[2012.08.28 18:01:44 | 000,022,368 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\videoplayer.flv
[2012.08.28 17:59:06 | 000,000,686 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\ StreamTransport.lnk
[2012.08.27 19:00:41 | 000,001,209 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\burnaware.ini
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\System32\drivers\*.tmp files -> D:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.23 14:13:48 | 041,099,857 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\ryu_sunshine2.flv
[2012.09.23 14:11:14 | 041,091,368 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\ryu_sunshine1.flv
[2012.09.19 22:41:18 | 035,911,087 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\BSimmerrattig.flv
[2012.09.19 22:24:30 | 012,771,248 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\sgcouple.flv
[2012.09.19 22:23:23 | 044,780,502 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\funpaar1807.flv
[2012.09.19 16:16:29 | 018,679,525 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\nimmersatt_27b.flv
[2012.09.19 16:15:39 | 015,247,979 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\nimmersatt_27a.flv
[2012.09.17 21:03:10 | 063,331,399 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Mrs007b.flv
[2012.09.16 11:04:48 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.09.14 18:02:55 | 009,744,973 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Armenius001b.flv
[2012.09.14 18:01:33 | 037,594,397 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Armenius001a.flv
[2012.09.14 17:57:33 | 009,473,881 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\zuzkagee.flv
[2012.09.14 15:20:30 | 000,000,732 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Desktop\natura.lnk
[2012.09.14 15:20:29 | 000,455,911 | ---- | C] () -- D:\WINDOWS\Natura Sound Therapy Uninstaller.exe
[2012.09.14 15:08:18 | 052,790,960 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Mrs007.flv
[2012.09.12 17:05:21 | 046,328,036 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\aahbipaar_andi.flv
[2012.09.09 09:14:02 | 041,320,018 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\MHpaar7886.flv
[2012.09.08 13:13:08 | 000,769,902 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Desktop\tattoos1.png
[2012.09.06 17:36:00 | 000,000,010 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mbam.context.scan
[2012.09.06 16:38:07 | 000,131,349 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Desktop\image1.jpg
[2012.08.28 18:32:11 | 032,376,196 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\wildcouplehoney1.flv
[2012.08.28 18:01:44 | 000,022,368 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\videoplayer.flv
[2012.08.28 17:59:06 | 000,000,686 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\ StreamTransport.lnk
[2012.05.09 20:27:02 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012.04.15 11:18:00 | 000,338,432 | ---- | C] () -- D:\WINDOWS\System32\sqlite36_engine.dll
[2012.02.15 15:44:41 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012.01.18 19:13:41 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\.gtk-bookmarks
[2011.09.25 19:06:35 | 000,009,913 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\MCCI_MDM.INF
[2011.09.25 19:06:35 | 000,006,989 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\MCCI_BUS.INF
[2011.09.25 19:06:35 | 000,004,477 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\MCCI_SDM.INF
[2011.09.25 19:06:33 | 000,015,698 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem31.PNF
[2011.09.25 19:06:33 | 000,012,364 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem30.PNF
[2011.09.25 19:06:33 | 000,009,232 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem31.inf
[2011.09.25 19:06:33 | 000,005,813 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970393-(null)
[2011.09.25 19:06:32 | 000,014,014 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem16.PNF
[2011.09.25 19:06:32 | 000,012,836 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem17.PNF
[2011.09.25 19:06:32 | 000,012,698 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem18.PNF
[2011.09.25 19:06:32 | 000,006,009 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem18.inf
[2011.09.25 19:06:32 | 000,005,877 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970392-(null)
[2011.09.25 19:06:31 | 000,006,947 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970391-(null)
[2011.09.25 19:05:25 | 000,009,232 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USB_MOT_BRIT.INF
[2011.09.25 19:05:25 | 000,005,960 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USB_MOT_A1000.INF
[2011.09.25 19:05:22 | 000,014,310 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem16.PNF
[2011.09.25 19:05:22 | 000,012,836 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem17.PNF
[2011.09.25 19:05:22 | 000,012,562 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem18.PNF
[2011.09.25 19:05:22 | 000,007,195 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem16.inf
[2011.09.25 19:05:22 | 000,005,891 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem18.inf
[2011.09.25 19:05:22 | 000,005,877 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem17.inf
[2011.07.24 16:44:41 | 000,031,043 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Clipboard06.jpg
[2011.04.26 08:49:02 | 000,000,064 | ---- | C] () -- D:\WINDOWS\System32\rp_stats.dat
[2011.04.26 08:49:02 | 000,000,044 | ---- | C] () -- D:\WINDOWS\System32\rp_rules.dat
[2011.01.16 11:07:27 | 000,000,036 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2010.11.25 20:27:43 | 000,194,248 | ---- | C] () -- D:\WINDOWS\System32\LTRFD13n.DLL
[2010.11.25 20:18:35 | 000,000,138 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.11.25 20:09:18 | 000,001,208 | ---- | C] () -- D:\WINDOWS\VFO.INI
[2010.11.25 20:08:17 | 000,196,096 | ---- | C] () -- D:\WINDOWS\System32\macd32.dll
[2010.11.25 20:08:17 | 000,138,752 | ---- | C] () -- D:\WINDOWS\System32\mase32.dll
[2010.11.25 20:08:17 | 000,136,192 | ---- | C] () -- D:\WINDOWS\System32\mamc32.dll
[2010.11.25 20:08:17 | 000,057,856 | ---- | C] () -- D:\WINDOWS\System32\masd32.dll
[2010.11.25 20:08:17 | 000,027,648 | ---- | C] () -- D:\WINDOWS\System32\ma32.dll
[2010.10.21 14:19:42 | 000,208,896 | ---- | C] () -- D:\WINDOWS\System32\LXPrnUtil10.dll
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- D:\WINDOWS\System32\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- D:\WINDOWS\System32\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- D:\WINDOWS\System32\dntvm27VC8.dll
[2010.02.16 10:39:05 | 000,007,201 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USBMOT2000.INF
[2010.02.16 10:39:05 | 000,006,141 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USBMOT2000XP.INF
[2010.02.16 10:39:05 | 000,005,880 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USB_CMCS_2000.INF
[2010.02.06 12:55:09 | 000,001,209 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\burnaware.ini
[2010.01.01 16:03:05 | 002,772,992 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\filesync.metadata
[2009.12.28 19:46:26 | 000,059,645 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Clipboard03.jpg
[2009.12.19 12:46:46 | 000,119,808 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.19 12:37:21 | 000,040,960 | ---- | C] () -- D:\Programme\Uninstall_CDS.exe
========== ZeroAccess Check ==========
[2009.12.13 20:16:18 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.09.25 07:35:26 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.01.09 11:32:40 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.01.04 01:06:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM
[2011.09.25 18:59:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2010.12.11 12:38:01 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2010.02.16 10:50:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.07.21 09:50:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2011.02.13 20:13:19 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2010.12.10 17:24:35 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2011.01.04 01:02:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.07.02 10:41:10 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010.11.29 20:42:56 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.11.29 20:43:52 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2010.01.05 11:07:42 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2012.07.31 17:30:43 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SuperFlexibleSynchronizer
[2010.01.05 11:53:52 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2010.07.26 17:26:48 | 000,000,000 | -H-D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2011.08.28 16:56:55 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Gast\Anwendungsdaten\CheckPoint
[2011.08.28 16:59:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Lexware
[2012.08.11 09:48:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Internet\Anwendungsdaten\CheckPoint
[2011.01.04 01:10:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\acccore
[2010.01.09 11:54:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Acronis
[2012.01.20 19:59:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Any Video Converter
[2012.07.08 19:57:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Auslogics
[2012.07.21 09:57:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CheckPoint
[2011.07.27 19:29:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoft
[2011.07.27 19:29:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.02.13 20:13:30 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\f-secure
[2012.09.23 15:27:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\FreeDoko
[2011.01.03 12:20:07 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GHISLER
[2009.12.19 23:44:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GrabPro
[2011.07.17 12:10:46 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Haufe Mediengruppe
[2011.01.04 01:02:17 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ
[2010.12.10 17:30:40 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Lexware
[2010.01.01 16:35:53 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Opera
[2012.08.21 20:25:27 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Orbit
[2010.08.12 17:32:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ProgSense
[2012.09.15 16:48:21 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\QuickScan
[2009.12.20 14:29:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TeamViewer
[2010.01.05 11:45:01 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ulead Systems
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.01.04 01:10:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\acccore
[2010.01.09 11:54:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Acronis
[2012.02.06 21:20:26 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe
[2009.12.20 20:43:46 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ahead
[2012.01.20 19:59:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Any Video Converter
[2009.12.19 12:18:15 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Apple Computer
[2009.12.13 20:20:31 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ATI
[2012.07.08 19:57:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Auslogics
[2011.10.16 12:12:46 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Avira
[2012.07.21 09:57:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CheckPoint
[2010.08.15 19:42:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Cyberlink
[2011.07.27 19:29:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoft
[2011.07.27 19:29:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.02.13 20:13:30 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\f-secure
[2012.09.23 15:27:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\FreeDoko
[2011.01.03 12:20:07 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GHISLER
[2009.12.19 23:44:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GrabPro
[2011.07.17 12:10:46 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Haufe Mediengruppe
[2010.01.02 14:49:06 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Help
[2011.01.04 01:02:17 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ
[2009.12.13 20:06:56 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Identities
[2009.12.13 20:34:40 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\InstallShield
[2010.12.10 17:30:40 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Lexware
[2009.12.14 18:55:37 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Macromedia
[2009.12.13 20:46:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2012.02.06 21:20:26 | 000,000,000 | --SD | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft
[2012.02.22 21:08:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Move Networks
[2009.12.14 18:48:42 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla
[2010.02.17 19:08:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Nero
[2010.01.01 16:35:53 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Opera
[2012.08.21 20:25:27 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Orbit
[2010.08.12 17:32:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ProgSense
[2012.09.15 16:48:21 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\QuickScan
[2012.09.05 22:05:11 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Skype
[2011.07.21 19:48:50 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\skypePM
[2010.12.11 09:46:27 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Sun
[2009.12.20 14:29:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TeamViewer
[2010.01.05 11:45:01 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ulead Systems
[2009.12.23 18:09:15 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\WinRAR
[2010.04.18 13:07:18 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Yahoo!
< %APPDATA%\*.exe /s >
[2009.12.19 14:54:27 | 001,956,072 | ---- | M] (Adobe Systems Incorporated) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.11.25 20:06:38 | 000,029,926 | R--- | M] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
[2008.09.17 18:03:04 | 000,099,704 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2012.02.22 21:08:39 | 000,034,063 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Move Networks\ie_bin\Uninst.exe
[2009.12.01 20:43:02 | 000,025,936 | ---- | M] (NOS Microsystems Ltd.) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- D:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- D:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- D:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- D:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- D:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- D:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- D:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- D:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- D:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- D:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- D:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- D:\WINDOWS\system32\userinit.exe
[2012.06.02 15:51:44 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- D:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- D:\WINDOWS\system32\winlogon.exe
[2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- D:\Programme\CheckPoint\ZAForceField\Heuristics\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- D:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- D:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 D:\WINDOWS\system32\drivers\*.tmp files -> D:\WINDOWS\system32\drivers\*.tmp -> ]
< %systemroot%\System32\config\*.sav >
[2009.12.13 20:52:51 | 000,094,208 | ---- | M] () -- D:\WINDOWS\System32\config\default.sav
[2009.12.13 20:52:51 | 000,638,976 | ---- | M] () -- D:\WINDOWS\System32\config\software.sav
[2009.12.13 20:52:51 | 000,446,464 | ---- | M] () -- D:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< End of report >
--- --- ---
[/code] |
aswMBR.exe und speichere die Datei auf deinem Desktop.