| |
| |||||||
Log-Analyse und Auswertung: PC nach GMER scan superlangsam geworden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.06.2013, 09:12
| #1 |
 |  PC nach GMER scan superlangsam geworden. Hallo zusammen, ich habe eine großes PC-Problem. Ich hatte mir folgende Viren eingefangen: JS/Blacole.GB.159 TR/FakeAV.8775689 TR/Crypt.ZPACK.Gen6 Die habe ich selbst mit der Desinfect DVD von der c't unter unix nicht gelöscht gekriegt. Unter meinem Windows Profil ging gar nichts mehr, da jedes Programm sofort abgeschossen wurde. Dann hab ich mal spaßeshalber ein anderes Profil auf meinem PC ausprobiert. Da traten keine Probleme auf. Dort konnte ich auch die Viren problemlos mit Antivir löschen. Danach wollte ich hier meine Scandaten posten, um zu sehen, ob mein PC sauber ist. Jetzt kommt mein eigentliches Problem: Nach dem gmer-scan ist mein PC suuuuperlangsam geworden. Alles läuft im Schneckentempo ab. Hat mir GMER etwas zerschossen, oder hab ich immer noch einen Virus? Es wäre nett, wenn mir jemand helfen könnte. Danke und VG Vorlone Hier meine Scan-Ergebnisse. OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2013 19:10:39 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Dokumente und Einstellungen\xxx\Desktop\Trojaner-bord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,37 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 80,80% Memory free
5,21 Gb Paging File | 4,59 Gb Available in Paging File | 88,07% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 5,86 Gb Total Space | 5,73 Gb Free Space | 97,79% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 245,89 Gb Free Space | 83,93% Space Free | Partition Type: NTFS
Drive E: | 632,67 Gb Total Space | 230,58 Gb Free Space | 36,44% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.21 18:47:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\xxx\Desktop\Trojaner-bord\02_OTL.exe
PRC - [2013.05.07 16:52:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.30 01:28:38 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- D:\Programme\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013.04.30 01:28:38 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- D:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013.03.28 09:46:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 09:46:20 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.28 09:46:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.08 17:40:38 | 000,166,912 | ---- | M] () -- D:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011.09.20 21:50:32 | 003,196,800 | ---- | M] (Super Flexible Software Ltd. & Co. KG) -- D:\Programme\SuperFlexible\ExtremeVSS.exe
PRC - [2010.07.16 14:01:55 | 000,220,160 | ---- | M] (Microsoft Corporation) -- D:\Programme\Windows NT\Zubehör\wordpad.exe
PRC - [2010.01.09 11:30:26 | 002,326,920 | ---- | M] (Acronis) -- D:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
PRC - [2009.09.12 19:09:48 | 000,357,800 | ---- | M] (Acronis) -- D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2009.09.12 19:09:44 | 000,660,936 | ---- | M] (Acronis) -- D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2009.09.12 19:09:14 | 005,082,488 | ---- | M] (Acronis) -- D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.12.18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- D:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- D:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007.02.02 13:07:32 | 000,675,840 | ---- | M] (Sonix) -- D:\WINDOWS\vsnp2std.exe
PRC - [2007.02.02 11:23:40 | 000,258,048 | ---- | M] (SONIX) -- D:\WINDOWS\tsnp2std.exe
PRC - [2006.01.19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- D:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2005.01.31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- D:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004.04.06 20:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) -- D:\Programme\Ahead\InCD\incdsrv.exe
PRC - [2004.04.06 19:36:14 | 001,298,542 | ---- | M] (Ahead Software AG) -- D:\Programme\Ahead\InCD\InCD.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.17 16:46:46 | 012,433,920 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013.05.16 22:29:51 | 000,303,104 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013.05.08 23:46:52 | 000,557,368 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013.02.22 17:05:05 | 000,397,704 | ---- | M] () -- D:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013.02.14 23:38:39 | 011,817,472 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013.01.10 17:40:44 | 005,450,752 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.10 17:40:22 | 001,593,856 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.10 17:39:17 | 007,977,984 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.10 17:39:10 | 011,492,352 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.10.08 17:40:38 | 000,166,912 | ---- | M] () -- D:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2012.06.27 15:09:06 | 000,557,056 | ---- | M] () -- D:\Programme\Trusteer\Rapport\bin\js32.dll
MOD - [2012.01.11 21:29:36 | 003,391,488 | ---- | M] () -- d:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ac191f8a\mscorlib.dll
MOD - [2012.01.11 21:29:25 | 002,088,960 | ---- | M] () -- d:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_41954a2b\system.xml.dll
MOD - [2012.01.11 21:28:54 | 001,966,080 | ---- | M] () -- d:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_568b4a66\system.dll
MOD - [2012.01.11 21:28:34 | 001,232,896 | ---- | M] () -- d:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010.11.25 20:18:23 | 000,126,976 | ---- | M] () -- d:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2010.11.25 20:18:22 | 001,294,336 | ---- | M] () -- d:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2010.11.25 20:18:18 | 001,339,392 | ---- | M] () -- d:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010.11.25 20:18:17 | 000,323,584 | ---- | M] () -- d:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2010.11.25 20:18:11 | 000,131,072 | ---- | M] () -- d:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2010.11.25 20:18:10 | 000,241,664 | ---- | M] () -- d:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll
MOD - [2010.11.25 20:18:10 | 000,066,560 | ---- | M] () -- d:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.thunk.dll
MOD - [2010.11.25 20:16:54 | 000,233,472 | ---- | M] () -- d:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.25 20:16:53 | 000,114,688 | ---- | M] () -- d:\windows\assembly\gac\system.xml.resources\1.0.5000.0_de_b77a5c561934e089\system.xml.resources.dll
MOD - [2010.11.25 20:16:53 | 000,040,960 | ---- | M] () -- d:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2009.12.13 20:19:15 | 001,679,360 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3009.39983__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:15 | 000,483,328 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3009.40202__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:15 | 000,253,952 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3009.39941__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,196,608 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3009.39997__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:15 | 000,135,168 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3009.40208__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:15 | 000,102,400 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3009.39990__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:15 | 000,077,824 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3009.40172__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,073,728 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3009.39955__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:15 | 000,065,536 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3009.40135__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3009.39975__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:15 | 000,036,864 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,028,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3009.39990__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:15 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3009.39962__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:14 | 000,802,816 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:14 | 000,401,408 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3009.40163__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:14 | 000,352,256 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3009.40143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:14 | 000,090,112 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3009.40149__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.12.13 20:19:14 | 000,073,728 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:14 | 000,061,440 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3009.40142__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,585,728 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3009.40010__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,479,232 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3009.40095__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,442,368 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3009.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,438,272 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3009.39963__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,217,088 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3009.40004__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,118,784 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3009.40116__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.12.13 20:19:13 | 000,061,440 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3009.40016__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3009.40101__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,036,864 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3009.40115__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3009.40128__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.12.13 20:19:13 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.12.13 20:19:13 | 000,006,656 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.12.13 20:19:12 | 000,065,536 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,049,152 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,045,056 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.12.13 20:19:12 | 000,045,056 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,028,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.12.13 20:19:12 | 000,028,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,028,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.12.13 20:19:12 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.12.13 20:19:11 | 000,491,520 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3009.39969__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.12.13 20:19:11 | 000,413,696 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3009.40186__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.12.13 20:19:11 | 000,102,400 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3009.40194__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.12.13 20:19:11 | 000,073,728 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.12.13 20:19:11 | 000,061,440 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3009.40193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.12.13 20:19:11 | 000,045,056 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.12.13 20:19:11 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.12.13 20:19:11 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3009.40217__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.12.13 20:19:11 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.12.13 20:19:11 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.12.13 20:19:11 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.12.13 20:19:11 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009.12.13 20:19:11 | 000,024,576 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.12.13 20:19:11 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.12.13 20:19:11 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.12.13 20:19:11 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.12.13 20:19:11 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009.12.13 20:19:11 | 000,016,384 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.12.13 20:19:11 | 000,011,264 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3009.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009.12.13 20:19:11 | 000,006,656 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.12.13 20:19:10 | 001,507,328 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3009.39949__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.12.13 20:19:10 | 000,065,536 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3009.39934__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.12.13 20:19:10 | 000,053,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3009.39931__90ba9c70f846762e\APM.Server.dll
MOD - [2009.12.13 20:19:10 | 000,045,056 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3009.39932__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.12.13 20:19:10 | 000,040,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.12.13 20:19:10 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3009.40194__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.12.13 20:19:10 | 000,032,768 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.12.13 20:19:10 | 000,020,480 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- D:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2008.02.04 14:29:02 | 000,688,128 | ---- | M] () -- D:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- D:\WINDOWS\system32\pdfcmnnt.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 19:02:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.24 18:05:40 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.30 01:28:38 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- D:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013.03.28 09:46:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 09:46:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.08 17:40:38 | 000,166,912 | ---- | M] () [Auto | Running] -- D:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [On_Demand | Stopped] -- D:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.09.20 15:51:53 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Stopped] -- D:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.09.20 21:50:32 | 003,196,800 | ---- | M] (Super Flexible Software Ltd. & Co. KG) [Auto | Running] -- D:\Programme\SuperFlexible\ExtremeVSS.exe -- (ExtremeVSSService)
SRV - [2010.01.09 11:30:26 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- D:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.12.01 20:43:02 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- D:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.09.12 19:09:44 | 000,660,936 | ---- | M] (Acronis) [Auto | Running] -- D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.12.18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- D:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006.01.19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- D:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005.01.31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- D:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.04.06 20:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto | Running] -- D:\Programme\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.05.08 23:46:51 | 000,317,112 | ---- | M] () [Kernel | System | Running] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys -- (RapportCerberus_51755)
DRV - [2013.04.30 01:28:50 | 000,174,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- D:\Programme\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013.04.30 01:28:50 | 000,103,120 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- D:\Programme\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013.04.30 01:28:50 | 000,102,448 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013.03.28 09:46:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.28 09:46:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.28 09:46:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.22 17:05:13 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.25 23:46:20 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2011.10.06 19:35:12 | 000,020,645 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\IwUSB.sys -- (IwUSB)
DRV - [2011.09.25 19:05:25 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2011.02.04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.07.12 10:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.01.09 11:30:28 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.01.09 11:30:24 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251)
DRV - [2010.01.09 11:30:22 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010.01.09 11:30:17 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009.10.27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009.06.30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009.06.10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008.04.17 10:33:00 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.03.29 08:21:53 | 002,873,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.11.20 13:09:22 | 000,104,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.04.16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.02.02 11:24:54 | 012,027,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2005.06.02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.02.23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004.06.11 02:00:00 | 000,016,384 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2004.04.06 20:43:22 | 000,005,504 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- D:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [2004.04.06 20:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004.04.06 20:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- D:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.08.21 16:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: D:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: D:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: D:\Programme\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: D:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff\ [2013.04.24 09:54:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.05.29 19:08:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\mail@shopping-preise.de
[2011.07.17 12:10:54 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2011.07.17 12:10:54 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de
[2013.06.16 15:54:12 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions
[2013.06.16 15:54:12 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.14 18:54:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.10.14 16:19:50 | 000,030,926 | ---- | M] () (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012.12.12 17:55:18 | 000,036,098 | ---- | M] () (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.08 19:41:36 | 000,870,680 | ---- | M] () (No name found) -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\eyjw70yw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 18:05:41 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2013.05.24 18:05:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.24 18:05:23 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.05.24 18:05:23 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.24 18:05:41 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\browser\extensions
[2013.05.24 18:05:41 | 000,000,000 | ---D | M] (Default) -- D:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.12.10 19:12:44 | 000,305,744 | ---- | M] (Cisco WebEx LLC) -- D:\Programme\mozilla firefox\plugins\ieatgpc.dll
[2012.12.10 19:12:34 | 000,225,360 | ---- | M] (Cisco WebEx LLC) -- D:\Programme\mozilla firefox\plugins\npatgpc.dll
[2012.10.10 09:11:40 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- D:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
O1 HOSTS File: ([2013.06.01 08:58:52 | 000,447,876 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15405 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - D:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [InCD] D:\Programme\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [LexwareInfoService] D:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [snp2std] D:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnp2std] D:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKCU..\Run: [Internet Security] D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\btdefender.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - D:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - D:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - D:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{637C7B65-3323-4C12-99C0-DA354E2CCDE0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9965178-8016-4BF4-9F70-9ADF3C5E4286}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.16 15:59:50 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\xxx\dwhelper
[2013.05.29 19:08:06 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2013.05.29 19:07:50 | 000,000,000 | ---D | C] -- D:\Programme\QuickTime
[2013.05.29 19:07:49 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2013.05.24 18:05:21 | 000,000,000 | ---D | C] -- D:\Programme\Mozilla Firefox
[2011.09.25 19:06:35 | 000,092,064 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmmdm.sys
[2011.09.25 19:06:35 | 000,079,328 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmserd.sys
[2011.09.25 19:06:35 | 000,066,656 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmbus.sys
[2011.09.25 19:06:35 | 000,009,232 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmmdfl.sys
[2011.09.25 19:06:35 | 000,006,208 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmcmnt.sys
[2011.09.25 19:06:35 | 000,005,936 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmwhnt.sys
[2011.09.25 19:06:35 | 000,004,048 | ---- | C] (MCCI) -- D:\Dokumente und Einstellungen\xxx\mqdmcr.sys
[2010.02.16 10:39:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\Dokumente und Einstellungen\xxx\usbsermptxp.sys
[2010.02.16 10:39:05 | 000,022,768 | ---- | C] (Microsoft Corporation) -- D:\Dokumente und Einstellungen\xxx\usbsermpt.sys
========== Files - Modified Within 30 Days ==========
[2013.06.21 19:02:15 | 000,000,884 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.21 18:39:04 | 000,000,484 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013.06.21 18:38:06 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2013.06.20 21:58:30 | 000,000,064 | ---- | M] () -- D:\WINDOWS\System32\rp_stats.dat
[2013.06.20 21:58:30 | 000,000,044 | ---- | M] () -- D:\WINDOWS\System32\rp_rules.dat
[2013.06.20 21:57:34 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2013.06.16 17:18:47 | 000,000,010 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mbam.context.scan
[2013.06.16 16:57:05 | 000,000,823 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Internet Security Pro.lnk
[2013.06.16 09:53:12 | 000,001,360 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\burnaware.ini
[2013.06.16 09:00:23 | 000,150,016 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.15 16:13:09 | 027,704,298 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Inselduo1.mp4
[2013.06.15 16:07:29 | 014,861,798 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\nimmtzwei1.mp4
[2013.06.12 22:17:30 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2013.06.12 18:56:01 | 000,000,276 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.06.11 15:43:42 | 000,002,243 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.06.10 21:53:09 | 016,363,479 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\SimSalabin.mp4
[2013.06.01 08:58:52 | 000,447,876 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2013.05.31 10:04:49 | 000,022,438 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\Desktop\Bild1.jpg
[2013.05.29 19:08:06 | 000,001,590 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2013.05.25 12:01:59 | 000,000,000 | ---- | M] () -- D:\Dokumente und Einstellungen\xxx\.gtk-bookmarks
========== Files Created - No Company Name ==========
[2013.06.16 17:00:00 | 000,000,010 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mbam.context.scan
[2013.06.16 16:57:05 | 000,000,823 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Internet Security Pro.lnk
[2013.06.15 16:12:27 | 027,704,298 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\Inselduo1.mp4
[2013.06.15 16:07:07 | 014,861,798 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\nimmtzwei1.mp4
[2013.06.10 21:51:49 | 016,363,479 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Eigene Dateien\SimSalabin.mp4
[2013.05.31 10:04:49 | 000,022,438 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Desktop\Bild1.jpg
[2013.05.29 19:08:06 | 000,001,590 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2013.04.04 19:28:24 | 000,000,847 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.11.12 12:02:16 | 000,002,528 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\$_hpcst$.hpc
[2012.11.08 20:03:36 | 000,512,162 | ---- | C] () -- D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-839522115-616249376-2147125571-1004-0.dat
[2012.11.08 20:03:35 | 000,227,066 | ---- | C] () -- D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.09.26 21:57:14 | 000,974,848 | ---- | C] () -- D:\WINDOWS\System32\cis-2.4.dll
[2012.09.26 21:57:14 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.09.26 21:57:14 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.09.26 21:57:14 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.09.16 11:04:48 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.05.09 20:27:02 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012.04.15 11:18:00 | 000,338,432 | ---- | C] () -- D:\WINDOWS\System32\sqlite36_engine.dll
[2012.02.15 15:44:41 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012.01.18 19:13:41 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\.gtk-bookmarks
[2011.09.25 19:06:35 | 000,009,913 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\MCCI_MDM.INF
[2011.09.25 19:06:35 | 000,006,989 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\MCCI_BUS.INF
[2011.09.25 19:06:35 | 000,004,477 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\MCCI_SDM.INF
[2011.09.25 19:06:33 | 000,015,698 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem31.PNF
[2011.09.25 19:06:33 | 000,012,364 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem30.PNF
[2011.09.25 19:06:33 | 000,009,232 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem31.inf
[2011.09.25 19:06:33 | 000,005,813 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970393-(null)
[2011.09.25 19:06:32 | 000,014,014 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem16.PNF
[2011.09.25 19:06:32 | 000,012,836 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem17.PNF
[2011.09.25 19:06:32 | 000,012,698 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem18.PNF
[2011.09.25 19:06:32 | 000,006,009 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Kopie von oem18.inf
[2011.09.25 19:06:32 | 000,005,877 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970392-(null)
[2011.09.25 19:06:31 | 000,006,947 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970391-(null)
[2011.09.25 19:05:25 | 000,009,232 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USB_MOT_BRIT.INF
[2011.09.25 19:05:25 | 000,005,960 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USB_MOT_A1000.INF
[2011.09.25 19:05:22 | 000,014,310 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem16.PNF
[2011.09.25 19:05:22 | 000,012,836 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem17.PNF
[2011.09.25 19:05:22 | 000,012,562 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem18.PNF
[2011.09.25 19:05:22 | 000,007,195 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem16.inf
[2011.09.25 19:05:22 | 000,005,891 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem18.inf
[2011.09.25 19:05:22 | 000,005,877 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\1316970322-oem17.inf
[2011.07.24 16:44:41 | 000,031,043 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Clipboard06.jpg
[2011.01.16 11:07:27 | 000,000,036 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2010.11.25 20:18:35 | 000,000,138 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.02.16 10:39:05 | 000,007,201 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USBMOT2000.INF
[2010.02.16 10:39:05 | 000,006,141 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USBMOT2000XP.INF
[2010.02.16 10:39:05 | 000,005,880 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\USB_CMCS_2000.INF
[2010.02.06 12:55:09 | 000,001,360 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\burnaware.ini
[2010.01.01 16:03:05 | 002,904,064 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\filesync.metadata
[2009.12.28 19:46:26 | 000,059,645 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Clipboard03.jpg
[2009.12.19 12:46:46 | 000,150,016 | ---- | C] () -- D:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.19 12:37:21 | 000,040,960 | ---- | C] () -- D:\Programme\Uninstall_CDS.exe
========== ZeroAccess Check ==========
[2009.12.13 20:16:18 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.09.25 07:35:26 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.01.09 11:32:40 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.01.04 01:06:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM
[2011.09.25 18:59:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2010.12.11 12:38:01 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2010.02.16 10:50:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.02.13 20:13:19 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2010.12.10 17:24:35 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2011.01.04 01:02:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.07.02 10:41:10 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010.11.29 20:42:56 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.11.29 20:43:52 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2012.11.13 10:49:28 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2010.01.05 11:07:42 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2013.06.01 09:44:41 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SuperFlexibleSynchronizer
[2013.05.08 23:44:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trusteer
[2010.01.05 11:53:52 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.01.04 01:10:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\acccore
[2010.01.09 11:54:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Acronis
[2012.01.20 19:59:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Any Video Converter
[2012.07.08 19:57:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Auslogics
[2012.07.21 09:57:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CheckPoint
[2013.04.24 09:55:12 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoft
[2013.04.24 09:54:58 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.11.23 20:55:55 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ElevatedDiagnostics
[2011.02.13 20:13:30 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\f-secure
[2013.06.16 15:49:45 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\FreeDoko
[2011.01.03 12:20:07 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GHISLER
[2009.12.19 23:44:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GrabPro
[2011.07.17 12:10:46 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Haufe Mediengruppe
[2012.12.31 13:13:14 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\HTC
[2012.12.22 10:54:51 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.01.04 01:02:17 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ
[2010.12.10 17:30:40 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Lexware
[2013.04.24 09:54:37 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenCandy
[2010.01.01 16:35:53 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Opera
[2012.08.21 20:25:27 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Orbit
[2012.12.31 13:13:14 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Outlook
[2010.08.12 17:32:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ProgSense
[2012.12.14 17:43:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\QuickScan
[2012.11.13 10:50:35 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Samsung
[2009.12.20 14:29:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TeamViewer
[2010.01.05 11:45:01 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ulead Systems
[2012.12.11 20:41:59 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\xxx\Anwendungsdaten\webex
========== Purity Check ==========
< End of report >
[/code] GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-21 23:07:55
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST31000333AS rev.CC1F 931,51GB
Running: 03_gmer_2.1.19163.exe; Driver: D:\DOKUME~1\xxx\LOKALE~1\Temp\ugdcypod.sys
---- System - GMER 2.1 ----
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0xAE1091E6]
SSDT BA6CF244 ZwClose
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0xAE109EDA]
SSDT BA6CF1FE ZwCreateKey
SSDT BA6CF24E ZwCreateSection
SSDT BA6CF1F4 ZwCreateThread
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0xAE10A1E2]
SSDT BA6CF203 ZwDeleteKey
SSDT BA6CF20D ZwDeleteValueKey
SSDT BA6CF23F ZwDuplicateObject
SSDT BA6CF212 ZwLoadKey
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0xAE10A08A]
SSDT BA6CF1E0 ZwOpenProcess
SSDT BA6CF1E5 ZwOpenThread
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0xAE1097E0]
SSDT BA6CF267 ZwQueryValueKey
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0xAE10DCE6]
SSDT BA6CF21C ZwReplaceKey
SSDT BA6CF258 ZwRequestWaitReplyPort
SSDT BA6CF217 ZwRestoreKey
SSDT BA6CF253 ZwSetContextThread
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0xAE10A2F6]
SSDT BA6CF25D ZwSetSecurityObject
SSDT BA6CF208 ZwSetValueKey
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0xAE109090]
SSDT BA6CF262 ZwSystemDebugControl
SSDT BA6CF1EF ZwTerminateProcess
SSDT \??\D:\Programme\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0xAE108F96]
---- Kernel code sections - GMER 2.1 ----
.text D:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB6AAC000, 0x1894F8, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text D:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe[1536] ntdll.dll!KiUserApcDispatcher 7C91E450 5 Bytes JMP 00414860 D:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe
.text D:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe[1536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AB0001
.text D:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe[1536] WS2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 71A50022
.text D:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe[1536] WS2_32.dll!gethostbyname 71A15355 5 Bytes JMP 71AE0022
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[3856] ntdll.dll!KiUserApcDispatcher 7C91E450 5 Bytes JMP 0043C8B0 D:\Programme\Trusteer\Rapport\bin\RapportService.exe
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[3856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[3856] USER32.dll!GetGUIThreadInfo + FB 7E378023 6 Bytes JMP 71AE001E
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[3856] WS2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 719E0022
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[3856] WS2_32.dll!gethostbyname 71A15355 5 Bytes JMP 71A60022
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[4356] ntdll.dll!KiUserApcDispatcher 7C91E450 5 Bytes JMP 0043C8B0 D:\Programme\Trusteer\Rapport\bin\RapportService.exe
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[4356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[4356] USER32.dll!GetGUIThreadInfo + FB 7E378023 6 Bytes JMP 71AE001E
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[4356] WS2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 719E0022
.text D:\Programme\Trusteer\Rapport\bin\RapportService.exe[4356] WS2_32.dll!gethostbyname 71A15355 5 Bytes JMP 71A60022
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm251.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys
Device ACPI.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 2.1 ----
Die extra-Datei wurde beim Scan im defekten Profil nicht rausgeschrieben. Hier ist sie vom vorherigen Scan mit dem intakten Profil. OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.06.2013 18:25:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Dokumente und Einstellungen\Internet\Desktop\Trojaner-Board
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,37 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 79,03% Memory free
5,21 Gb Paging File | 4,52 Gb Available in Paging File | 86,76% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 5,86 Gb Total Space | 5,73 Gb Free Space | 97,79% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 245,93 Gb Free Space | 83,94% Space Free | Partition Type: NTFS
Drive E: | 632,67 Gb Total Space | 230,58 Gb Free Space | 36,44% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: Internet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\Windows Live\Messenger\msnmsgr.exe" = D:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"D:\Programme\Microsoft ActiveSync\rapimgr.exe" = D:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\wcescomm.exe" = D:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\WCESMgr.exe" = D:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\TeamViewer\Version5\TeamViewer.exe" = D:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"D:\Programme\Opera\opera.exe" = D:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = D:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Programme\Mozilla Firefox\firefox.exe" = D:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)
"D:\Programme\Pinnacle\Studio 10\programs\RM.exe" = D:\Programme\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"D:\Programme\Pinnacle\Studio 10\programs\Studio.exe" = D:\Programme\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"D:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = D:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"D:\Programme\Pinnacle\Studio 10\programs\umi.exe" = D:\Programme\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"D:\Programme\AIM\aim.exe" = D:\Programme\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"D:\Programme\Windows Live\Messenger\msnmsgr.exe" = D:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"D:\WINDOWS\system32\muzapp.exe" = D:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"D:\Programme\Microsoft ActiveSync\rapimgr.exe" = D:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\wcescomm.exe" = D:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\WCESMgr.exe" = D:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Programme\Skype\Phone\Skype.exe" = D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0F33250B-7C59-5A14-6ED5-FCC251A962D0}" = Skins
"{14378007-ACD5-2482-33A1-F79289A452E7}" = Catalyst Control Center Graphics Full Existing
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E1CB0CC-50E9-2618-5D7C-03BE0A27E118}" = Catalyst Control Center Core Implementation
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{3563500D-85F7-48AE-A91D-811E92BA49BB}" = TAXMAN Bibliothek 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CA9EA31-65E6-00E2-3DBB-19AF01D51C8D}" = Catalyst Control Center Graphics Light
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EF19AD3-1873-9072-D526-E8F4E6A9EE59}" = Catalyst Control Center Graphics Full New
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68C83D63-C661-C444-7E60-E0328D842ECB}" = ccc-core-preinstall
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D07FDD-94B7-A4EE-8C28-888C55D33831}" = ccc-core-static
"{73de70aa-feea-4d40-a5c9-e9feda59c7d8}" = Nero 9 Lite
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 WEB CAMERA
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7FFC95A3-A514-E94D-72A1-B0FF80656519}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532B22-5270-4720-A9EF-E8FEB889EC30}" = HTC Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97FA9DC8-B4AF-84EE-DA97-B13FE28381BA}" = ccc-utility
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEC1F5F9-501B-43EF-834D-86CF63F64722}" = TAXMAN Bibliothek 2010
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EED085D5-A3FA-4FB2-BC93-48C1194E6E26}" = Adobe Photoshop Lightroom
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F73920B1-FD39-6893-4E9B-748311B666AF}" = Catalyst Control Center Graphics Previews Common
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 2.7.5
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BurnAware Free_is1" = BurnAware Free 6.3
"CCleaner" = CCleaner
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.422
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.2.718
"FreeDoko" = FreeDoko 0.7.11
"GIMP-2_is1" = GIMP 2.8.4
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Opera 12.02.1578" = Opera 12.02
"Orbit_is1" = Orbit Downloader
"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Super Flexible File Synchronizer_is1" = Super Flexible File Synchronizer 5.67
"TeamViewer 5" = TeamViewer 5
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.06.2013 21:00:33 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei D:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
enthalten.
Error - 16.06.2013 21:00:34 | Computer Name = xxx-PC | Source = NativeWrapper | ID = 5000
Description =
Error - 17.06.2013 00:23:59 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 17.06.2013 00:24:00 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei D:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
enthalten.
Error - 17.06.2013 00:24:01 | Computer Name = xxx-PC | Source = NativeWrapper | ID = 5000
Description =
Error - 20.06.2013 15:58:51 | Computer Name = xxx-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 21.06.2013 08:58:53 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 21.06.2013 08:58:55 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei D:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
enthalten.
Error - 21.06.2013 08:58:57 | Computer Name = xxx-PC | Source = NativeWrapper | ID = 5000
Description =
Error - 21.06.2013 09:50:52 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11609
Description =
[ System Events ]
Error - 20.06.2013 16:01:28 | Computer Name = xxx-PC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 20.06.2013 16:01:52 | Computer Name = xxx-PC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 21.06.2013 08:53:32 | Computer Name = xxx-PC | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 21.06.2013 08:53:32 | Computer Name = xxx-PC | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 21.06.2013 08:53:47 | Computer Name = xxx-PC | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 21.06.2013 08:53:47 | Computer Name = xxx-PC | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 21.06.2013 08:54:07 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
Description = Der Server "{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 21.06.2013 08:58:58 | Computer Name = xxx-PC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
Error - 21.06.2013 09:49:53 | Computer Name = xxx-PC | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 21.06.2013 09:49:53 | Computer Name = xxx-PC | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
< End of report >
[/code] |
| Themen zu PC nach GMER scan superlangsam geworden. |
| ad-aware, antivir, application/pdf:, avira, bho, cloud, converter, desktop, downloader, dvdvideosoft ltd., error, fehlercode 1, firefox, flash player, gmer-scan, home, installation, internet browser, intranet, js/blacole.gb.159, logfile, mozilla, mp3, msiinstaller, nicht installiert, nodrives, ntdll.dll, plug-in, programm, realtek, registry, remote control, revo uninstaller, safer networking, scan, secunia psi, security, software, super, total commander, tr/crypt.zpack.gen6, tr/fakeav.8775689, tracker, viren, virus, vista, windows, windows internet |
Baum-Darstellung