| |
| |||||||
Log-Analyse und Auswertung: Gelöst aber richtig?/ LPD (GVA) Trojaner auf XP mit Verhinderung abgesicherter SystemstartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.05.2014, 12:31
| #1 |
| |  Gelöst aber richtig?/ LPD (GVA) Trojaner auf XP mit Verhinderung abgesicherter Systemstart Habe/hatte den Virus mit der netten Seite der LPD und Heinzi Fischer... Ich habe mit OTLPE einen Scan gezogen: Code:
ATTFilter OTL logfile created on: 5/26/2014 1:00:56 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 136.73 Gb Total Space | 77.55 Gb Free Space | 56.72% Space Free | Partition Type: NTFS
Drive D: | 34.25 Gb Total Space | 0.39 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive E: | 978.07 Mb Total Space | 733.52 Mb Free Space | 75.00% Space Free | Partition Type: FAT32
Drive F: | 1397.26 Gb Total Space | 26.76 Gb Free Space | 1.92% Space Free | Partition Type: NTFS
Drive G: | 2.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - [2014/05/26 03:19:29 | 000,157,696 | ---- | M] () [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\72708163A29C273D7EF0E798417733CC\hclg9dol.cpp -- (winmgmt)
SRV - [2014/05/13 08:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/01/09 01:17:38 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013/08/09 01:45:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/22 07:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/06/24 12:30:55 | 003,442,640 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/03/02 12:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 12:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011/08/05 06:14:10 | 006,495,504 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/08/05 06:13:14 | 000,809,192 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/07/22 08:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/07/19 23:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/18 05:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 08:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005/05/10 21:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- -- (Pcouffin)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2014/05/13 08:17:24 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/05/13 08:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/05/13 08:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/01/06 21:48:42 | 000,012,288 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2012/06/24 12:31:01 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/06/24 12:30:42 | 000,766,208 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/06/24 12:30:37 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/06/24 12:30:17 | 000,126,112 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2012/06/24 12:30:13 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
DRV - [2012/06/24 12:30:08 | 000,170,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/06/24 12:30:03 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/06/22 05:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2012/05/01 19:35:17 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/07/13 07:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 07:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011/05/18 01:49:32 | 000,054,784 | ---- | M] (GenesysLogic) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GeneStor.sys -- (GeneStor)
DRV - [2011/05/06 06:42:22 | 000,086,912 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AssmannUDSMBus.sys -- (AssmannUDSMBus)
DRV - [2011/05/06 06:37:08 | 000,139,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AssmannUDSTcpBus.sys -- (AssmannUDSTcpBus)
DRV - [2010/07/28 18:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/28 02:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/12 03:23:10 | 003,489,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:45:33 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2007/12/12 08:11:08 | 000,012,288 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2007/12/10 18:53:34 | 000,554,240 | ---- | M] (DiBcom SA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700)
DRV - [2007/11/09 04:07:34 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)
DRV - [2006/09/20 12:38:26 | 000,207,152 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Si3124r5.sys -- (Si3124r5)
DRV - [2006/08/28 20:10:06 | 000,158,208 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/13 13:42:42 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/02/03 10:17:46 | 000,100,881 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SI3124r.sys -- (SI3124r)
DRV - [2003/05/23 07:49:20 | 000,037,760 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2002/04/02 10:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Harald_Sahling_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\Harald_Sahling_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Harald_Sahling_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\Programme\Gemeinsame Dateien\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/04/10 02:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Programme\MSN Toolbar\Platform\5.0.1449.0\Firefox [2013/07/24 17:04:15 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/06/25 16:58:12 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Harald_Sahling_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Harald_Sahling_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Harald_Sahling_ON_C\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [FRYMXINS] C:\Programme\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [HP Designjet Z3100 Photo Series] C:\Programme\HP Designjet Z3100 Photo Series\Setup.exe ()
O4 - HKLM..\Run: [KCodes UDS Control Center] C:\Programme\Assmann\USB Device Server\Control Center.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [KnexStarter] C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Programme\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [PUStarter] C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [RunPUTasktray] File not found
O4 - HKLM..\Run: [RunTasktray] File not found
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\Harald_Sahling_ON_C..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\Harald_Sahling_ON_C..\Run: [AmazonMP3DownloaderHelper] C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\Harald_Sahling_ON_C..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\Harald_Sahling_ON_C..\Run: [HP Officejet Pro 8600 (NET)] C:\Programme\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\Harald_Sahling_ON_C..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (AMD)
O4 - HKU\Harald_Sahling_ON_C..\Run: [uTorrent] C:\Programme\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Spyder3Utility.lnk = C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\PMCRemoteLauncher.lnk = C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (Pinnacle Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Harald_Sahling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Harald_Sahling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176666679466 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274738872446 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Programme\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Programme\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Programme\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/15 13:51:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/18 17:01:26 | 000,000,235 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007/01/30 09:01:30 | 000,000,143 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{92de9e13-7bee-11dd-98d0-000d3aa379a4}\Shell - "" = AutoRun
O33 - MountPoints2\{92de9e13-7bee-11dd-98d0-000d3aa379a4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92de9e13-7bee-11dd-98d0-000d3aa379a4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDisk-Games.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\TVCenterPro.exe -- [2007/02/13 05:57:54 | 000,760,904 | R--- | M] (Pinnacle Systems)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2014/05/26 03:48:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2014/05/26 03:19:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\72708163A29C273D7EF0E798417733CC
[2014/05/16 02:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Harald Sahling\Desktop\Steidl
[2014/05/13 21:03:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2007/11/22 15:25:40 | 000,017,376 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GT680X.SYS
[2001/09/19 08:32:26 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/26 05:31:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2014/05/26 05:25:39 | 000,001,065 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\Dropbox.lnk
[2014/05/26 05:24:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/26 05:22:12 | 000,001,075 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Desktop\Dropbox.lnk
[2014/05/26 05:12:34 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/26 05:10:46 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
[2014/05/26 05:10:44 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2014/05/26 05:10:43 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\ROC_PAID_JAN2013_TB_rmv.job
[2014/05/26 05:10:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/26 05:10:12 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2014/05/26 04:10:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/05/26 04:08:57 | 000,001,971 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Desktop\SpyHunter.lnk
[2014/05/26 03:29:20 | 000,000,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Desktop\TVCenter Pro.lnk
[2014/05/26 03:19:30 | 000,000,818 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk
[2014/05/25 20:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-INTELLISTATION1-Harald Sahling.job
[2014/05/25 14:40:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/05/25 13:06:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/05/25 08:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/05/21 03:37:55 | 000,000,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2014.lnk
[2014/05/21 03:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Eigenständige Version von Link Scanner
[2014/05/13 08:17:24 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2014/05/13 08:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2014/05/13 08:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2014/05/11 09:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
[2014/04/30 04:13:01 | 006,022,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/26 03:29:17 | 000,000,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Desktop\TVCenter Pro.lnk
[2014/05/26 03:19:30 | 000,000,818 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk
[2014/04/14 17:47:04 | 000,014,232 | ---- | C] () -- C:\WINDOWS\System32\sh4native.exe
[2014/04/14 08:38:39 | 000,010,498 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lpm.dat
[2014/02/22 16:04:19 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Adobe Save for Web 12.0 Prefs
[2014/02/09 07:40:02 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Adobe PNG Format CS5 Prefs
[2013/09/21 06:05:14 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zprib.ini
[2013/04/18 16:01:04 | 000,266,643 | ---- | C] () -- C:\WINDOWS\hpwins22.dat.temp
[2013/02/21 05:04:38 | 002,302,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\backup.pst
[2013/02/03 05:20:06 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Adobe BMP Format CS5 Prefs
[2012/12/12 22:26:50 | 002,821,083 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1547161642-602162358-725345543-1003-0.dat
[2012/12/08 07:37:15 | 000,414,914 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012/11/13 14:04:13 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini
[2012/10/31 03:53:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\XMLEditor4.INI
[2012/09/03 02:22:34 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ustor.dll
[2012/09/03 02:22:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\UMonit.exe
[2012/09/03 02:22:05 | 000,172,097 | ---- | C] () -- C:\WINDOWS\System32\NoMSGuninstall.exe
[2012/09/03 02:22:05 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\ProductName.ini
[2012/09/03 02:22:04 | 000,001,519 | ---- | C] () -- C:\WINDOWS\System32\_IconCfg0.ini
[2012/09/03 02:22:04 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2012/06/22 05:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\ESGScanner.sys
[2012/06/22 05:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\EsgScanner.sys
[2012/05/09 17:22:28 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012/05/09 17:22:22 | 000,025,804 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/05/09 17:22:21 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012/01/26 16:54:37 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/26 16:54:37 | 000,001,324 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat
[2011/05/16 17:01:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/03/24 02:23:57 | 000,023,671 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/26 12:31:15 | 015,376,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\s-1-5-21-1547161642-602162358-725345543-1003.rrr
[2009/12/26 12:31:14 | 000,241,664 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\s-1-5-19.rrr
[2009/12/26 12:31:14 | 000,233,472 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\s-1-5-20.rrr
[2009/12/26 11:44:46 | 000,078,195 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/09/12 19:15:20 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\m4atag.dll
[2009/09/12 14:19:40 | 000,000,078 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\rpdeluxe.properties
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/14 17:50:18 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/07/02 16:46:02 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2009/02/21 16:46:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/12/10 17:29:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/12/10 17:29:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/11/24 02:26:00 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2008/10/20 16:54:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/05/26 17:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 17:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 17:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 16:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 16:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/23 07:40:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/03/19 10:26:52 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\Spyder3.sys
[2007/11/29 05:17:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PenPowerTS863.INI
[2007/11/22 15:26:17 | 000,708,608 | ---- | C] () -- C:\WINDOWS\SnapShow.exe
[2007/11/22 15:26:17 | 000,360,769 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt930b.sys
[2007/11/22 15:26:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SnapTrap.exe
[2007/11/22 15:26:17 | 000,025,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd930b.sys
[2007/11/22 15:26:17 | 000,015,365 | ---- | C] () -- C:\WINDOWS\930TwCfg.INI
[2007/11/22 15:26:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/11/22 15:25:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AutoSet.dll
[2007/10/28 17:45:11 | 000,000,756 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/07/29 08:10:08 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/06/22 18:10:54 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2007/06/19 18:51:00 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/06/19 18:48:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\hpdjz3100.ini
[2007/06/19 18:45:11 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hplj5200m.ini
[2007/05/20 04:54:49 | 000,059,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/19 15:09:44 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/05/05 13:02:42 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/05/05 10:31:09 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/05/05 10:31:09 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/05/02 20:17:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/05/01 18:14:19 | 000,000,230 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/01 16:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/04/16 18:30:10 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLea.DAT
[2007/04/16 03:34:35 | 000,242,688 | ---- | C] () -- C:\WINDOWS\System32\ISP2003.dll
[2007/04/16 03:22:26 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/15 21:37:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/04/15 14:35:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/15 14:34:04 | 003,695,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/15 13:54:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/15 13:48:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/26 09:14:54 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\HPDevEnm.dll
[2007/02/16 18:48:38 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/11/24 12:09:58 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/05/03 07:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 06:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,596,696 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/23 08:00:00 | 000,542,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,127,792 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/23 08:00:00 | 000,097,500 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 10:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1997/06/14 04:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2012/10/30 13:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Samsung
[2009/03/05 20:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\.BitTornado
[2007/04/16 19:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\ACD Systems
[2012/06/24 12:32:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Acronis
[2013/06/20 02:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Amazon
[2009/12/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\AnvSoft
[2009/07/29 04:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Any Video Converter Professional
[2012/10/11 15:28:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\AskToolbar
[2013/09/26 10:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\AVG2014
[2010/04/14 21:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\AVG9
[2007/05/17 08:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\CD-LabelPrint
[2014/01/06 10:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\chc
[2014/01/06 10:09:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/18 17:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\DDMSettings
[2014/05/26 05:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Dropbox
[2014/05/26 05:25:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\DropboxMaster
[2013/11/05 18:07:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\dRS4photo
[2010/11/14 09:31:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\dRS4photo.CC441639FAB643879327A3CEA2D410C2594D7DBE.1
[2014/05/18 12:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\FileZilla
[2012/11/07 05:45:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Jablotron
[2012/06/24 11:26:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\netdesigner
[2007/04/16 18:46:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Nikon
[2007/09/23 10:08:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Opera
[2012/10/30 13:16:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Samsung
[2007/06/23 21:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\SlySoft
[2013/07/24 09:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\TeamViewer
[2014/05/26 05:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\uTorrent
[2010/11/12 16:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Windows Desktop Search
[2011/03/06 08:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Windows Search
[2014/05/26 03:19:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\72708163A29C273D7EF0E798417733CC
[2013/10/31 01:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2013/09/08 03:26:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2008/01/18 05:17:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery
[2013/09/26 10:23:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014
[2012/05/08 17:28:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2007/05/01 16:46:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011/03/15 03:48:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2007/11/22 15:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverInfo
[2007/08/05 12:32:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2007/04/16 18:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2011/01/29 18:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2008/07/10 15:27:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2014/05/26 03:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2009/02/04 13:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2007/12/30 07:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase One
[2008/05/23 07:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2012/08/20 14:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2007/06/22 18:11:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009/12/12 15:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2007/04/16 18:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2008/11/24 02:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2014/05/26 04:10:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2014/05/25 14:40:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2014/05/25 13:06:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2014/05/25 08:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2014/05/26 05:10:46 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
[2014/05/11 09:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
[2014/05/26 05:10:44 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
[2014/05/26 05:10:43 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_PAID_JAN2013_TB_rmv.job
[2014/05/26 05:31:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:485C605C8F59BA9C
@Alternate Data Stream - 171 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:661DFA1C
< End of report >
Teil 1 Code:
ATTFilter ========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winmgmt deleted successfully.
C:\DOKUME~1\ALLUSE~1\ANWEND~1\72708163A29C273D7EF0E798417733CC\hclg9dol.cpp moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast.INTELLISTATION1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Harald Sahling
->Temp folder emptied: 2868348 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46937 bytes
Total Files Cleaned = 3.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 05262014_150929
Code:
ATTFilter ========== OTL ==========
File move failed. C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk scheduled to be moved on reboot.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
========== COMMANDS ==========
OTLPE by OldTimer - Version 3.1.48.0 log created on 05262014_133538
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk not found!
File\Folder X:\I386\SYSTEM32\RUNDLL32.EXE not found!
Registry entries deleted on Reboot...
Code:
ATTFilter ========== OTL ==========
C:\Dokumente und Einstellungen\Harald Sahling\Desktop\TVCenter Pro.lnk moved successfully.
C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Gast.INTELLISTATION1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Harald Sahling
->Temp folder emptied: 68389785 bytes
->Temporary Internet Files folder emptied: 1033119907 bytes
->Java cache emptied: 67777547 bytes
->Flash cache emptied: 83677 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 84613 bytes
User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 63663 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1319838 bytes
%systemroot%\System32 .tmp files removed: 721287 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174303515 bytes
Total Files Cleaned = 1,284.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 05262014_133017
Code:
ATTFilter OTL logfile created on: 5/26/2014 3:02:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 136.73 Gb Total Space | 78.83 Gb Free Space | 57.65% Space Free | Partition Type: NTFS
Drive D: | 34.25 Gb Total Space | 0.39 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive E: | 978.07 Mb Total Space | 733.52 Mb Free Space | 75.00% Space Free | Partition Type: FAT32
Drive F: | 1397.26 Gb Total Space | 26.76 Gb Free Space | 1.92% Space Free | Partition Type: NTFS
Drive G: | 2.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - [2014/05/26 03:19:29 | 000,157,696 | ---- | M] () [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\72708163A29C273D7EF0E798417733CC\hclg9dol.cpp -- (winmgmt)
SRV - [2014/05/13 08:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/01/09 01:17:38 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013/08/09 01:45:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/22 07:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/06/24 12:30:55 | 003,442,640 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/03/02 12:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 12:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011/08/05 06:14:10 | 006,495,504 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/08/05 06:13:14 | 000,809,192 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/07/22 08:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/07/19 23:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/18 05:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 08:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005/05/10 21:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- -- (Pcouffin)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2014/05/13 08:17:24 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/05/13 08:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/05/13 08:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/01/06 21:48:42 | 000,012,288 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2012/06/24 12:31:01 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/06/24 12:30:42 | 000,766,208 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/06/24 12:30:37 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/06/24 12:30:17 | 000,126,112 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2012/06/24 12:30:13 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
DRV - [2012/06/24 12:30:08 | 000,170,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/06/24 12:30:03 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/06/22 05:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2012/05/01 19:35:17 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/07/13 07:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 07:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011/05/18 01:49:32 | 000,054,784 | ---- | M] (GenesysLogic) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GeneStor.sys -- (GeneStor)
DRV - [2011/05/06 06:42:22 | 000,086,912 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AssmannUDSMBus.sys -- (AssmannUDSMBus)
DRV - [2011/05/06 06:37:08 | 000,139,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AssmannUDSTcpBus.sys -- (AssmannUDSTcpBus)
DRV - [2010/07/28 18:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/28 02:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/12 03:23:10 | 003,489,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:45:33 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2007/12/12 08:11:08 | 000,012,288 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2007/12/10 18:53:34 | 000,554,240 | ---- | M] (DiBcom SA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700)
DRV - [2007/11/09 04:07:34 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)
DRV - [2006/09/20 12:38:26 | 000,207,152 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Si3124r5.sys -- (Si3124r5)
DRV - [2006/08/28 20:10:06 | 000,158,208 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/13 13:42:42 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/02/03 10:17:46 | 000,100,881 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SI3124r.sys -- (SI3124r)
DRV - [2003/05/23 07:49:20 | 000,037,760 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2002/04/02 10:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Harald_Sahling_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\Harald_Sahling_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Harald_Sahling_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\Programme\Gemeinsame Dateien\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/04/10 02:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Programme\MSN Toolbar\Platform\5.0.1449.0\Firefox [2013/07/24 17:04:15 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/06/25 16:58:12 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Harald_Sahling_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Harald_Sahling_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Harald_Sahling_ON_C\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [FRYMXINS] C:\Programme\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [HP Designjet Z3100 Photo Series] C:\Programme\HP Designjet Z3100 Photo Series\Setup.exe ()
O4 - HKLM..\Run: [KCodes UDS Control Center] C:\Programme\Assmann\USB Device Server\Control Center.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [KnexStarter] C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Programme\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [PUStarter] C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [RunPUTasktray] File not found
O4 - HKLM..\Run: [RunTasktray] File not found
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\Harald_Sahling_ON_C..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\Harald_Sahling_ON_C..\Run: [AmazonMP3DownloaderHelper] C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\Harald_Sahling_ON_C..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\Harald_Sahling_ON_C..\Run: [HP Officejet Pro 8600 (NET)] C:\Programme\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\Harald_Sahling_ON_C..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (AMD)
O4 - HKU\Harald_Sahling_ON_C..\Run: [uTorrent] C:\Programme\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Spyder3Utility.lnk = C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\PMCRemoteLauncher.lnk = C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (Pinnacle Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Harald_Sahling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Harald_Sahling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176666679466 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274738872446 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Programme\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Programme\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Programme\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/15 13:51:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/18 17:01:26 | 000,000,235 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007/01/30 09:01:30 | 000,000,143 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{92de9e13-7bee-11dd-98d0-000d3aa379a4}\Shell - "" = AutoRun
O33 - MountPoints2\{92de9e13-7bee-11dd-98d0-000d3aa379a4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92de9e13-7bee-11dd-98d0-000d3aa379a4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDisk-Games.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\TVCenterPro.exe -- [2007/02/13 05:57:54 | 000,760,904 | R--- | M] (Pinnacle Systems)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2014/05/26 13:35:38 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2014/05/26 13:30:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/26 03:48:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2014/05/26 03:19:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\72708163A29C273D7EF0E798417733CC
[2014/05/16 02:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Harald Sahling\Desktop\Steidl
[2014/05/13 21:03:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2007/11/22 15:25:40 | 000,017,376 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GT680X.SYS
[2001/09/19 08:32:26 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
========== Files - Modified Within 30 Days ==========
[2014/05/26 07:51:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2014/05/26 07:47:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/26 07:45:39 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
[2014/05/26 07:45:38 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2014/05/26 07:45:37 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\ROC_PAID_JAN2013_TB_rmv.job
[2014/05/26 07:45:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/26 07:45:04 | 000,149,865 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2014/05/26 07:39:31 | 000,000,818 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk
[2014/05/26 05:25:39 | 000,001,065 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\Dropbox.lnk
[2014/05/26 05:24:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/26 05:22:12 | 000,001,075 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Desktop\Dropbox.lnk
[2014/05/26 04:10:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/05/26 04:08:57 | 000,001,971 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald Sahling\Desktop\SpyHunter.lnk
[2014/05/25 20:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-INTELLISTATION1-Harald Sahling.job
[2014/05/25 14:40:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/05/25 13:06:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/05/25 08:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/05/21 03:37:55 | 000,000,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2014.lnk
[2014/05/21 03:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Eigenständige Version von Link Scanner
[2014/05/13 08:17:24 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2014/05/13 08:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2014/05/13 08:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2014/05/11 09:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
[2014/04/30 04:13:01 | 006,022,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
========== Files Created - No Company Name ==========
[2014/05/26 07:39:31 | 000,000,818 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Startmenü\Programme\Autostart\explorer.lnk
[2014/04/14 17:47:04 | 000,014,232 | ---- | C] () -- C:\WINDOWS\System32\sh4native.exe
[2014/04/14 08:38:39 | 000,010,498 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lpm.dat
[2014/02/22 16:04:19 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\Adobe Save for Web 12.0 Prefs
[2014/02/09 07:40:02 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Adobe PNG Format CS5 Prefs
[2013/09/21 06:05:14 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zprib.ini
[2013/04/18 16:01:04 | 000,266,643 | ---- | C] () -- C:\WINDOWS\hpwins22.dat.temp
[2013/02/21 05:04:38 | 002,302,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\backup.pst
[2013/02/03 05:20:06 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Adobe BMP Format CS5 Prefs
[2012/12/12 22:26:50 | 002,821,083 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1547161642-602162358-725345543-1003-0.dat
[2012/12/08 07:37:15 | 000,414,914 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012/11/13 14:04:13 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini
[2012/10/31 03:53:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\XMLEditor4.INI
[2012/09/03 02:22:34 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ustor.dll
[2012/09/03 02:22:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\UMonit.exe
[2012/09/03 02:22:05 | 000,172,097 | ---- | C] () -- C:\WINDOWS\System32\NoMSGuninstall.exe
[2012/09/03 02:22:05 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\ProductName.ini
[2012/09/03 02:22:04 | 000,001,519 | ---- | C] () -- C:\WINDOWS\System32\_IconCfg0.ini
[2012/09/03 02:22:04 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2012/06/22 05:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\ESGScanner.sys
[2012/06/22 05:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\EsgScanner.sys
[2012/05/09 17:22:28 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012/05/09 17:22:22 | 000,025,804 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/05/09 17:22:21 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012/01/26 16:54:37 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/26 16:54:37 | 000,001,324 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat
[2011/05/16 17:01:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/03/24 02:23:57 | 000,023,671 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/26 12:31:15 | 015,376,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\s-1-5-21-1547161642-602162358-725345543-1003.rrr
[2009/12/26 12:31:14 | 000,241,664 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\s-1-5-19.rrr
[2009/12/26 12:31:14 | 000,233,472 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\s-1-5-20.rrr
[2009/12/26 11:44:46 | 000,078,195 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/09/12 19:15:20 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\m4atag.dll
[2009/09/12 14:19:40 | 000,000,078 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\rpdeluxe.properties
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/14 17:50:18 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/07/02 16:46:02 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2009/02/21 16:46:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/12/10 17:29:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/12/10 17:29:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/11/24 02:26:00 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2008/10/20 16:54:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/05/26 17:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 17:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 17:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 16:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 16:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/23 07:40:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/03/19 10:26:52 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\Spyder3.sys
[2007/11/29 05:17:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PenPowerTS863.INI
[2007/11/22 15:26:17 | 000,708,608 | ---- | C] () -- C:\WINDOWS\SnapShow.exe
[2007/11/22 15:26:17 | 000,360,769 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt930b.sys
[2007/11/22 15:26:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SnapTrap.exe
[2007/11/22 15:26:17 | 000,025,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd930b.sys
[2007/11/22 15:26:17 | 000,015,365 | ---- | C] () -- C:\WINDOWS\930TwCfg.INI
[2007/11/22 15:26:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/11/22 15:25:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AutoSet.dll
[2007/10/28 17:45:11 | 000,000,756 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/07/29 08:10:08 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/06/22 18:10:54 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2007/06/19 18:51:00 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/06/19 18:48:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\hpdjz3100.ini
[2007/06/19 18:45:11 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hplj5200m.ini
[2007/05/20 04:54:49 | 000,059,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald Sahling\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/19 15:09:44 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/05/05 13:02:42 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/05/05 10:31:09 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/05/05 10:31:09 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/05/02 20:17:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/05/01 18:14:19 | 000,000,230 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/01 16:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/04/16 18:30:10 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLea.DAT
[2007/04/16 03:34:35 | 000,242,688 | ---- | C] () -- C:\WINDOWS\System32\ISP2003.dll
[2007/04/16 03:22:26 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/15 21:37:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/04/15 14:35:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/15 14:34:04 | 003,695,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/15 13:54:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/15 13:48:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/26 09:14:54 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\HPDevEnm.dll
[2007/02/16 18:48:38 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/11/24 12:09:58 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/05/03 07:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 06:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,596,696 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/23 08:00:00 | 000,542,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,127,792 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/23 08:00:00 | 000,097,500 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 10:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1997/06/14 04:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2013/09/08 02:58:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Acronis
[2013/09/26 10:23:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\AVG2014
[2009/03/05 20:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\.BitTornado
[2007/04/16 19:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\ACD Systems
[2012/06/24 12:32:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Acronis
[2013/06/20 02:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Amazon
[2009/12/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\AnvSoft
[2009/07/29 04:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Any Video Converter Professional
[2012/10/11 15:28:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\AskToolbar
[2013/09/26 10:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\AVG2014
[2010/04/14 21:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\AVG9
[2007/05/17 08:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\CD-LabelPrint
[2014/01/06 10:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\chc
[2014/01/06 10:09:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/18 17:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\DDMSettings
[2014/05/26 05:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Dropbox
[2014/05/26 05:25:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\DropboxMaster
[2013/11/05 18:07:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\dRS4photo
[2010/11/14 09:31:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\dRS4photo.CC441639FAB643879327A3CEA2D410C2594D7DBE.1
[2014/05/18 12:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\FileZilla
[2012/11/07 05:45:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Jablotron
[2012/06/24 11:26:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\netdesigner
[2007/04/16 18:46:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Nikon
[2007/09/23 10:08:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Opera
[2012/10/30 13:16:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Samsung
[2007/06/23 21:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\SlySoft
[2013/07/24 09:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\TeamViewer
[2014/05/26 05:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\uTorrent
[2010/11/12 16:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Windows Desktop Search
[2011/03/06 08:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald Sahling\Anwendungsdaten\Windows Search
[2012/10/30 13:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Samsung
[2014/05/26 03:19:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\72708163A29C273D7EF0E798417733CC
[2013/10/31 01:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2013/09/08 03:26:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2008/01/18 05:17:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery
[2013/09/26 10:23:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014
[2012/05/08 17:28:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2007/05/01 16:46:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011/03/15 03:48:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2007/11/22 15:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverInfo
[2007/08/05 12:32:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2007/04/16 18:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2011/01/29 18:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2008/07/10 15:27:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2014/05/26 03:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2009/02/04 13:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2007/12/30 07:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase One
[2008/05/23 07:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2012/08/20 14:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2007/06/22 18:11:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009/12/12 15:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2007/04/16 18:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2008/11/24 02:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2014/05/26 04:10:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2014/05/25 14:40:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2014/05/25 13:06:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2014/05/25 08:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2014/05/26 07:45:39 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
[2014/05/11 09:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
[2014/05/26 07:45:38 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
[2014/05/26 07:45:37 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_PAID_JAN2013_TB_rmv.job
[2014/05/26 07:51:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:485C605C8F59BA9C
@Alternate Data Stream - 171 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:661DFA1C
< End of report >
-------------- RUNDLL Fehler beim Laden von c:\dokumen~1\alluse~1\727081~1\hclg9dol.cpp Das angegebene Modul wurde nicht gefunden -------------- Sonst scheint alles (auch der IE) zu funktionieren. Lasse jetzt nochmals einen SpyHunter drüberlaufen... wars das dann oder soll ich nochwas tun /bzw ändern? |
| Themen zu Gelöst aber richtig?/ LPD (GVA) Trojaner auf XP mit Verhinderung abgesicherter Systemstart |
| adobe, akamai, avg, bho, bonjour, canon, converter, einstellungen, error, esgscanner.sys, firefox, flash player, format, helper, homepage, hängen, logfile, officejet, registry, rundll, scan, security, software, starten, trojaner, virus, windows, windows xp, ändern |
Baum-Darstellung