Home » Viren, Trojaner & Malware Forum » Avira free Antivirus findet ADWARE/InstallCore.Gen » Themenansicht

Avira free Antivirus findet ADWARE/InstallCore.Gen
#0
12.08.2012, 19:02
Mandos
Member

Beiträge: 16
#1 Hallo

Gestern hat sich mein Antivir gemeldet mit folgenden Fund:

C:\System Volume Information\_restore{0433F6D4-1270-473E-8EAC-D2CC8D0789D3}\RP38\A0069679.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen


Antivir hat diese Datei in Quarantäne verschoben.

Es zeigen sich keine Popups etc. Mein PC kommt mir jedoch seit kurzem ziemlich langsam vor, vor allem beim booten. Gerade habe ich gesehen, dass die Funktion Dateiendungen einblenden nicht mehr aktiv ist. Das kann natürlich auch andere Gründe haben, aber ich würde mich sehr freuen, wenn jemand in die Logfiles schauen könnte.
Beste Grüße!


Code


OTL logfile created on: 12.08.2012 13:45:36 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Dokumente und Einstellungen\conny\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,09% Memory free
3,85 Gb Paging File | 3,28 Gb Available in Paging File | 85,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 14,93 Gb Free Space | 10,02% Space Free | Partition Type: NTFS
 
Computer Name: ICH | User Name: conny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.08.12 13:37:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\conny\Desktop\OTL.exe
PRC - [2012.08.09 09:51:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 09:14:34 | 006,241,952 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012.05.24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.07.17 16:32:44 | 000,181,312 | ---- | M] () -- C:\Programme\Photodex\ProShowGold\scsiaccess.exe
PRC - [2010.10.29 16:07:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2010.10.19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.10.19 15:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010.10.19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.10.14 20:26:06 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010.09.11 15:15:12 | 001,093,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2010.09.11 15:15:00 | 001,171,456 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2010.09.11 14:41:04 | 001,029,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2010.04.01 15:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.26 05:08:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.07.23 04:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008.08.21 05:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.30 13:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006.11.07 20:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.06.29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.06.14 09:40:41 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.14 09:40:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 08:23:58 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:23:44 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.14 08:21:37 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.12 03:25:41 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012.05.12 03:23:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.12 03:22:48 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.12 03:19:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.12 03:17:25 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.12 03:17:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.03 22:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.07.17 16:32:44 | 000,181,312 | ---- | M] () -- C:\Programme\Photodex\ProShowGold\scsiaccess.exe
MOD - [2011.01.03 15:17:39 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.24579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.01.03 15:17:39 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.24658__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.01.03 15:17:39 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:39 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.24560__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:39 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.01.03 15:17:39 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.24659__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.24625__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.01.03 15:17:39 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3559.24638__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:39 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.24568__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:39 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:39 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.24575__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.01.03 15:17:39 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.24569__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:38 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:38 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:37 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3559.24608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:37 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.24570__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:37 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3559.24582__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:37 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3559.24602__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:37 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:37 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3559.24633__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.01.03 15:17:37 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:37 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3559.24586__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011.01.03 15:17:37 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:37 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.01.03 15:17:37 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3559.24585__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:37 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.01.03 15:17:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.01.03 15:17:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.01.03 15:17:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.01.03 15:17:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.01.03 15:17:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.01.03 15:17:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.01.03 15:17:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.01.03 15:17:37 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.01.03 15:17:36 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.24686__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.01.03 15:17:36 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.01.03 15:17:36 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.01.03 15:17:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.24667__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.01.03 15:17:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.01.03 15:17:36 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.01.03 15:17:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.01.03 15:17:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011.01.03 15:17:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.01.03 15:17:36 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.01.03 15:17:36 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.01.03 15:17:36 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.24555__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.01.03 15:17:35 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.24565__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.01.03 15:17:35 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.24647__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.01.03 15:17:35 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.24574__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.01.03 15:17:35 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.24653__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.01.03 15:17:35 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.24557__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.01.03 15:17:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.24651__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.01.03 15:17:35 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.24559__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.01.03 15:17:35 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.01.03 15:17:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.01.03 15:17:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.01.03 15:17:35 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.01.03 15:17:35 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.24652__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.01.03 15:17:35 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.01.03 15:17:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.01.03 15:17:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.01.03 15:17:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.01.03 15:17:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.01.03 15:17:34 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.24558__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011.01.03 15:17:34 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.24557__90ba9c70f846762e\APM.Server.dll
MOD - [2011.01.03 15:17:34 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.24556__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.01.03 15:17:34 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.11.05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009.05.15 16:01:26 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.06.29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012.08.04 02:28:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.28 14:04:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.17 16:32:44 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Programme\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010.10.29 16:07:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.10.19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.10.19 15:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2010.10.19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.09.11 15:15:00 | 001,171,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2010.09.11 14:41:04 | 001,029,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.01.30 13:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.06.29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.08.10 15:10:11 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.06.03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012.05.01 16:35:17 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.04 08:40:42 | 000,087,552 | ---- | M] (Focusrite Audio Engineering Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnnio.sys -- (nvnnio)
DRV - [2011.01.03 15:47:10 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010.10.07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010.09.07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.16 14:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010.06.16 14:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010.06.02 15:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010.06.02 15:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010.06.02 15:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010.05.19 23:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010.03.26 05:08:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009.10.26 06:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009.09.29 16:06:14 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008.02.22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006.11.06 18:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.10.02 02:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 02:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006.04.03 12:20:00 | 000,061,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx01.sys -- (SWUMX01)
DRV - [2006.04.03 12:18:00 | 000,081,408 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC8U01.sys -- (SWNC8U01)
DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=14597
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=54f48645-a38e-4be3-9b1b-4fba510852e7&apn_sauid=56D7469A-B7AD-451E-9CB9-7FFA2AFCD0B3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.tagesschau.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.21 19:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2012.02.01 21:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.18 14:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.28 14:04:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.22 11:33:40 | 000,000,000 | ---D | M]
 
[2011.06.14 14:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Mozilla\Extensions
[2012.07.25 16:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Mozilla\Firefox\Profiles\bllsa6v7.default\extensions
[2011.07.21 21:31:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Mozilla\Firefox\Profiles\bllsa6v7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.12 18:16:06 | 000,002,322 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Mozilla\Firefox\Profiles\bllsa6v7.default\searchplugins\askcom.xml
[2011.07.28 20:01:29 | 000,002,105 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Mozilla\Firefox\Profiles\bllsa6v7.default\searchplugins\google-germany.xml
[2011.07.28 19:53:59 | 000,002,101 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Mozilla\Firefox\Profiles\bllsa6v7.default\searchplugins\googlede.xml
[2012.07.21 19:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.18 17:32:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.21 19:46:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.02.18 14:14:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.07.21 19:45:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.06.27 03:09:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.07.28 14:04:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.24 10:42:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.24 10:42:22 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.24 10:42:22 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.24 10:42:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 10:42:17 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 10:42:14 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.08.21 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Dokumente und Einstellungen\conny\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\conny\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.03 14:27:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{30010f8d-c2fb-11e1-9b4e-001c26f574db}\Shell - "" = AutoRun
O33 - MountPoints2\{30010f8d-c2fb-11e1-9b4e-001c26f574db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30010f8d-c2fb-11e1-9b4e-001c26f574db}\Shell\AutoRun\command - "" = E:\jones3d.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: [b]DivXUpdate[/b] - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: [b]FreePDF Assistant[/b] - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]TkBellExe[/b] - hkey= - key= - C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.08.12 13:36:46 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\conny\Desktop\OTL.exe
[2012.08.10 15:09:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite
[2012.08.10 15:09:52 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012.08.10 15:09:26 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2012.08.10 09:19:48 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2012.08.10 09:19:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Elaborate Bytes
[2012.08.10 07:30:56 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2012.08.10 07:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Video DVD Maker FREE
[2012.08.10 07:29:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Video DVD Maker
[2012.08.10 07:29:49 | 000,000,000 | ---D | C] -- C:\Programme\Video DVD Maker
[2012.08.09 20:09:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\conny\Eigene Dateien\AnyDVDHD
[2012.08.09 20:03:27 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft
[2012.08.09 20:03:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SlySoft
[2012.08.09 20:03:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2012.08.09 17:06:46 | 000,044,544 | ---- | C] (Alexey M. Novosselov) -- C:\_jspshort42.exe
[2012.08.09 17:06:00 | 000,297,472 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2012.08.07 16:52:19 | 000,302,592 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin0407.exe
[2012.08.07 16:52:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\conny\WINDOWS
[2012.07.30 13:18:29 | 000,000,000 | ---D | C] -- C:\tony
[2012.07.25 07:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Avira
[2012.07.25 07:18:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.07.25 07:17:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.07.25 07:17:42 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.07.25 07:17:42 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.07.25 07:17:41 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.07.25 07:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.07.25 07:17:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.07.23 11:29:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.07.21 19:46:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\conny\Desktop\KEAKEAKEA
[2012.07.21 19:46:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.07.16 23:22:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SokobanCollection
[2012.07.16 23:22:15 | 000,000,000 | ---D | C] -- C:\Programme\SokobanCollection
[2012.07.16 22:53:02 | 000,000,000 | ---D | C] -- C:\Programme\Pacmax
[2012.07.16 22:53:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Pacmax
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\bass.dll
[7 C:\Dokumente und Einstellungen\conny\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\conny\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.08.12 13:38:55 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\qw2en0u5.exe
[2012.08.12 13:37:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\conny\Desktop\OTL.exe
[2012.08.12 13:29:36 | 000,025,181 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012.08.12 13:29:35 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.12 13:26:39 | 000,000,125 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2012.08.12 13:25:41 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3369755302-1571532859-2593491270-1005.job
[2012.08.12 13:25:40 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012.08.12 13:25:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3369755302-1571532859-2593491270-1005.job
[2012.08.12 13:25:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.12 13:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.11 17:11:46 | 005,505,000 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\MARJAooo.pdf
[2012.08.11 17:08:37 | 001,149,711 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\MARJANEU.pdf
[2012.08.11 16:38:57 | 009,466,893 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\MARJAklein.pdf
[2012.08.11 15:20:59 | 006,141,785 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\MARJA.pdf
[2012.08.11 14:56:25 | 386,498,559 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\Stille.iso
[2012.08.11 09:28:09 | 000,000,059 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\GoodnightTimer.ini
[2012.08.10 15:10:11 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012.08.10 11:29:11 | 000,000,457 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\burnaware.ini
[2012.08.10 09:02:41 | 000,515,900 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.08.10 09:02:41 | 000,492,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.08.10 09:02:41 | 000,100,290 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.08.10 09:02:41 | 000,083,432 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.08.10 07:31:20 | 000,028,672 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.09 17:06:47 | 000,044,544 | ---- | M] (Alexey M. Novosselov) -- C:\_jspshort42.exe
[2012.08.07 13:19:55 | 000,059,085 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\Aktualisierte Liste der Psychotherapeuten und Psychologen fuer Hoergeschaedigte.pdf
[2012.08.06 08:23:28 | 209,715,200 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\Peter_Berling_-_Die_Kinder_Des_Gral-9CD-Audiobook-DE-2007-oNePiEcE.part1.rar
[2012.08.06 05:41:54 | 000,939,243 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\Desktop\OvermannTuncer.pdf
[2012.08.04 05:28:17 | 000,007,333 | ---- | M] () -- C:\Dokumente und Einstellungen\conny\.recently-used.xbel
[2012.07.26 01:00:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.23 11:35:27 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012.07.22 10:23:08 | 000,234,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.21 19:28:45 | 000,000,253 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[7 C:\Dokumente und Einstellungen\conny\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\conny\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.08.12 13:38:49 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\qw2en0u5.exe
[2012.08.11 17:11:37 | 005,505,000 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\MARJAooo.pdf
[2012.08.11 17:08:31 | 001,149,711 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\MARJANEU.pdf
[2012.08.11 16:37:44 | 009,466,893 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\MARJAklein.pdf
[2012.08.11 14:56:16 | 006,141,785 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\MARJA.pdf
[2012.08.11 14:35:55 | 386,498,559 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\Stille.iso
[2012.08.09 20:08:10 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2012.08.07 13:19:55 | 000,059,085 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\Aktualisierte Liste der Psychotherapeuten und Psychologen fuer Hoergeschaedigte.pdf
[2012.08.06 07:48:55 | 209,715,200 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\Peter_Berling_-_Die_Kinder_Des_Gral-9CD-Audiobook-DE-2007-oNePiEcE.part1.rar
[2012.08.06 05:41:54 | 000,939,243 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Desktop\OvermannTuncer.pdf
[2012.08.04 05:28:17 | 000,007,333 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\.recently-used.xbel
[2012.07.25 07:20:06 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.21 19:28:44 | 000,000,253 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.07.12 19:25:39 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012.06.16 11:34:14 | 000,004,758 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.05.21 12:57:11 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2012.02.17 00:24:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.02 01:32:13 | 000,000,457 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\burnaware.ini
[2011.11.27 23:08:44 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\[j0004]-[p04].bmp
[2011.11.27 23:08:37 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\[j0004]-[p03].bmp
[2011.11.27 23:08:35 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\[j0004]-[p02].bmp
[2011.11.27 23:08:28 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\[j0004]-[p01].bmp
[2011.10.27 01:43:59 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.09.17 13:31:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.09.17 13:31:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.08.07 01:30:36 | 000,242,974 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-3369755302-1571532859-2593491270-1005-0.dat
[2011.08.07 01:30:35 | 000,242,974 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.08.06 21:54:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.07.15 19:12:36 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011.07.15 19:12:17 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011.07.13 09:54:45 | 000,001,493 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2011.06.30 21:29:05 | 000,186,666 | ---- | C] () -- C:\WINDOWS\hpoins39.dat
[2011.06.30 21:29:05 | 000,000,629 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat
[2011.06.30 15:28:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.24 02:05:33 | 000,000,059 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\GoodnightTimer.ini
[2011.06.24 01:10:52 | 000,028,672 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.23 23:25:36 | 000,000,468 | ---- | C] () -- C:\Programme\cdex.lnk
[2011.06.23 23:24:06 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.06.23 23:07:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011.06.23 13:34:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011.06.23 13:34:31 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.06.23 08:56:05 | 000,000,526 | RHS- | C] () -- C:\Dokumente und Einstellungen\conny\ntuser.pol
[2011.06.14 14:26:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.01.03 20:53:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.01.03 15:22:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.01.03 15:18:27 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2011.01.03 15:18:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2011.01.03 15:16:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.01.03 15:16:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.01.03 15:16:04 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.01.03 15:10:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2011.01.03 14:31:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.01.03 14:25:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.01.03 14:14:02 | 000,515,900 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2011.01.03 14:14:02 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2011.01.03 14:14:02 | 000,100,290 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2011.01.03 14:14:02 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2011.01.03 14:13:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011.01.03 14:13:31 | 000,492,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011.01.03 14:13:31 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011.01.03 14:13:31 | 000,083,432 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011.01.03 14:13:31 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011.01.03 14:13:30 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011.01.03 14:13:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011.01.03 14:13:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011.01.03 14:13:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011.01.03 14:13:20 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011.01.03 14:13:06 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011.01.03 14:13:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011.01.03 05:21:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.01.03 05:20:26 | 000,234,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011.07.01 13:36:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.06.12 12:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.02.01 22:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2012.01.24 01:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterAction studios
[2011.01.03 15:15:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.07.15 19:14:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.07.16 00:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2012.04.27 12:55:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet
[2011.06.23 13:35:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2012.08.09 20:03:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2011.06.27 13:07:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2012.02.01 21:25:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.01.03 15:14:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2011.08.06 20:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2012.01.18 22:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\www.rene-zeidler.de
[2011.07.15 20:10:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\AnvSoft
[2012.07.02 15:05:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Audacity
[2011.07.15 23:31:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\avidemux
[2011.07.01 13:36:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Canneverbe Limited
[2012.06.19 13:08:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\DAEMON Tools Lite
[2012.02.18 14:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\DDMSettings
[2012.07.21 19:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Dexpot
[2012.08.12 13:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Dropbox
[2011.07.21 21:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\DVDVideoSoft
[2011.07.21 21:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.07.20 13:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\foobar2000
[2011.09.17 13:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\FreePDF
[2012.08.04 05:28:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\gtk-2.0
[2012.07.12 18:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\HandBrake
[2011.01.03 15:23:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Lenovo
[2011.08.26 19:57:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Miranda
[2011.07.17 16:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Netscape
[2011.09.08 22:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Novation
[2011.06.23 23:02:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\OpenOffice.org
[2011.10.27 01:44:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\pdfforge
[2011.07.17 16:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Photodex
[2012.04.27 13:00:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\PixelPlanet
[2011.06.26 12:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\REAPER
[2011.06.28 20:53:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Scribus
[2012.02.01 22:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Swiss Academic Software
[2012.08.10 07:30:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Video DVD Maker FREE
[2012.01.18 22:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\conny\Anwendungsdaten\www.rene-zeidler.de
[2012.04.29 11:52:01 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2012.05.22 14:57:35 | 000,000,000 | ---D | M] -- C:\819d062b42d2dfb0aa28
[2012.05.02 22:37:19 | 000,000,000 | ---D | M] -- C:\BMW M3 Challenge
[2011.06.26 16:08:56 | 000,000,000 | ---D | M] -- C:\d2f85d8ddb98b676c2db6b
[2011.10.06 11:47:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.05.02 22:44:56 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.12.30 12:18:26 | 000,000,000 | ---D | M] -- C:\EPSON
[2011.06.24 01:06:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.08.09 17:06:23 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.08.10 09:19:48 | 000,000,000 | R--D | M] -- C:\Programme
[2011.06.23 08:36:35 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.07.07 22:49:39 | 000,000,000 | ---D | M] -- C:\Stundenpln
[2012.05.03 09:32:25 | 000,000,000 | ---D | M] -- C:\swshare
[2011.01.03 15:46:18 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2012.07.21 22:17:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.30 13:27:59 | 000,000,000 | ---D | M] -- C:\tony
[2012.08.10 07:30:56 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2012.08.12 13:24:45 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
Invalid Environment Variable: LOCALAPPDATA
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008.08.21 05:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.08.21 05:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2008.08.21 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.08.21 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008.08.21 05:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.08.21 05:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2008.08.21 05:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.08.21 05:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-12 10:02:33

< End of report >






Code


OTL Extras logfile created on: 12.08.2012 13:45:36 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Dokumente und Einstellungen\conny\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,09% Memory free
3,85 Gb Paging File | 3,28 Gb Available in Paging File | 85,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 14,93 Gb Free Space | 10,02% Space Free | Partition Type: NTFS
 
Computer Name: ICH | User Name: conny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Temp\7zS048C\setup\hpznui01.exe" = C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Temp\7zS048C\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.com" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\stats.exe" = C:\Programme\IBM\SPSS\Statistics\19\stats.exe:*:Disabled:Statistics19:exe
"C:\Programme\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe" = C:\Programme\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Temp\7zS048C\setup\hpznui01.exe" = C:\Dokumente und Einstellungen\conny\Lokale Einstellungen\Temp\7zS048C\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager
"C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi
"C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin
"C:\Programme\DsNET Corp\aTube Catcher 2.0\yct.exe" = C:\Programme\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos. -- (DsNET)
"C:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe" = C:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00997239-8A42-DEA0-7FA0-1AF26D4174D4}" = CCC Help Dutch
"{01B98AF5-3F68-2B2A-96A9-756427755EE1}" = CCC Help Japanese
"{03694711-6C4B-0CF0-5774-22130FCE0B85}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{075B0677-E2D2-4700-869A-E73E5635299E}" = Sierra Wireless HSDPA MiniCard
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F27E26B-6B0D-3339-9C3D-9D9553F0474A}" = Catalyst Control Center Localization All
"{11E48F3E-8975-FEDB-D68C-ED6A5C3DEA43}" = CCC Help Korean
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{137DCFE3-F690-9908-5E9E-9CB49FA89D2B}" = ccc-core-preinstall
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.30.0.75
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2ABCF36B-7253-88EE-E3EE-0239EED2C935}" = CCC Help Spanish
"{2C996783-CAE7-C5B5-DDF5-88613DCFC907}" = Skins
"{2ECFBC62-FC62-CA66-8C85-FC867A6E2ECB}" = CCC Help Portuguese
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53823917-21A6-A0EE-9F4B-F9F153C8C075}" = Catalyst Control Center Graphics Full Existing
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{601F2C04-4E0A-464F-B9FE-4FD140098E21}" = PS_AIO_06_B109n-z_SW_Min
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{617733FD-EDBD-4B5E-AA5D-2836828E8C60}" = Pacboy
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{69F30A63-7771-9A9E-3881-4C71B1904492}" = ccc-utility
"{6B677C72-6EE1-4E27-936D-12C26689C765}" = PacAdventures
"{6B707CD5-2425-00B2-B5C8-677862351118}" = CCC Help German
"{6CE851D7-DD98-489A-9227-5BBE08E7064B}" = ThinkVantage Fingerprint Software
"{71A4AF1A-9C08-9EC0-D246-C120866B798C}" = Catalyst Control Center Core Implementation
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F571DE-144F-E890-CDFA-020241BC5201}" = ccc-core-static
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{797A9B18-BC2A-C4DD-AF56-0E89699B8030}" = CCC Help Chinese Traditional
"{79A72AAD-7ED4-49D8-872D-D1465061F9DB}" = HP Photosmart Wireless B109n-z All-in-One Driver 14.0 Rel. 6
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FABBC7B-287C-90FD-050E-FB51EA2FF60F}" = CCC Help Italian
"{A2D1C130-C6AB-D8FD-10FC-942FFB9A64F8}" = CCC Help Chinese Standard
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3CFBAE2-741B-417C-AA59-31B2DC13D2DA}" = PsychoArcon
"{A4CE31D1-0C40-44B2-B1F9-CBCE74D9712F}" = CubePusher
"{A7ACD5B8-72E1-5E50-E8CF-748E5F224F27}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BBE9576A-0405-F53B-1B69-65D993A13A01}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF292E8C-9606-3B51-6EEF-6AA7D254A30A}" = CCC Help Swedish
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F015E93D-8D56-D76A-6B7D-A3C171471DEC}" = CCC Help French
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi-Software
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Any Video Converter_is1" = Any Video Converter 3.2.5
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"aTube Catcher" = aTube Catcher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"BurnAware Free_is1" = BurnAware Free 3.3.1
"CDex" = CDex extraction audio
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.3.720
"FreePDF_XP" = FreePDF (Remove only)
"Goodnight Timer_is1" = Goodnight Timer 1.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mtt12" = Mp3 Tag Tools v1.2
"Photodex Presenter" = Photodex Presenter
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"ProShow Gold" = ProShow Gold
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Scribus 1.3.9" = Scribus 1.3.9
"Switch" = Switch Audiodatei-Konverter
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"UltraStar Deluxe" = UltraStar Deluxe
"VLC media player" = VLC media player 1.1.10
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Normwert-Rechner" = Normwert-Rechner
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 20.06.2012 23:59:31 | Computer Name = ICH | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.06.2012 11:11:56 | Computer Name = ICH | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 24.06.2012 13:40:34 | Computer Name = ICH | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 24.06.2012 22:44:16 | Computer Name = ICH | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 28.06.2012 10:44:31 | Computer Name = ICH | Source = ESENT | ID = 490
Description = svchost (1220) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 29.06.2012 12:16:32 | Computer Name = ICH | Source = ESENT | ID = 490
Description = svchost (1220) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 30.06.2012 18:03:39 | Computer Name = ICH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung realplay.exe, Version 12.0.1.669, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 04.07.2012 12:10:10 | Computer Name = ICH | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
 faulting module mso.dll, version 12.0.4518.1014, stamp 4542867b, debug? 0, fault
 address 0x0003a930.
 
Error - 04.07.2012 14:32:20 | Computer Name = ICH | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802bfb7, debug? 0, fault
 address 0x0001948d.
 
Error - 05.07.2012 14:44:09 | Computer Name = ICH | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ OSession Events ]
Error - 29.06.2011 02:28:15 | Computer Name = ICH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 38
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.08.2011 22:42:28 | Computer Name = ICH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 408
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2012 14:48:24 | Computer Name = ICH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 50 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.07.2012 12:10:08 | Computer Name = ICH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 244
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.07.2012 14:32:20 | Computer Name = ICH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 10257 seconds with 7320 seconds of active time.  This session ended with 
a crash.
 
[ System Events ]
Error - 10.08.2012 14:28:45 | Computer Name = ICH | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 10.08.2012 14:28:45 | Computer Name = ICH | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 10.08.2012 14:28:45 | Computer Name = ICH | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 11.08.2012 12:35:50 | Computer Name = ICH | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.08.2012 15:45:01 | Computer Name = ICH | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.08.2012 15:46:09 | Computer Name = ICH | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.08.2012 15:46:18 | Computer Name = ICH | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.08.2012 18:52:51 | Computer Name = ICH | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.08.2012 18:52:58 | Computer Name = ICH | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.08.2012 16:25:24 | Computer Name = ICH | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.62 für die Netzwerkkarte mit der Netzwerkadresse
 001B778E2403 wurde durch  den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >



Code


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-12 18:27:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVS-75RST0 rev.04.01G04
Running: qw2en0u5.exe; Driver: C:\DOKUME~1\conny\LOKALE~1\Temp\pgtdrpob.sys


---- System - GMER 1.0.15 ----

SSDT            BA693AAC                                                                                                                                                                                                                                                                                                                      ZwClose
SSDT            BA693A66                                                                                                                                                                                                                                                                                                                      ZwCreateKey
SSDT            BA693AB6                                                                                                                                                                                                                                                                                                                      ZwCreateSection
SSDT            BA693A5C                                                                                                                                                                                                                                                                                                                      ZwCreateThread
SSDT            BA693A6B                                                                                                                                                                                                                                                                                                                      ZwDeleteKey
SSDT            BA693A75                                                                                                                                                                                                                                                                                                                      ZwDeleteValueKey
SSDT            BA693AA7                                                                                                                                                                                                                                                                                                                      ZwDuplicateObject
SSDT            BA693A7A                                                                                                                                                                                                                                                                                                                      ZwLoadKey
SSDT            BA693A48                                                                                                                                                                                                                                                                                                                      ZwOpenProcess
SSDT            BA693A4D                                                                                                                                                                                                                                                                                                                      ZwOpenThread
SSDT            BA693ACF                                                                                                                                                                                                                                                                                                                      ZwQueryValueKey
SSDT            BA693A84                                                                                                                                                                                                                                                                                                                      ZwReplaceKey
SSDT            BA693AC0                                                                                                                                                                                                                                                                                                                      ZwRequestWaitReplyPort
SSDT            BA693A7F                                                                                                                                                                                                                                                                                                                      ZwRestoreKey
SSDT            BA693ABB                                                                                                                                                                                                                                                                                                                      ZwSetContextThread
SSDT            BA693AC5                                                                                                                                                                                                                                                                                                                      ZwSetSecurityObject
SSDT            BA693A70                                                                                                                                                                                                                                                                                                                      ZwSetValueKey
SSDT            BA693ACA                                                                                                                                                                                                                                                                                                                      ZwSystemDebugControl
SSDT            BA693A57                                                                                                                                                                                                                                                                                                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                                                                                                                                                                                                                      section is writeable [0xB998C000, 0x1C5D38, 0xE8000020]
?               System32\Drivers\AnyDVD.sys                                                                                                                                                                                                                                                                                                   Das System kann den angegebenen Pfad nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                                                                                                                                                                                                       wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                                                                                                                                                                                                       wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:924]                                                                                                                                                                                                                                                                                                                AA6D3ACA
Thread          System [4:552]                                                                                                                                                                                                                                                                                                                AA6D3ACA
Thread          System [4:4084]                                                                                                                                                                                                                                                                                                               AA6D3ACA

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26f574db                                                                                                                                                                                                                                                   
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26f574db (not active ControlSet)                                                                                                                                                                                                                               
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                                                                                                                                                                            0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                                                                                                                                                                            0x6A 0x9C 0xD6 0x61 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                                                                                                                                                                            0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                                                                                                                                                                            0x3E 0x1E 0x9E 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                                                                                                                                                                            0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                                                                                                                                                                            0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                                                                                                                                                                                            0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                                                                                                                                                                                            0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                                                                                                                                                                                            0x51 0xFA 0x6E 0x91 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                                                                                                                                                                                            0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                                                                                                                                                                                            0xE3 0x0E 0x66 0xD5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                                                                                                                                                                                              Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                                                                                                                                                                                            C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                                                                                                                                                                                            0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\10_Leitfragen-Thema.pdf                1461759 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\11_Thema-Elternabend.pdf               721784 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\12_Phasen-Elternabend.pdf              1019979 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\13_Bearbeitungsphase.pdf               1031837 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\13_Bearbeitungsphasew.pdf              1021629 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\14_Vortrag-vorbereiten.pdf             533236 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\15_Regeln-Plakatgestaltung.pdf         54715 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\16_Gelungene-PP-Praesentationen.pdf    534127 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\17_Anregender-Elternabend.pdf          53889 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\18_Wanted.pdf                          522040 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\1_Elternabend-vorbereiten.pdf          562101 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\20_Mediennutzung.pdf                   67034 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\21_Wer-macht-was.pdf                   517001 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\22_Reflexion.pdf                       62257 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\2_Unsere-Eltern-unsere-Zielgruppe.pdf  517494 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\3_Ziele-des-Elternabends.pdf           517494 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\4_Einladung-schreiben.pdf              140308 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\5_Einladung_Willkommen.pdf             658895 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\6_Einladung-Spielen.pdf                851450 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\7_Markt-der-Moeglichkeiten.pdf         1786801 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\-----------------KITA---------------- Konzeptentwicklung, Teamarbeit, Elternarbeit, Kommunikation\Elternarbeit\Elternaben in Kita und Krippe mal anders\CD Elternaben in Kita und Krippe mal anders\8_Eltern-Infomarkt.pdf                 557324 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\--------------SPRACHE-------------- Entwicklung, Störung, Förderung, Bildung, Diagnostik, Mehrsprachigkeit, Literacy\Diagnostik, Beobachtungsverfahren\Sprachstandsbögen\Seldak\Seldak-Bogen.pdf                                           420696 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\--------------SPRACHE-------------- Entwicklung, Störung, Förderung, Bildung, Diagnostik, Mehrsprachigkeit, Literacy\Diagnostik, Beobachtungsverfahren\Sprachstandsbögen\Seldak\Seldak-Manual Teil 1.pdf                                   1673612 bytes
File            C:\Dokumente und Einstellungen\conny\Eigene Dateien\Dropbox\Kea Literaturdatenbank\--------------SPRACHE-------------- Entwicklung, Störung, Förderung, Bildung, Diagnostik, Mehrsprachigkeit, Literacy\Diagnostik, Beobachtungsverfahren\Sprachstandsbögen\Seldak\Seldak-Manual Teil 2.pdf                                   580697 bytes

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
14.08.2012, 23:55
Swisstreasure
Moderator

Beiträge: 5694
#2 ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.

• Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.

Firefox-User:
Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User:
müssen das Installieren eines ActiveX Elements erlauben.

• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Scan archives".
• Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.Wenn der Scan beendet wurde

• Klicke .
• Klicke und speichere das Logfile als ESET.txt auf dem Desktop.
• Klicke Back und Finish

Bitte poste die Logfile hier.
Seitenanfang Seitenende
15.08.2012, 23:07
Mandos
Member

Themenstarter

Beiträge: 16
#3 Vielen Dank fürs kümmern. Hier also der nächste Schritt.
Grüße!

Code

 C:\Dokumente und Einstellungen\conny\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55\75809bf7-7ed246ad    Java/Exploit.CVE-2012-1723.V trojan
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe    Win32/Toolbar.Widgi application
G:\inst\virus\NortonAntivirus2008_by_PnU.rar    probably a variant of Win32/Agent.CZPQTGH trojan
G:\inst\virus\Norton_Antivirus____.rar    probably a variant of Win32/Agent.CZPQTGH trojan
G:\neuer PC\freizeit\Spiele\Chicken\SoftonicDownloader_fuer_chicken-invaders-iii-christmas-edition.exe    a variant of Win32/SoftonicDownloader.A application
G:\neuer PC\freizeit\Spiele\Chicken\SoftonicDownloader_fuer_chicken-invaders-iii.exe    a variant of Win32/SoftonicDownloader.A application
G:\neuer PC\pragmatisch\inst\virus\NortonAntivirus2008_by_PnU.rar    probably a variant of Win32/Agent.CZPQTGH trojan
G:\neuer PC\pragmatisch\inst\virus\Norton_Antivirus____.rar    probably a variant of Win32/Agent.CZPQTGH trojan
Seitenanfang Seitenende
18.08.2012, 11:57
Swisstreasure
Moderator

Beiträge: 5694
#4

Zitat

NortonAntivirus2008
Woher hast DU das?
Seitenanfang Seitenende
20.08.2012, 17:49
Mandos
Member

Themenstarter

Beiträge: 16
#5 Puh, das weiß ich nicht mehr, ich glaube auf einer CD mit Programmen, die ich einmal von einem Bekannten bekommen habe... Warum?
Seitenanfang Seitenende
21.08.2012, 21:33
Swisstreasure
Moderator

Beiträge: 5694
#6 Weil ich denke das es sich dabei nicht um eine saubere Sache handelt.
Seitenanfang Seitenende
24.08.2012, 11:42
Mandos
Member

Themenstarter

Beiträge: 16
#7 Ok, heißt das ich sollte die Dateien direkt löschen?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1