Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.04.2010, 12:06   #1
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Hallo.
Hatte gerade folgendes "Erlebnis":
Mitten in der Arbeit, wurde von Windows gemeldet, dass prun.exe beendet werden muss.
Kurz daanch kam ein bluescreen mit der meldung, dass es ein problem mit prosync1.sys gab.

Nach einem neustart, habe ich erstmal gegooglet.
prun.exe hört sich nicht gut an, aber trotz intensiver Suche, gibt es keine prun.exe auf meinem Notebook!!!

Die prosync1.sys ist laut VirusTotal unschädlich.

hijackthis habe ich durchlaufen lassen: keine Auffälligkeiten!

Ein Scan mit AVG brachte auch keine weiteren Erkenntnisse hinsichtlich eines Trojaners o.ä.

Was war das?

U.a. war (im Hintergrund) Opera geöffnet.

Grüße

Alt 06.04.2010, 13:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Hallo,

Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!


Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________

__________________

Alt 09.04.2010, 11:08   #3
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



So, endlich Zeit gehabt die tools durchlaufen zu lassen.
CC nutze ich eh regelmäßig.
MAB hat nichts gefunden (daher hier auch keine logs) und
die logs von RSIT habe ich hier abgelegt:
hxxp://www.file-upload.net/download-2420912/rsit.zip.html

Bei hosts stehen da einige merkwürdige Anbieter, aber du kannst das sicher besser einordnen...


Grüße
__________________

Alt 09.04.2010, 11:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Poste das Log von MBAM bitte trotzdem. Und auch den Inhalt der hosts Datei.

Zitat:
System drive C: has 861 MB (1%) free of 60 GB
Laufwerk C: ist fast voll! Kann problematisch werden, der Rechner wird dadurch auch rel. langsam.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.04.2010, 11:23   #5
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Hallo.

MAB
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3960

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.04.2010 11:54:56
mbam-log-2010-04-09 (11-54-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 112369
Laufzeit: 7 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Mit "merkwürdigen hosts" meinte ich diese passage aus der RSIT-info.log:
Code:
ATTFilter
======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
         
Ich räume in der Zzwischenzeit mal ein wenig auf C auf...


Grüße


Alt 09.04.2010, 11:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Mach bitte einen Vollscan mit malwarebytes. Datenbank Update vorher machen, wir sind jetzt bei Version 3970.
__________________
--> Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht

Alt 11.04.2010, 09:16   #7
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Hallo.

Nachdem zwei Vollscanversuche jeweils einen Bluescreen verursachten (wahrscheinlich bei Zugriff auf D:/), habe ich jetzt erstmal C:/ gescannt.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.04.2010 10:08:26
mbam-log-2010-04-11 (10-08-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 204851
Laufzeit: 1 Stunde(n), 8 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Der Bluescreenfehler lautete "Kernel_Stack_Inpage_Error"
hxxp://support.microsoft.com/kb/315266/de
der 1. Parameter war 1, 2. und 3. 0 und der letzte 0xEDEF1C34.

Ich werde jetzt E:/ scannen und dann mal einen checkdisk machen.

Grüße

Alt 11.04.2010, 10:48   #8
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



MAB-Scan von E:/
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.04.2010 11:26:30
mbam-log-2010-04-11 (11-26-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (E:\|)
Durchsuchte Objekte: 138295
Laufzeit: 17 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 11.04.2010, 10:51   #9
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



und F:/
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.04.2010 11:26:30
mbam-log-2010-04-11 (11-26-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (E:\|)
Durchsuchte Objekte: 138295
Laufzeit: 17 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 11.04.2010, 15:35   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Sieht doch eigentlich gut aus. Falls da noch was ist, sehen wir das mit großer Wahrscheinlichkeit mit OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.04.2010, 07:40   #11
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Zitat:
Zitat von cosinus Beitrag anzeigen
Sieht doch eigentlich gut aus.
Nicht wirklich.
Ich habe es bisher immer noch nicht geschafft D:/ mit MAB zu scannen. Es kam immer wieder der 77-Bluescreen.
Nach chkdsk kommt nun ein neuer Bluescreen (F4).
hxxp://www.jasik.de/shutdown/stop_fehler.htm#F4

Was mich wundert, weil D:/ eine reine Datenpartition ist/sein sollte.
Auch bei "chkdsk d: /f /r" wollte er die Partition erst nach einem Reboot checken als sei es eine Systempartition...

Es sah so aus als würde das Lesen des "frets on fire"-verzeichnisses (ein guitar hero klon) den MAB-Absturz (Bluescreen) verursachen.

Das entferne ich mal und versuche es dann erneut.

Grüße

Alt 12.04.2010, 08:29   #12
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Guten Morgen nochmal.

Jetzt hat der Scan geklappt und auch auf D: hat er nichts infiziertes gefunden.


OTL:
Code:
ATTFilter
OTL logfile created on: 12.04.2010 09:08:18 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = E:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
9,00 Gb Paging File | 8,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): F:\pagefile.sys 5942 5942 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 3,04 Gb Free Space | 5,18% Space Free | Partition Type: NTFS
Drive D: | 195,32 Gb Total Space | 35,08 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 9,45 Gb Free Space | 9,67% Space Free | Partition Type: NTFS
Drive F: | 5,86 Gb Total Space | 0,02 Gb Free Space | 0,36% Space Free | Partition Type: NTFS
Drive G: | 5,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOTEBOOK
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - E:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
PRC - C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
PRC - C:\WINDOWS\system32\lxeecoms.exe ( )
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AutoHotkey\AutoHotkey.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG)
PRC - C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe (OptionNV)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Gtdetectsc.exe (OptionNV)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
PRC - C:\Program Files\Treibersoftware\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll (Cognizance Corporation)
MOD - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Nero BackItUp Scheduler 4.0) --  File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (HauppaugeTVServer) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (lxee_device) -- C:\WINDOWS\System32\lxeecoms.exe ( )
SRV - (lxeeCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe ()
SRV - (ASChannel) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (ASBroker) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (ImapiService) -- C:\WINDOWS\System32\imapihp.exe (Microsoft Corporation)
SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (PersonalSecureDriveService) -- C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (FLCDLOCK) -- C:\WINDOWS\system32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (GtFlashSwitch) -- C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe (OptionNV)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (gtdetectsc) -- C:\WINDOWS\system32\Gtdetectsc.exe (OptionNV)
SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SAllBDA) -- C:\WINDOWS\system32\drivers\TeViiSAll.sys (TeVii Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (hcw95rc) -- C:\WINDOWS\system32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\WINDOWS\system32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\GcKernel.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (scramby_out) -- C:\WINDOWS\system32\drivers\scramby_out.sys (RapidSolution Software AG)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DAMDrv) -- C:\WINDOWS\system32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (Amusbprt) -- C:\WINDOWS\system32\drivers\Amusbprt.sys (A4Tech Co.,Ltd.)
DRV - (Amfilter) -- C:\WINDOWS\system32\drivers\Amfilter.sys (A4Tech Co.,Ltd.)
DRV - (scramby) -- C:\WINDOWS\system32\drivers\scramby.sys (RapidSolution Software AG)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (bhound6) -- C:\WINDOWS\system32\DRIVERS\bhound6.sys (Perisoft)
DRV - (GTUQBUS) -- C:\WINDOWS\system32\drivers\gtuqbus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (imhidusb) -- C:\WINDOWS\system32\drivers\imhidusb.sys (Immersion Corporation)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://filesharefreak.com/2008/05/06/quickstart-guide-to-torrentflux-1-adding-managing-torrents/#comment-242575"
FF - prefs.js..extensions.enabledItems: {F7AC9EEE-E1F6-11DA-8579-52E479B26080}:0.0.4
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.7
FF - prefs.js..extensions.enabledItems: tfluxadd@dasprids.de:0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.04.09 09:27:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.21 21:40:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2009.12.17 19:51:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:45:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.05 10:32:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.05 10:32:25 | 000,000,000 | ---D | M]
 
[2009.06.26 08:42:09 | 000,000,000 | ---D | M] -- E:\Einstellungen\Administrator\Application Data\Mozilla\Extensions
[2010.04.12 06:47:07 | 000,000,000 | ---D | M] -- E:\Einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\extensions
[2009.09.02 07:31:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.16 16:13:40 | 000,000,000 | ---D | M] (Integrated Gmail) -- E:\Einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010.01.27 22:40:43 | 000,000,000 | ---D | M] (Gmail Manager) -- E:\Einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009.12.30 13:58:15 | 000,000,000 | ---D | M] (ReloadEvery) -- E:\Einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.02.06 10:28:07 | 000,000,000 | ---D | M] (gTranslate) -- E:\Einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010.02.03 16:38:37 | 000,000,000 | ---D | M] (Cite Bite) -- E:\Einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\extensions\{F7AC9EEE-E1F6-11DA-8579-52E479B26080}
[2010.04.05 10:40:37 | 000,000,000 | ---D | M] -- E:\Einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\extensions\tfluxadd@dasprids.de
[2010.04.12 09:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.08 23:56:02 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.02.22 16:54:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.22 16:54:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.22 16:54:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.22 16:54:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.22 16:54:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.04.13 19:32:58 | 000,312,232 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 10750 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\www\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\essentials\pdf\adobe reader9\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Treibersoftware\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: E:\Einstellungen\Administrator\Start Menu\Programs\Startup\ac'tivAid.lnk = C:\Program Files\OS\Windows\ac'tivAid\ac'tivAid.ahk ()
O4 - Startup: E:\Einstellungen\Administrator\Start Menu\Programs\Startup\AllNetic Working Time Tracker.lnk = C:\Program Files\AllNetic Working Time Tracker\WorkingTimeTracker.exe File not found
O4 - Startup: E:\Einstellungen\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: E:\Einstellungen\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: E:\Einstellungen\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 1729136739
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\www\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\www\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\www\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\www\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\essentials\pdf\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_18-windows-i586.cab (Java Plug-in 1.5.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "E:\EINSTELLUNGEN\ADMINISTRATOR\DESKTOP\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.24 12:18:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.09.18 20:06:26 | 000,000,053 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.09.04 08:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - G:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.09.04 08:10:21 | 000,000,047 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{199e6e21-2850-11de-81e3-0016d448db6b}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O33 - MountPoints2\{28e91302-22a3-11df-b1c9-0018de5a6fff}\Shell - "" = AutoRun
O33 - MountPoints2\{28e91302-22a3-11df-b1c9-0018de5a6fff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28e91302-22a3-11df-b1c9-0018de5a6fff}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4b5f1c26-1f8b-11df-b1c2-0018de5a6fff}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{4b5f1c26-1f8b-11df-b1c2-0018de5a6fff}\Shell\linuxlive\command - "" = K:\VirtualBox\Virtualize_This_Key.exe -- File not found
O33 - MountPoints2\{4b5f1c26-1f8b-11df-b1c2-0018de5a6fff}\Shell\linuxlive2\command - "" = K:\VirtualBox\VirtualBox.exe -- File not found
O33 - MountPoints2\{9392d56d-f137-11de-b12f-001641c687bb}\Shell - "" = AutoRun
O33 - MountPoints2\{9392d56d-f137-11de-b12f-001641c687bb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9392d56d-f137-11de-b12f-001641c687bb}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e72a0b4b-5bcf-11de-8eda-001641c687bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e72a0b4b-5bcf-11de-8eda-001641c687bb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e72a0b4b-5bcf-11de-8eda-001641c687bb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- [2009.09.04 08:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.09 11:57:13 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.09 11:45:54 | 000,000,000 | RH-D | C] -- E:\Einstellungen\Administrator\Recent
[2010.04.09 09:29:49 | 000,000,000 | -H-D | C] -- E:\$AVG
[2010.04.09 09:29:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.04.09 09:28:00 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.04.09 09:26:15 | 000,000,000 | ---D | C] -- E:\Einstellungen\All Users\Application Data\avg9
[2010.04.09 09:18:21 | 000,000,000 | --SD | M] -- E:\Einstellungen\NetworkService\Application Data\Microsoft
[2010.04.09 09:18:21 | 000,000,000 | --SD | M] -- E:\Einstellungen\LocalService\Application Data\Microsoft
[2010.04.09 09:18:21 | 000,000,000 | ---D | M] -- E:\Einstellungen\NetworkService\Local Settings\Application Data\Microsoft
[2010.04.08 13:17:22 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\boracker
[2010.04.08 09:29:07 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\Windows PORTABLE
[2010.04.07 17:57:55 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\20091202-05
[2010.04.07 12:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010.04.07 12:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010.04.06 17:03:59 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Application Data\Malwarebytes
[2010.04.06 17:03:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.06 17:03:45 | 000,000,000 | ---D | C] -- E:\Einstellungen\All Users\Application Data\Malwarebytes
[2010.04.06 17:03:44 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.06 17:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.04 09:10:39 | 030,590,439 | ---- | C] (Team MediaPortal) -- E:\Einstellungen\Administrator\Desktop\MediaPortal_1.0.2_Setup.exe
[2010.04.03 11:20:56 | 000,250,368 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2010.04.03 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.04.02 12:26:49 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\burghard
[2010.03.30 10:04:24 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Local Settings\Application Data\Apps
[2010.03.29 20:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Cave Story Deluxe
[2010.03.28 16:39:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2010.03.28 16:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\TIVistadriver
[2010.03.28 16:33:32 | 000,000,000 | ---D | C] -- C:\SoftPaqDownloadDirectory
[2010.03.27 19:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\UltraStar Deluxe
[2010.03.24 21:47:01 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Local Settings\Application Data\Zattoo
[2010.03.24 21:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Zattoo4
[2010.03.24 16:48:16 | 000,000,000 | ---D | C] -- C:\skpro
[2010.03.22 08:24:03 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\VIDEO
[2010.03.22 08:23:50 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\FOTOS
[2010.03.21 01:42:47 | 000,000,000 | ---D | C] -- E:\Einstellungen\All Users\Application Data\RapidSolution
[2010.03.21 01:42:07 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Local Settings\Application Data\Scramby Recordings
[2010.03.20 09:42:03 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\PC-WELT_Sonderheft_Linux_1-2010
[2010.03.19 14:54:02 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\Vorstellungsgespräche-Ablauf eines Vorstellungsgesprächs
[2010.03.19 14:46:13 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Desktop\Deutsch__v1.27
[2010.03.18 12:24:19 | 000,000,000 | ---D | C] -- E:\Einstellungen\Administrator\Local Settings\Application Data\Mirillis
[2010.03.18 12:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mirillis
[2010.03.18 12:19:45 | 000,000,000 | R--D | C] -- E:\My Videos
[2010.03.18 12:14:45 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.03.18 12:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010.02.08 16:36:00 | 000,000,000 | ---D | M] -- E:\Einstellungen\NetworkService\Local Settings\Application Data\Google
[2010.02.08 14:14:20 | 000,000,000 | ---D | M] -- E:\Einstellungen\LocalService\Local Settings\Application Data\Google
[2010.02.08 13:11:21 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoin.dll
[2010.02.08 13:09:13 | 000,446,464 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEEhcp.dll
[2010.02.08 13:09:12 | 001,052,672 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeserv.dll
[2010.02.08 13:09:12 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeusb1.dll
[2010.02.08 13:09:12 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeinpa.dll
[2010.02.08 13:09:12 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeiesc.dll
[2010.02.08 13:09:11 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeepmui.dll
[2010.02.08 13:09:11 | 000,581,632 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeelmpm.dll
[2010.02.08 13:09:10 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeehbn3.dll
[2010.02.08 13:09:09 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomc.dll
[2010.02.08 13:09:09 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomm.dll
[2009.12.22 11:30:46 | 000,000,000 | ---D | M] -- E:\Einstellungen\LocalService\Application Data\Vodafone
[2009.12.03 10:26:12 | 000,000,000 | ---D | M] -- E:\Einstellungen\LocalService\Local Settings\Application Data\Microsoft
[2009.09.10 22:27:40 | 000,000,000 | ---D | M] -- E:\Einstellungen\LocalService\Application Data\hpqLog
[2009.07.25 13:23:00 | 000,000,000 | ---D | M] -- E:\Einstellungen\NetworkService\Local Settings\Application Data\Apple
[2009.07.06 21:51:46 | 000,000,000 | ---D | M] -- E:\Einstellungen\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2009.04.15 11:45:28 | 000,000,000 | ---D | M] -- E:\Einstellungen\NetworkService\Application Data\Bytemobile
[2009.04.14 16:17:40 | 000,000,000 | ---D | M] -- E:\Einstellungen\LocalService\Local Settings\Application Data\Adobe
[2009.04.13 19:20:09 | 000,000,000 | ---D | M] -- E:\Einstellungen\NetworkService\Application Data\Intel
[2009.04.13 19:20:09 | 000,000,000 | ---D | M] -- E:\Einstellungen\LocalService\Application Data\Intel
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.12 09:05:44 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vimihtv.sys
[2010.04.12 08:46:00 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.12 08:24:13 | 058,823,525 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.04.12 08:18:20 | 000,619,411 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010.04.12 08:17:55 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.12 08:17:51 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.12 08:16:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.12 08:16:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.12 08:16:28 | 3623,276,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.12 07:03:39 | 015,728,640 | -H-- | M] () -- E:\Einstellungen\Administrator\NTUSER.DAT
[2010.04.11 21:32:01 | 000,619,411 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.04.11 19:21:56 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE7F6289-B397-4C12-BC77-67D676BF42C6}.job
[2010.04.11 10:52:36 | 000,000,600 | ---- | M] () -- E:\Einstellungen\Administrator\Application Data\winscp.rnd
[2010.04.10 18:24:56 | 000,000,600 | ---- | M] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\PUTTY.RND
[2010.04.10 16:03:21 | 000,001,773 | ---- | M] () -- E:\Einstellungen\All Users\Desktop\Steuer-Spar-Erklärung Plus 2010.lnk
[2010.04.10 15:09:05 | 000,059,392 | ---- | M] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.10 11:54:46 | 005,919,574 | -H-- | M] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\IconCache.db
[2010.04.10 00:37:04 | 000,002,115 | ---- | M] () -- E:\Einstellungen\All Users\Desktop\Steam.lnk
[2010.04.09 12:12:04 | 000,000,000 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\httpwww.file-upload.netdelete-2420912jrsxbs.html
[2010.04.09 09:29:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.04.09 09:29:14 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.04.09 09:29:09 | 000,001,423 | ---- | M] () -- E:\Einstellungen\All Users\Desktop\AVG Free 9.0.lnk
[2010.04.09 09:29:08 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.04.09 09:29:07 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.04.09 09:28:02 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.04.08 13:16:37 | 000,004,427 | ---- | M] () -- C:\WINDOWS\SiteMasterPro.ini
[2010.04.08 10:51:59 | 000,002,828 | -HS- | M] () -- E:\Einstellungen\All Users\Application Data\KGyGaAvL.sys
[2010.04.07 21:43:05 | 000,001,687 | ---- | M] () -- E:\Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.07 15:33:45 | 000,421,330 | ---- | M] () -- E:\ScreenShot 003 Punktübersicht.pdf - Nitro PDF Professional.png
[2010.04.07 15:32:48 | 000,139,238 | ---- | M] () -- E:\ScreenShot 002 .png
[2010.04.06 17:03:50 | 000,000,578 | ---- | M] () -- E:\Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.04 16:49:29 | 001,657,811 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\WorkoutA Week1.pdf
[2010.04.04 09:12:06 | 030,590,439 | ---- | M] (Team MediaPortal) -- E:\Einstellungen\Administrator\Desktop\MediaPortal_1.0.2_Setup.exe
[2010.04.03 11:15:51 | 000,050,018 | ---- | M] () -- E:\ScreenShot 001 My Computer.png
[2010.04.03 11:06:30 | 000,001,612 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\HijackThis.lnk
[2010.03.31 10:45:32 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010.03.30 10:04:25 | 000,002,550 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\USB DVD-Downloadtool für Windows 7.lnk
[2010.03.29 20:02:23 | 000,000,733 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\Play Cave Story.lnk
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.28 10:05:25 | 000,542,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 10:05:25 | 000,456,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 10:05:25 | 000,075,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.25 23:06:28 | 000,089,617 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\YADE 5.1 ZOOM.pdf
[2010.03.25 19:44:13 | 000,001,653 | ---- | M] () -- E:\Einstellungen\Administrator\Start Menu\Programs\Startup\ac'tivAid.lnk
[2010.03.25 12:03:43 | 000,000,512 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\carstensen.bat
[2010.03.24 21:57:47 | 000,115,903 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\g2v_log_03242057.7z
[2010.03.24 21:48:25 | 000,019,456 | ---- | M] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\WebpageIcons.db
[2010.03.24 21:46:55 | 000,001,447 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\Zattoo.lnk
[2010.03.24 21:46:37 | 016,322,960 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\Zattoo-4.0.4.exe
[2010.03.23 20:17:19 | 000,000,514 | ---- | M] () -- E:\Einstellungen\All Users\Desktop\Opera.lnk
[2010.03.21 12:04:31 | 000,001,382 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\WinSCP.lnk
[2010.03.21 11:34:35 | 000,129,773 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\g2v_log_03211034.7z
[2010.03.21 02:24:41 | 000,002,177 | ---- | M] () -- E:\Einstellungen\All Users\Desktop\Skype.lnk
[2010.03.19 14:53:44 | 000,000,000 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\Tim Mälzer - Born To Cook - Schmeckt nicht gibts nicht.pdf
[2010.03.18 16:26:44 | 000,217,397 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\vorabzug-protokolle-randfugen.pdf
[2010.03.18 12:14:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.03.18 12:14:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.03.18 12:14:22 | 000,000,813 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.15 13:14:12 | 000,126,443 | ---- | M] () -- E:\Einstellungen\Administrator\Desktop\Luftbild.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.12 09:05:44 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vimihtv.sys
[2010.04.09 12:12:04 | 000,000,000 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\httpwww.file-upload.netdelete-2420912jrsxbs.html
[2010.04.09 09:29:09 | 000,001,423 | ---- | C] () -- E:\Einstellungen\All Users\Desktop\AVG Free 9.0.lnk
[2010.04.07 21:43:05 | 000,001,687 | ---- | C] () -- E:\Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.07 15:33:44 | 000,421,330 | ---- | C] () -- E:\ScreenShot 003 Punktübersicht.pdf - Nitro PDF Professional.png
[2010.04.07 15:32:48 | 000,139,238 | ---- | C] () -- E:\ScreenShot 002 .png
[2010.04.06 17:03:50 | 000,000,578 | ---- | C] () -- E:\Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.06 12:10:00 | 000,012,258 | ---- | C] () -- E:\Einstellungen\Administrator\hs_err_pid2548.log
[2010.04.04 16:49:20 | 001,657,811 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\WorkoutA Week1.pdf
[2010.04.03 11:15:51 | 000,050,018 | ---- | C] () -- E:\ScreenShot 001 My Computer.png
[2010.04.03 11:06:30 | 000,001,612 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\HijackThis.lnk
[2010.04.01 11:38:21 | 000,014,022 | ---- | C] () -- E:\Einstellungen\Administrator\hs_err_pid5724.log
[2010.03.30 10:04:25 | 000,002,550 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\USB DVD-Downloadtool für Windows 7.lnk
[2010.03.29 20:02:23 | 000,000,733 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\Play Cave Story.lnk
[2010.03.25 23:04:51 | 000,089,617 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\YADE 5.1 ZOOM.pdf
[2010.03.25 19:13:45 | 000,001,653 | ---- | C] () -- E:\Einstellungen\Administrator\Start Menu\Programs\Startup\ac'tivAid.lnk
[2010.03.25 18:25:42 | 000,000,000 | ---- | C] () -- E:\Einstellungen\All Users\LxWbGwLog.log
[2010.03.25 18:25:42 | 000,000,000 | ---- | C] () -- E:\Einstellungen\All Users\cmn_upld.log
[2010.03.25 12:02:17 | 000,000,512 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\carstensen.bat
[2010.03.24 21:58:43 | 000,115,903 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\g2v_log_03242057.7z
[2010.03.24 21:47:00 | 000,019,456 | ---- | C] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\WebpageIcons.db
[2010.03.24 21:46:55 | 000,001,447 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\Zattoo.lnk
[2010.03.24 21:46:20 | 016,322,960 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\Zattoo-4.0.4.exe
[2010.03.21 11:34:57 | 000,129,773 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\g2v_log_03211034.7z
[2010.03.19 14:53:44 | 000,000,000 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\Tim Mälzer - Born To Cook - Schmeckt nicht gibts nicht.pdf
[2010.03.18 16:26:40 | 000,217,397 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\vorabzug-protokolle-randfugen.pdf
[2010.03.15 13:14:12 | 000,126,443 | ---- | C] () -- E:\Einstellungen\Administrator\Desktop\Luftbild.jpg
[2010.02.08 13:34:21 | 000,002,040 | ---- | C] () -- E:\Einstellungen\All Users\lxeeJSW.log
[2010.02.08 13:24:49 | 000,000,252 | ---- | C] () -- E:\Einstellungen\All Users\FastPics.log
[2010.02.08 13:12:45 | 000,287,434 | ---- | C] () -- E:\Einstellungen\All Users\lxee.log
[2010.02.08 13:11:51 | 000,054,279 | ---- | C] () -- E:\Einstellungen\All Users\lxeescan.log
[2010.02.08 13:11:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeevs.dll
[2010.02.08 13:11:13 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxeegcfg.dll
[2010.02.08 13:11:12 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeecui.dll
[2010.02.08 13:11:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeecuir.dll
[2010.02.08 13:09:25 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxeerwrd.ini
[2010.02.08 13:09:13 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEEinst.dll
[2010.02.08 13:09:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeejswr.dll
[2010.02.08 13:09:10 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeeins.dll
[2010.02.08 13:09:10 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsb.dll
[2010.02.08 13:09:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsr.dll
[2010.02.08 13:09:09 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeecu.dll
[2010.02.08 13:09:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeegrd.dll
[2010.02.08 13:09:09 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeecub.dll
[2010.02.08 13:09:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeecur.dll
[2010.02.08 13:08:36 | 000,000,000 | ---- | C] () -- E:\Einstellungen\All Users\UpdaterLog.txt
[2010.02.08 13:06:16 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\LXEEsmr.dll
[2010.02.08 13:06:15 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEEsm.dll
[2010.01.23 14:18:54 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010.01.23 14:18:54 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010.01.23 14:18:54 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010.01.22 16:17:02 | 000,288,828 | ---- | C] () -- E:\Einstellungen\Administrator\g2v_log_01221513.7z
[2009.12.25 12:00:20 | 000,000,122 | ---- | C] () -- E:\Einstellungen\Administrator\connlog.txt
[2009.12.15 14:32:17 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tmimlaun.dll
[2009.11.30 11:43:25 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.11.13 17:36:48 | 000,000,760 | ---- | C] () -- E:\Einstellungen\Administrator\Application Data\setup_ldm.iss
[2009.10.15 11:12:14 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.09.30 22:10:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HCWxds.dll
[2009.08.11 11:09:37 | 000,012,968 | ---- | C] () -- E:\Einstellungen\Administrator\Application Data\Kommagetrennte Werte (Windows).CAL
[2009.08.11 10:59:35 | 000,038,436 | ---- | C] () -- E:\Einstellungen\Administrator\Application Data\Kommagetrennte Werte (Windows).ADR
[2009.08.10 19:23:31 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.08.10 19:23:31 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.08.10 19:23:31 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.08.10 19:23:31 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009.08.10 19:23:30 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.08.02 15:52:52 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.06.23 08:31:22 | 000,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.06.11 21:54:18 | 000,004,427 | ---- | C] () -- C:\WINDOWS\SiteMasterPro.ini
[2009.05.27 13:56:42 | 000,508,200 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009.05.25 15:10:00 | 000,000,228 | ---- | C] () -- E:\Einstellungen\All Users\Application Data\hpzinstall.log
[2009.05.25 11:40:19 | 000,000,600 | ---- | C] () -- E:\Einstellungen\Administrator\Application Data\PUTTY.RND
[2009.05.19 22:24:33 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.05.19 10:18:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009.05.19 10:18:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009.05.19 10:18:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009.05.19 10:18:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009.05.19 10:18:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009.05.19 10:18:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009.05.16 20:52:24 | 000,000,000 | ---- | C] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\FnF4.txt
[2009.05.06 12:39:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2009.05.06 12:39:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL
[2009.05.06 12:39:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2009.05.06 12:38:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2009.05.04 14:59:18 | 000,002,528 | ---- | C] () -- E:\Einstellungen\Administrator\Application Data\$_hpcst$.hpc
[2009.04.26 16:41:06 | 000,000,291 | ---- | C] () -- E:\Einstellungen\Administrator\.vdr_channeleditor_local.properties
[2009.04.19 09:42:23 | 000,000,008 | RHS- | C] () -- E:\Einstellungen\All Users\Application Data\CCBC241166.sys
[2009.04.19 09:42:20 | 000,002,828 | -HS- | C] () -- E:\Einstellungen\All Users\Application Data\KGyGaAvL.sys
[2009.04.17 16:38:35 | 000,000,600 | ---- | C] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\PUTTY.RND
[2009.04.16 10:17:31 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2009.04.15 11:45:22 | 000,000,057 | ---- | C] () -- C:\WINDOWS\init.ini
[2009.04.14 22:54:19 | 000,059,392 | ---- | C] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.14 22:42:05 | 000,033,879 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.04.14 22:41:00 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.14 22:39:55 | 000,013,866 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009.04.14 22:38:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.04.14 08:39:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2009.04.14 07:32:36 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.04.14 07:25:39 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.04.13 20:24:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll
[2009.04.13 20:20:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[2009.04.13 19:26:12 | 000,000,000 | ---- | C] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\QSwitch.txt
[2009.04.13 19:26:12 | 000,000,000 | ---- | C] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\DSwitch.txt
[2009.04.13 19:26:12 | 000,000,000 | ---- | C] () -- E:\Einstellungen\Administrator\Local Settings\Application Data\AtStart.txt
[2009.04.13 19:08:52 | 015,728,640 | -H-- | C] () -- E:\Einstellungen\Administrator\NTUSER.DAT
[2009.04.13 19:08:52 | 000,001,024 | -H-- | C] () -- E:\Einstellungen\Administrator\ntuser.dat.LOG
[2009.04.13 19:08:52 | 000,000,178 | -HS- | C] () -- E:\Einstellungen\Administrator\ntuser.ini
[2009.04.13 18:07:20 | 000,000,600 | ---- | C] () -- E:\Einstellungen\Administrator\Application Data\winscp.rnd
[2009.03.16 17:21:42 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\RagTimeSearch.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007.11.06 22:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.09.27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007.08.08 18:54:10 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2006.02.15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2002.05.15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.06.27 13:53:40 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001.06.27 13:53:40 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> E:\Einstellungen\All Users\Application Data\TEMP:9FF7C773
@Alternate Data Stream - 115 bytes -> E:\Einstellungen\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 112 bytes -> E:\Einstellungen\All Users\Application Data\TEMP:C895616B
< End of report >
         

Alt 12.04.2010, 08:30   #13
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



...und die Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 12.04.2010 09:08:18 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = E:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
9,00 Gb Paging File | 8,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): F:\pagefile.sys 5942 5942 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 3,04 Gb Free Space | 5,18% Space Free | Partition Type: NTFS
Drive D: | 195,32 Gb Total Space | 35,08 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 9,45 Gb Free Space | 9,67% Space Free | Partition Type: NTFS
Drive F: | 5,86 Gb Total Space | 0,02 Gb Free Space | 0,36% Space Free | Partition Type: NTFS
Drive G: | 5,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOTEBOOK
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\www\Free Download Manager\fdm.exe" = C:\Program Files\www\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG)
"C:\Program Files\kommunikation\X-Lite\x-lite.exe" = C:\Program Files\kommunikation\X-Lite\x-lite.exe:*:Enabled:X-Lite -- ()
"C:\Program Files\Treibersoftware\UMTS-Karte\Communication Center\AutoUpdateSrv.exe" = C:\Program Files\Treibersoftware\UMTS-Karte\Communication Center\AutoUpdateSrv.exe:*:Disabled:AutoUpdateSrv Application -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- File not found
"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\games\Left 4 Dead\hl2.exe" = C:\Program Files\games\Left 4 Dead\hl2.exe:*:Enabled:hl2 -- File not found
"E:\Einstellungen\Administrator\Desktop\UrbanTerror\ioUrbanTerror.exe" = E:\Einstellungen\Administrator\Desktop\UrbanTerror\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror -- File not found
"E:\Einstellungen\Administrator\Desktop\links\UrbanTerror\ioUrbanTerror.exe" = E:\Einstellungen\Administrator\Desktop\links\UrbanTerror\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror -- File not found
"C:\Program Files\Common Files\XPressUpdate\XPressUpdate.exe" = C:\Program Files\Common Files\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate -- (PixelPlanet GmbH)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Steam\SteamApps\jcc@arcor.de\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\jcc@arcor.de\team fortress 2\hl2.exe:*:Disabled:hl2 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process  -- (Nokia Corporation)
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2.exe" = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2 -- ()
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe" = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2 Dedicated Server -- ()
"D:\programme per hand\Gears of War\G.o.W (ToeD) ...use 7zip ONLY (extract to...)\Gears of War\Binaries\WarGame-G4WLive.exe" = D:\programme per hand\Gears of War\G.o.W (ToeD) ...use 7zip ONLY (extract to...)\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War -- File not found
"D:\downloads\games\pc\Batman.Arkham.Asylum.FullRip-KaOs\Binaries\ShippingPC-BmGame.exe" = D:\downloads\games\pc\Batman.Arkham.Asylum.FullRip-KaOs\Binaries\ShippingPC-BmGame.exe:*:Enabled:BmGame -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\SteamApps\common\trackmania nations forever\TmForever.exe" = C:\Program Files\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Program Files\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"C:\Program Files\Steam\SteamApps\common\swkotor\swkotor.exe" = C:\Program Files\Steam\SteamApps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- (BioWare Corp.)
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Program Files\RagTime Privat\RagTime 5.exe" = C:\Program Files\RagTime Privat\RagTime 5.exe:*:Disabled:Das Werkzeug zur professionellen Dokumentenbearbeitung. -- File not found
"C:\Program Files\Steam\SteamApps\common\psychonauts\PsychoLauncher.exe" = C:\Program Files\Steam\SteamApps\common\psychonauts\PsychoLauncher.exe:*:Enabled:Psychonauts -- (Double Fine Productions, Inc.)
"C:\Program Files\RagTime 6.5\Win32\RagTime 6.5.exe" = C:\Program Files\RagTime 6.5\Win32\RagTime 6.5.exe:*:Enabled:RagTime 6 -- (RagTime.de Development GmbH)
"C:\WINDOWS\system32\lxeecoms.exe" = C:\WINDOWS\system32\lxeecoms.exe:*:Enabled:Pro700 Series Server -- ( )
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{01161F64-6897-4885-93A0-A9F7BE9A4253}" = hp psc 1100 series
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools 5.00 D4
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{08562160-8047-4E07-9CCE-87925797E357}" = Splash Lite
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31FF2EC1-32FB-4BB4-98AC-6C6743522738}" = Tenado Zeichner
"{3248F0A8-6813-11D6-A77B-00B0D0150180}" = J2SE Runtime Environment 5.0 Update 18
"{32A3A4F4-B792-11D6-A78A-00B0D0150180}" = J2SE Development Kit 5.0 Update 18
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis True Image
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{6FC6B625-B3A9-3A0A-E8A0-27059C97FA49}" = Focus Booster
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C17AC9-80CF-4E9D-AFCA-336A1CB7B5ED}" = USB/DVD-Downloadtool für Windows 7
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{7B73C666-BEFF-4F97-997A-9F995A4C0879}" = Embedded Security for HP ProtectTools
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{82436073-5B66-4DD4-A815-437244503120}" = Steuer-Spar-Erklärung Plus 2010
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EDE9B5-6B8B-4EFD-A649-DD94E1671704}" = Thrustmaster Force Feedback Racing Wheel Drivers
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{99591F66-BBF6-4CC7-BC7C-8BB488BD2F9A}" = RagTime 6.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7B20F4-6504-47FB-A061-308840E175D8}" = Nitro PDF Professional
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADAF3EC2-8441-44C2-B380-419F7ECBD6A1}" = PowerCAD SiteMaster Pro 3 XP
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 E1
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BB3B4056-4539-485E-A996-3B52480AA4B7}" = GT HSDPA driver installer
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner
"{C704F3DB-2852-4169-A053-9721027AADFA}" = M3 SAKURA V1.44 Global (GAME PATCH V4.6X)
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and Free Tools
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E3FB8162-F584-4954-B7CF-180099F43F06}" = gSyncit
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF702322-B623-4B6A-B41D-411725582043}_is1" = Easy2Sync für Outlook 3.xx
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F85C46E0-FA2D-11D7-B525-0002B327CE65}" = Bosch DLE 150
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF495A24-41E2-4F8A-AEDF-254AD2EABCDA}" = mdPROJECTTIMER Standard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem  (06/01/2009 7.01.0.4)
"ac'tivAid" = ac'tivAid v1.3.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Anti-Twin 2009-07-16 20.37.37" = Anti-Twin (Installation 16.07.2009)
"ATITool" = ATITool Overclocking Utility
"Audacity_is1" = Audacity 1.2.6
"AutoCAD R14.0 - Deutsch Deinstaller" = AutoCAD R14.0 - Deutsch
"AutoHotkey" = AutoHotkey 1.0.47.06
"AVG9Uninstall" = AVG Free 9.0
"BDE501" = BDE501
"Cave Story Deluxe" = Cave Story Deluxe
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1" = Focus Booster
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 4.1.1 Professional
"Efficasoft GPS Utilities for Windows Mobile" = Efficasoft GPS Utilities for Windows Mobile
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FileZilla Client" = FileZilla Client 3.2.4.1
"Foxit Reader" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.0
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"Hamachi" = Hamachi 1.0.1.5
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HP PSC 1100 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1100 series
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"LiveUSB Creator" = LiveUSB Creator (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mdPROJECTTIMER Standard" = mdPROJECTTIMER Standard
"MediaMonkey_is1" = MediaMonkey 3.1
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"Novatel_700_800_PCCardInstaller" = Novatel 700/800 driver
"NVIDIA Drivers" = NVIDIA Drivers
"OptionHsdpaGTMax72ExpressInstaller" = Option HSDPA GTMax 7.2 Express Card driver
"OptionPCCardInstaller" = Option PC Cards driver package
"OptionPluss_PCCardInstaller" = Option GT HSDPA driver suite
"Outlook Duplicates Remover 5.0" = Outlook Duplicates Remover 5.0
"PDFAnnotator_is1" = PDF Annotator 2.0.0.250
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"ProgDVB" = ProgDVB
"ProInst" = Intel(R) PROSet/Wireless Software
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RF_DRT" = RF Desktop Re-pairing Tool v1.0.0903
"sem_GCXX" = Sony Ericsson GCXX (75/79/82/83/85/89)
"Shockwave" = Shockwave
"sl.GameLauncher" = sl.GameLauncher
"ST6UNST #1" = Holzstabbemessung Version 1.8
"Steam App 11020" = TrackMania Nations Forever
"Steam App 220" = Half-Life 2
"Steam App 32370" = Star Wars: Knights of The Old Republic
"Steam App 3830" = Psychonauts
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TIPP-Kurs" = TIPP-Kurs
"UltraStar Deluxe" = UltraStar Deluxe
"VB Runtime" = VB Runtime
"VB5CCE" = Visual Basic 5.0 Control Creation Edition
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"winscp3_is1" = WinSCP 4.2.7
"Wireshark" = Wireshark 1.0.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"X-Lite 1.5_is1" = X-Lite 3.0
"XnView_is1" = XnView 1.97
"xp-AntiSpy" = xp-AntiSpy 3.97-3
"YadeZoom" = YadeZoom
"Zattoo4" = Zattoo4 4.0.4
"Z-defragRAM" = Z-defragRAM
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2010 15:28:50 | Computer Name = NOTEBOOK | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8001010d).
 
Error - 09.04.2010 03:46:05 | Computer Name = NOTEBOOK | Source = Google Update | ID = 20
Description = 
 
Error - 09.04.2010 08:20:10 | Computer Name = NOTEBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <E:\EINSTELLUNGEN\ADMINISTRATOR\RECENT\INFO.TXT.LNK> in 
the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	A
 device attached to the system is not functioning.   (0x8007001f) 
 
Error - 09.04.2010 08:20:10 | Computer Name = NOTEBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <E:\EINSTELLUNGEN\ADMINISTRATOR\RECENT\RSIT.LNK> in the 
hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:  A device
 attached to the system is not functioning.   (0x8007001f) 
 
Error - 09.04.2010 18:44:51 | Computer Name = NOTEBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <E:\EINSTELLUNGEN\ALL USERS\DOCUMENTS\WINTV\CHANNEL DATABASE\HCWCHANDB_5.LDB>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	A
 device attached to the system is not functioning.   (0x8007001f) 
 
Error - 10.04.2010 03:46:05 | Computer Name = NOTEBOOK | Source = Google Update | ID = 20
Description = 
 
Error - 10.04.2010 10:06:43 | Computer Name = NOTEBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <E:\STEUERFÄLLE\JCC2010.GEWERFASS2010_TEMP> in the hash 
map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:  A device
 attached to the system is not functioning.   (0x8007001f) 
 
Error - 11.04.2010 04:18:45 | Computer Name = NOTEBOOK | Source = Windows Search Service | ID = 3079
Description = Notifications for the volume e:\ are not active.   Context: Windows 
Application  Details:  The device is not ready.   (0x80070015) 
 
Error - 11.04.2010 05:42:18 | Computer Name = NOTEBOOK | Source = Windows Search Service | ID = 3010
Description = The transaction cannot be appended to the queue. File: E:\Einstellungen\All
 Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy69.gthr.

Context:
  Application, SystemIndex Catalog  Details:  The device is not ready.   (0x80070015)

 
Error - 12.04.2010 01:02:39 | Computer Name = NOTEBOOK | Source = Windows Search Service | ID = 3079
Description = Notifications for the volume d:\ are not active.   Context: Windows 
Application  Details:  The device is not ready.   (0x80070015) 
 
[ Credential Manager Events ]
Error - 08.01.2010 19:08:48 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 11.01.2010 12:51:31 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 12.01.2010 10:14:24 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Fingerprints   Error: (0xC5161003) The requested biometrics operation could not 
be successfully completed.
 
Error - 13.01.2010 06:18:05 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 13.01.2010 06:18:22 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 14.01.2010 02:39:52 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 18.01.2010 09:11:27 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 20.01.2010 12:31:15 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 20.01.2010 12:50:44 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Fingerprints   Error: (0xC5161001) The fingerprints provided do not match.
 
Error - 01.03.2010 12:29:38 | Computer Name = NOTEBOOK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Administrator@PRIVAT-5B2D05FC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
[ ODiag Events ]
Error - 14.10.2009 15:03:30 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kgl. Error code: N/A
 
[ OSession Events ]
Error - 20.10.2009 10:42:12 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6224
 seconds with 3240 seconds of active time.  This session ended with a crash.
 
Error - 21.10.2009 03:14:29 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1720
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 28.10.2009 08:35:07 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20404
 seconds with 2400 seconds of active time.  This session ended with a crash.
 
Error - 29.10.2009 15:40:56 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7320
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 30.10.2009 10:20:16 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 05.11.2009 13:24:38 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23291
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 06.11.2009 16:23:44 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 710
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 09.11.2009 07:06:41 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 526
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 09.12.2009 14:23:48 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18559
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 24.03.2010 12:26:46 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6700
 seconds with 3060 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.04.2010 00:35:12 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The lxeeCATSCustConnectService service failed to start due to the 
following error:   %%1053
 
Error - 12.04.2010 00:35:12 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
 following error:   %%2
 
Error - 12.04.2010 02:03:14 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService
 service to connect.
 
Error - 12.04.2010 02:03:14 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The lxeeCATSCustConnectService service failed to start due to the 
following error:   %%1053
 
Error - 12.04.2010 02:03:14 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
 following error:   %%2
 
Error - 12.04.2010 02:13:25 | Computer Name = NOTEBOOK | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 12.04.2010 02:17:02 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService
 service to connect.
 
Error - 12.04.2010 02:17:02 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The lxeeCATSCustConnectService service failed to start due to the 
following error:   %%1053
 
Error - 12.04.2010 02:17:02 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
 following error:   %%2
 
Error - 12.04.2010 02:39:36 | Computer Name = NOTEBOOK | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
 while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'.  It has
 stopped monitoring the volume.
 
 
< End of report >
         
Und, was meinst du?

Alt 12.04.2010, 09:21   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Zitat:
C:\WINDOWS\System32\drivers\vimihtv.sys
Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.04.2010, 10:54   #15
champpain
 
Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Standard

Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht



Hallo Arne,
ein Dienst (esafe) meint es wäre schädlich:
Zitat:
a-squared 4.5.0.50 2010.04.12 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.57 2010.04.12 -
Antiy-AVL 2.0.3.7 2010.04.12 -
Authentium 5.2.0.5 2010.04.12 -
Avast 4.8.1351.0 2010.04.12 -
Avast5 5.0.332.0 2010.04.12 -
AVG 9.0.0.787 2010.04.11 -
BitDefender 7.2 2010.04.12 -
CAT-QuickHeal 10.00 2010.04.12 -
ClamAV 0.96.0.3-git 2010.04.12 -
Comodo 4575 2010.04.12 -
DrWeb 5.0.2.03300 2010.04.12 -
eSafe 7.0.17.0 2010.04.11 Win32.TrojanHorse
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.12 -
F-Secure 9.0.15370.0 2010.04.12 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.12 -
Ikarus T3.1.1.80.0 2010.04.12 -
Jiangmin 13.0.900 2010.04.12 -
Kaspersky 7.0.0.125 2010.04.12 -
McAfee-GW-Edition 6.8.5 2010.04.12 -
Microsoft 1.5605 2010.04.12 -
NOD32 5020 2010.04.12 -
Norman 6.04.11 2010.04.12 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.11 -
PCTools 7.0.3.5 2010.04.12 -
Prevx 3.0 2010.04.12 -
Rising 22.43.00.04 2010.04.12 -
Sophos 4.52.0 2010.04.12 -
Sunbelt 6166 2010.04.12 -
Symantec 20091.2.0.41 2010.04.12 -
TheHacker 6.5.2.0.259 2010.04.12 -
TrendMicro 9.120.0.1004 2010.04.12 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.12.2271 2010.04.12 -
VirusBuster 5.0.27.0 2010.04.11 -
Muss man das ernst nehmen?

Grüße

Antwort

Themen zu Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht
absturz, arbeit, avg, beendet, bluescree, bluescreen, erkenn, erkennt, folge, folgendes, gemeldet, hintergrund, meldung, neustart, notebook, opera, problem, scan, suche, troja, trojaners, trotz, virus, virustotal, weiteren, windows




Ähnliche Themen: Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht


  1. Windows 8.1 Pro Downloads laufen mit normaler Downloadgeschwindigkeit bis ca. 99%, werden dann aber nicht beendet
    Log-Analyse und Auswertung - 17.02.2015 (6)
  2. Wiederholtes Piepen, dann Absturz
    Log-Analyse und Auswertung - 08.10.2013 (7)
  3. Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (50)
  4. Netbook von jetzt auf dann total langsam, OTL verweiger trückmeldung
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
  5. Zuerst unzählige Trojaner-Warnungen dann Festplatte nicht erkannt, dann schwarzer bildschirm
    Log-Analyse und Auswertung - 13.05.2011 (9)
  6. Mein Rechner wurde gehackt! Was mach ich denn nun? Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.03.2011 (10)
  7. Erst Firefox Lahm, dann Meldungen, jetzt Trojaner
    Log-Analyse und Auswertung - 27.10.2010 (24)
  8. Rootkitscan mit Gmer, dann Absturz
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (1)
  9. Svchost.exe beendet und jetzt fährt PC nicht mehr hoch
    Alles rund um Windows - 14.12.2009 (0)
  10. Erst WinXP-Absturz, dann AntiVir-Fund: ADSPY/Stud.D.9
    Plagegeister aller Art und deren Bekämpfung - 26.06.2009 (1)
  11. Wie siehts jetzt mit meiner File aus? Bin nicht sicher ob alles bereinigt wurde
    Log-Analyse und Auswertung - 03.12.2005 (2)
  12. Erst Absturz, dann Neustart und jetzt alles etwas merkwürdig...
    Alles rund um Windows - 01.03.2005 (8)
  13. Was ist denn jetzt schon wieder ???
    Log-Analyse und Auswertung - 13.02.2005 (1)
  14. wo finde ich dieses hijack-ding denn?
    Log-Analyse und Auswertung - 15.11.2004 (3)
  15. Winmngr. exe wurde angezeigt ! Was ist das denn ?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2004 (6)
  16. Absturz und dann Fehlermeldung
    Alles rund um Windows - 05.01.2004 (18)
  17. Spinn ich denn jetzt? M$-Netzwerk Probs
    Netzwerk und Hardware - 15.08.2003 (1)

Zum Thema Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht - Hallo. Hatte gerade folgendes "Erlebnis": Mitten in der Arbeit, wurde von Windows gemeldet, dass prun.exe beendet werden muss. Kurz daanch kam ein bluescreen mit der meldung, dass es ein problem - Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht...
Archiv
Du betrachtest: Was war das denn? prun.exe wurde beendet, dann Absturz und jetzt finde ich sie nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.