Seite 1 von 8 123 ... LetzteLetzte
Ergebnis 1 bis 10 von 80

Thema: Bildschirm wird beim Spielen schwarz

  1. #1
    Forenbenutzer
    Registriert seit
    12.02.2010
    Ort
    Köln
    Beiträge
    38

    Bildschirm wird beim Spielen schwarz

    Hallo erstma...

    ich hab seit ein paaar tagen ein problem.
    Nach 5-10 min. spielen wird das Bild schwarz,sprich der bildschirm geht in den Ruhe-Modus, der ton bleibt hängen und wenn das Joystick vibriert hat dann hängt das auch. Dann kann ich nichts mehr machen ausser reseten.
    das problem tritt auch nur beim spielen auf.
    habs auch schon mit anderen bildschirmen und kabeln probiert.
    mit bildschirmauflösungen und verschiedenen Hz angaben, vergrebens...

    Hab mich auch durch super viele Foren gelesen aber keine richtige lösung gefunden...
    liegt es vieleicht an meiner Grafikkarte oder am Motherboard, oder ein Virus ?????
    Da mir von euch schonmal geholfen wurde probier ich es jetzt hier.



    Hier ein logfile:

    HTML-Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:25:40, on 01.06.2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Lock My PC 4\lockpc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\ppfsys.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Universal DVB Receiver\Wizard\AccControl.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\Explorer.exe
    C:\Users\Edem\Downloads\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Edem.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13166&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [System: PPFSYS.EXE Don`t remove it!] ppfsys.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
    O4 - Global Startup: ACCControl.lnk = ?
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O13 - Gopher Prefix: 
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
    O23 - Service: Google Update Service (gupdate1c9951de375afd7) (gupdate1c9951de375afd7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LckFldService - Unknown owner - C:\Windows\system32\LckFldService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - C:\Program Files\Lock My PC 4\LmpcServ.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SecureSrv - My Privacy Tools, Inc. - C:\Program Files\Hide My IP 2009\SecureSrv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    
    --
    End of file - 8195 bytes
    Wäre echt cool wenn mir einer helfen kann....!!!!

  2. #2
    Ehrenmitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    44.149

    AW: Bildschirm wird beim Spielen schwarz


    zunächst bitte anklicken und aufmerksam durchlesen: Worauf muss ich während der Bereinigung achten?


    ===== Punkt 1 =====

    Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast (Avast und Antivir). Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
    Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."
    Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.


    ===== Punkt 2 =====

    Du hast Malwarebytes Anti-Malware laufen lassen. Poste mir bitte Scan-Berichte, die Funde enthalten.


    ===== Punkt 3 =====

    Programme deinstallieren

    Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren.
    Code:
    Ask Toolbar
    Ad-Aware
    Berichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest.


    ===== Punkt 4 =====

    Einige Fragen

    Warum ist Vista SP2 noch nicht installiert?

    Wozu ist das hier installiert?
    C:\Program Files\Lock My PC 4
    C:\Program Files\Hide My IP 2009
    C:\Program Files\Easy-Hide-IP

    Sind oder waren Symantec-Programme installiert?
    C:\Program Files\Symantec\LiveUpdate


    ===== Punkt 5 =====

    Datei-Überprüfung

    Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Senden der Datei" nach VirusTotal hochladen und prüfen lassen. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Analysiere die Datei" erneut prüfen.

    Wenn das Ergebnis vorliegt, den kleinen Button "Filter" links oberhalb der Ergebnisse drücken, dann das Ergebnis (egal wie es aussieht und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

    Auch wenn sich herausstellt, dass die Datei/en infiziert ist/sind, bitte nicht ohne Absprache löschen!

    Code:
    C:\WINDOWS\system32\ppfsys.exe

    ===== Punkt 6 =====

    Rootkit-Suche mit Gmer

    Was sind Rootkits?

    Wichtig: Bei jedem Rootkit-Scans soll/en:
    • alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
    • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
    • nichts am Rechner getan werden,
    • nach jedem Scan der Rechner neu gestartet werden.
    • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!


    Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
    • Gmer ist geeignet für => NT/W2K/XP/VISTA (nur 32Bit).
    • Alle anderen Programme sollen geschlossen sein.
    • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
    • Vista-User mit Rechtsklick und als Administrator starten.
    • Gmer startet automatisch einen ersten Scan.
    • Sollte sich ein Fenster mit folgender Warnung öffnen:
      Code:
      WARNING !!!
      GMER has found system modification, which might have been caused by ROOTKIT activity.
      Do you want to fully scan your system?
    • Unbedingt auf "No" klicken,
      anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
    • Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
      .
    • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
    • Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
    • Wichtig: "Show all" darf nicht angehakt sein!
    • Starte den Scan durch Drücken des Buttons "Scan".
      Mache nichts am Computer während der Scan läuft.
    • Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
      Mit "Ok" wird Gmer beendet.
    • Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

    Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

    Nun das Logfile in Code-Tags posten.


    ===== Punkt 7 =====

    Systemdetails mit RSIT prüfen
    • Lade Random's System Information Tool (RSIT) von random/random herunter,
    • speichere es auf Deinem Desktop.
    • Schließe alle Fenster und Programme inkl. Browser.
    • Starte mit Doppelklick die RSIT.exe.
      Vista-User mit Rechtsklick => Als Administrator ausführen => Ausführen => Zulassen.
    • Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
    • Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
    • In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren I accept.
    • Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
    • Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
    • Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
    • Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= wird minimiert in der Taskleiste dargestellt) hier in den Thread.
    Geändert von Petra (12.02.2010 um 21:39 Uhr)
    [°¿°] Ciao, Petra

    ab 01.07.2015 bin ich hier inaktiv =>
    Abschied von HijackThis

    Neu hier? Bitte abarbeiten! | Daten sichern!
    Kein Support per PN oder Mail! | Danke

  3. #3
    Forenbenutzer
    Registriert seit
    12.02.2010
    Ort
    Köln
    Beiträge
    38

    AW: Bildschirm wird beim Spielen schwarz

    zunächst einmal danke für die schnelle Antwort.


    ===== Punkt 1 =====

    hab Avast runtergeschmissen.


    ===== Punkt 2 =====

    Code:
    Malwarebytes' Anti-Malware 1.38
    Datenbank Version: 2363
    Windows 6.0.6002 Service Pack 2
    
    13.02.2010 00:32:51
    mbam-log-2010-02-13 (00-32-51).txt
    
    Scan-Methode: Vollständiger Scan (C:\|D:\|)
    Durchsuchte Objekte: 263769
    Laufzeit: 53 minute(s), 37 second(s)
    
    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 0
    Infizierte Registrierungswerte: 0
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 0
    
    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien:
    (Keine bösartigen Objekte gefunden)

    ===== Punkt 3 =====

    Ask Toolbar und Ad-Aware sind jetzt deinsatlliert


    ===== Punkt 4 =====
    dachte eigentlich das ich SP2 installiert hätte. Aber solte ich das denn jetzt machen ?

    die anderen dinger hab ich runtergeschmissen



    ===== Punkt 5 =====

    konnte ich nicht ausführen, Datei nicht gefunden.

    ===== Punkt 6 =====

    konnte ich nicht ausführen, da Rechner bei jedem versuch abgestürtzt ist.
    trotz deiner einstellungen.


    ===== Punkt 7 =====

    Code:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Edem at 2010-02-13 15:59:20
    Microsoft® Windows Vista™ Home Premium  Service Pack 2
    System drive C: has 94 GB (32%) free of 297 GB
    Total RAM: 3071 MB (67% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:59:21, on 13.02.2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Silvercrest MTS2218 driver\KMConfig.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Silvercrest MTS2218 driver\KMProcess.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Edem\Downloads\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Edem.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - Winlogon Notify: fsp_lmwl - C:\Windows\
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate1c9951de375afd7) (gupdate1c9951de375afd7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    
    --
    End of file - 8619 bytes
    
    ======Scheduled tasks folder======
    
    C:\Windows\tasks\1-Klick-Wartung.job
    C:\Windows\tasks\Google Software Updater.job
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    C:\Windows\tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-22 657904]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-27 734264]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
    "KMCONFIG"=C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe [2008-05-30 212992]
    "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-12-10 8120864]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
    "Steam"=c:\program files\steam\steam.exe [2009-11-17 1217808]
    "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ACCControl.lnk]
    C:\PROGRA~1\UNIVER~1\Wizard\ACCCON~1.EXE [2007-02-20 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Edem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2008-10-25 98696]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fsp_lmwl]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=
    "BindDirectlyToPropertySetStorage"=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    
    ======File associations======
    
    .js - edit - C:\Windows\System32\Notepad.exe %1
    
    ======List of files/folders created in the last 1 months======
    
    2010-02-12 23:02:58 ----D---- C:\Program Files\Adobe
    2010-02-12 20:25:03 ----D---- C:\Program Files\Setup Files
    2010-02-12 17:09:53 ----D---- C:\Program Files\Lavalys
    2010-02-11 19:46:59 ----D---- C:\Windows\temp
    2010-02-11 19:46:57 ----A---- C:\ComboFix.txt
    2010-02-11 19:46:24 ----SHD---- C:\$RECYCLE.BIN
    2010-02-11 19:15:30 ----D---- C:\ComboFix
    2010-02-11 19:15:16 ----A---- C:\Windows\SWXCACLS.exe
    2010-02-11 18:57:13 ----A---- C:\Windows\MBR.exe
    2010-02-11 18:56:18 ----A---- C:\Windows\system32\CF18509.exe
    2010-02-11 18:15:18 ----A---- C:\Windows\system32\XAudio2_6.dll
    2010-02-11 18:15:18 ----A---- C:\Windows\system32\XAPOFX1_4.dll
    2010-02-11 18:15:18 ----A---- C:\Windows\system32\xactengine3_6.dll
    2010-02-11 18:15:18 ----A---- C:\Windows\system32\X3DAudio1_7.dll
    2010-02-10 14:57:10 ----A---- C:\Windows\system32\ntoskrnl.exe
    2010-02-10 14:57:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2010-02-10 14:56:58 ----A---- C:\Windows\system32\tsbyuv.dll
    2010-02-10 14:56:58 ----A---- C:\Windows\system32\quartz.dll
    2010-02-10 14:56:58 ----A---- C:\Windows\system32\msyuv.dll
    2010-02-10 14:56:58 ----A---- C:\Windows\system32\msvidc32.dll
    2010-02-10 14:56:58 ----A---- C:\Windows\system32\msrle32.dll
    2010-02-10 14:56:58 ----A---- C:\Windows\system32\iyuv_32.dll
    2010-02-10 14:56:57 ----A---- C:\Windows\system32\msvfw32.dll
    2010-02-10 14:56:57 ----A---- C:\Windows\system32\mciavi32.dll
    2010-02-10 14:56:57 ----A---- C:\Windows\system32\avifil32.dll
    2010-02-09 20:11:25 ----D---- C:\Users\Edem\AppData\Roaming\Sibelius Software
    2010-02-09 20:06:23 ----D---- C:\Program Files\Sibelius Software
    2010-02-05 20:29:49 ----D---- C:\Program Files\iPod
    2010-02-05 20:29:48 ----D---- C:\Program Files\iTunes
    2010-02-05 20:28:24 ----D---- C:\Program Files\Bonjour
    2010-02-05 18:18:03 ----A---- C:\Windows\system32\OpenCL.dll
    2010-02-05 18:18:02 ----A---- C:\Windows\system32\nvwgf2um.dll
    2010-02-05 18:18:02 ----A---- C:\Windows\system32\nvoglv32.dll
    2010-02-05 18:18:01 ----A---- C:\Windows\system32\nvcuvid.dll
    2010-02-05 18:17:59 ----A---- C:\Windows\system32\nvcuvenc.dll
    2010-02-05 18:17:59 ----A---- C:\Windows\system32\nvcuda.dll
    2010-02-05 18:17:58 ----A---- C:\Windows\system32\nvcompiler.dll
    2010-02-05 18:17:58 ----A---- C:\Windows\system32\nvcod189.dll
    2010-02-05 18:03:15 ----A---- C:\Windows\ntbtlog.txt
    2010-02-04 22:42:52 ----D---- C:\Users\Edem\AppData\Roaming\vlc
    2010-02-04 22:35:45 ----D---- C:\Program Files\VideoLAN
    2010-01-28 22:14:16 ----D---- C:\Windows\pss
    2010-01-22 12:33:18 ----A---- C:\Windows\system32\mshtml.dll
    2010-01-22 12:33:17 ----A---- C:\Windows\system32\ieframe.dll
    2010-01-22 12:33:15 ----A---- C:\Windows\system32\wininet.dll
    2010-01-22 12:33:15 ----A---- C:\Windows\system32\urlmon.dll
    2010-01-22 12:33:15 ----A---- C:\Windows\system32\occache.dll
    2010-01-22 12:33:15 ----A---- C:\Windows\system32\msfeeds.dll
    2010-01-22 12:33:15 ----A---- C:\Windows\system32\iertutil.dll
    2010-01-22 12:33:15 ----A---- C:\Windows\system32\iedkcs32.dll
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\msfeedssync.exe
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\msfeedsbs.dll
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\jsproxy.dll
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\ieUnatt.exe
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\ieui.dll
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\iesysprep.dll
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\iesetup.dll
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\iernonce.dll
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\iepeers.dll
    2010-01-22 12:33:14 ----A---- C:\Windows\system32\ie4uinit.exe
    2010-01-19 19:05:57 ----D---- C:\DVDVideoSoft
    2010-01-17 14:34:40 ----A---- C:\Windows\system32\nvcod178.dll
    2010-01-17 14:34:40 ----A---- C:\Windows\system32\nvcod.dll
    2010-01-14 17:00:41 ----A---- C:\Windows\system32\t2embed.dll
    2010-01-14 17:00:41 ----A---- C:\Windows\system32\fontsub.dll
    16508-12-01 18:49:47 ----D---- C:\Windows\nvtmpinst
    
    ======List of files/folders modified in the last 1 months======
    
    2010-02-13 15:58:52 ----D---- C:\Windows\Prefetch
    2010-02-13 15:54:39 ----D---- C:\Program Files\Steam
    2010-02-13 15:53:56 ----D---- C:\Windows\Minidump
    2010-02-13 15:53:53 ----D---- C:\Windows
    2010-02-13 14:16:45 ----D---- C:\ProgramData
    2010-02-13 14:16:45 ----D---- C:\Config.Msi
    2010-02-12 23:49:42 ----SHD---- C:\Windows\Installer
    2010-02-12 23:49:42 ----RD---- C:\Program Files
    2010-02-12 23:49:14 ----SHD---- C:\System Volume Information
    2010-02-12 23:37:27 ----D---- C:\Users\Edem\AppData\Roaming\uTorrent
    2010-02-12 23:35:43 ----D---- C:\Program Files\Common Files\Symantec Shared
    2010-02-12 23:34:41 ----D---- C:\Windows\system32\drivers
    2010-02-12 23:34:41 ----D---- C:\Windows\System32
    2010-02-12 23:27:09 ----D---- C:\Program Files\Lavasoft
    2010-02-12 23:26:58 ----DC---- C:\Windows\system32\DRVSTORE
    2010-02-12 23:03:02 ----D---- C:\Program Files\Common Files\Adobe
    2010-02-12 20:25:47 ----D---- C:\Program Files\MSI
    2010-02-12 20:09:22 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-02-12 20:09:22 ----D---- C:\Program Files\Ubisoft
    2010-02-12 18:07:55 ----D---- C:\Windows\inf
    2010-02-11 19:52:45 ----D---- C:\Qoobox
    2010-02-11 19:46:12 ----D---- C:\Windows\ERDNT
    2010-02-11 19:45:26 ----A---- C:\Windows\system.ini
    2010-02-11 19:35:31 ----D---- C:\Windows\AppPatch
    2010-02-11 19:35:31 ----D---- C:\Program Files\Common Files
    2010-02-11 19:15:43 ----D---- C:\Windows\system32\catroot2
    2010-02-11 18:56:18 ----D---- C:\Windows\system32\de-DE
    2010-02-11 18:14:49 ----RSD---- C:\Windows\assembly
    2010-02-11 18:14:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2010-02-11 17:07:54 ----D---- C:\Windows\winsxs
    2010-02-11 16:57:41 ----D---- C:\Windows\system32\catroot
    2010-02-11 16:55:38 ----D---- C:\Program Files\Windows Mail
    2010-02-10 23:05:45 ----D---- C:\Windows\Debug
    2010-02-09 20:11:14 ----RSD---- C:\Windows\Fonts
    2010-02-09 19:18:23 ----D---- C:\Users\Edem\AppData\Roaming\Skype
    2010-02-09 19:17:22 ----D---- C:\Users\Edem\AppData\Roaming\skypePM
    2010-02-07 00:37:37 ----D---- C:\Program Files\Google
    2010-02-05 20:29:49 ----D---- C:\Program Files\Common Files\Apple
    2010-02-05 20:28:14 ----D---- C:\Program Files\QuickTime
    2010-02-05 18:58:54 ----D---- C:\Program Files\Common Files\Steam
    2010-02-05 18:25:00 ----D---- C:\Program Files\AGEIA Technologies
    2010-02-05 18:24:13 ----D---- C:\Program Files\NVIDIA Corporation
    2010-02-04 19:43:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2010-02-02 20:21:59 ----A---- C:\Windows\system32\PnkBstrB.exe
    2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
    2010-01-28 22:17:11 ----D---- C:\Program Files\Internet Explorer
    2010-01-24 21:30:27 ----D---- C:\Windows\system32\migration
    2010-01-22 23:46:56 ----D---- C:\Program Files\Mozilla Firefox
    2010-01-22 12:23:41 ----D---- C:\Program Files\Microsoft Silverlight
    2010-01-19 19:00:09 ----D---- C:\Program Files\Common Files\DVDVideoSoft
    2010-01-19 18:57:00 ----D---- C:\Program Files\DVDVideoSoft
    2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-12-14 371248]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture; C:\Windows\system32\drivers\hcw88aud.sys [2008-04-18 12928]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-11 28520]
    R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
    R3 bdamapt;Universal DVB (BDA); C:\Windows\system32\drivers\bdamap.sys [2007-02-01 14464]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod; C:\Windows\system32\drivers\hcw88bda.sys [2008-04-18 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture; C:\Windows\system32\drivers\hcw88tse.sys [2008-04-18 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner; C:\Windows\system32\drivers\hcw88tun.sys [2008-04-18 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video; C:\Windows\system32\drivers\hcw88vid.sys [2008-04-18 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar; C:\Windows\system32\drivers\HCW88BAR.sys [2008-04-18 17280]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-12-10 2975904]
    R3 KMWDFilter;KMWDFilter; \??\C:\Windows\System32\Drivers\KMWDFilter.SYS [2008-12-17 18432]
    R3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-01-12 11586280]
    R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-10-12 13312]
    R3 phaudlwr;Philips Audio Filter; C:\Windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
    R3 SPC530;Philips SPC530NC PC Camera; C:\Windows\system32\drivers\SPC530.sys [2008-05-21 486912]
    R3 SPC530m;Philips SPC530NC PC Cameram; C:\Windows\system32\drivers\SPC530m.sys [2008-05-21 7680]
    R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
    R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
    S3 ALSysIO;ALSysIO; \??\C:\Users\Edem\AppData\Local\Temp\ALSysIO.sys []
    S3 catchme;catchme; \??\C:\Users\Edem\AppData\Local\Temp\catchme.sys []
    S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
    S3 DrvAgent32;DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [2010-02-12 23456]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-10-02 27248]
    S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]
    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
    S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
    S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
    S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
    S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
    S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
    S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
    S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-08-17 446512]
    S3 SymIMMP;SymIMMP; C:\Windows\system32\drivers\SymIMMP.sys []
    S3 UMPass;Microsoft UMPass-tREIBER; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-21 7680]
    S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
    S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
    S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
    S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
    S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
    S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-10-31 124960]
    S4 O2MDRDR;O2MDRDR; C:\Windows\system32\drivers\o2media.sys [2005-08-05 34144]
    S4 O2SDRDR;O2SDRDR; C:\Windows\system32\drivers\o2sd.sys [2005-12-19 28800]
    S4 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys [2006-12-02 50688]
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
    R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe [2008-05-30 208896]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-01-11 129640]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-02-27 66872]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
    R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-01-14 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service; C:\Program Files\Universal DVB Receiver\Service\bdamapsv.exe [2007-02-15 212992]
    R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
    R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
    S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
    S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-03-12 159744]
    S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-12 880640]
    S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-02-05 326792]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-14 73728]
    S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-01-14 360192]
    
    -----------------EOF-----------------


    freue mich schon auf die nächste massage.....

  4. #4
    Ehrenmitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    44.149

    AW: Bildschirm wird beim Spielen schwarz

    Hast Du Gmer mit Rechtsklick und als Administrator gestartet?

    Ist uTorrent noch installiert?

    Sind noch Symantec-Produkte installiert?

    Es fehlt noch die C:\rsit\info.txt - bitte nachreichen.

    Du hast Combofix laufen lassen (sollte möglichst nicht auf eigene Faust gemacht werden, aber was rede ich ;-)) - poste mir C:\Combofix.txt und C:\Qoobox\Add-Remove Programs.txt.
    Was war der Anlass?
    Geändert von Petra (13.02.2010 um 23:23 Uhr)
    [°¿°] Ciao, Petra

    ab 01.07.2015 bin ich hier inaktiv =>
    Abschied von HijackThis

    Neu hier? Bitte abarbeiten! | Daten sichern!
    Kein Support per PN oder Mail! | Danke

  5. #5
    Forenbenutzer
    Registriert seit
    12.02.2010
    Ort
    Köln
    Beiträge
    38

    AW: Bildschirm wird beim Spielen schwarz

    Hi, Petra

    - hab gmer genau so gestartet wie du gesgat hast. nach ca. 2-3 min. scanen stürtzt der rechner ab oder beendet das programm nur.
    ausserdem hat antivir "Eicar-Test-Signaturen" gefunden hab die erstmal in Quarantäne geschoben, ist das Ok?

    - uTorrent ist deeinstalliert.

    -Symantec-Produkte waren vorinstalliert hab die aber jetzt auch runter geschmissen.

    -C:\rsit\info.txt nicht gefunden bzw. nicht von rsit erstellt.

    -Hier das Combofix log:
    Code:
    ComboFix 10-02-12.01 - Edem 14.02.2010  14:46:23.11.2 - x86
    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.1286 [GMT 1:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
     * Im Speicher befindliches AV aktiv.
    
    .
    
    (((((((((((((((((((((((   Dateien erstellt von 2010-01-14 bis 2010-02-14  ))))))))))))))))))))))))))))))
    .
    
    2010-02-14 14:20 . 2010-02-14 14:20	--------	d-----w-	c:\users\Public\AppData\Local\temp
    2010-02-14 14:20 . 2010-02-14 14:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
    2010-02-14 14:20 . 2010-02-14 14:21	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2010-02-14 14:20 . 2010-02-14 14:20	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-02-14 13:34 . 2010-02-14 13:34	--------	d-----w-	C:\32788R22FWJFW
    2010-02-12 19:25 . 2010-02-12 19:25	--------	d-----w-	c:\program files\Setup Files
    2010-02-12 17:07 . 2010-02-12 17:08	--------	d-----w-	c:\users\Edem\AppData\Local\eSupport.com
    2010-02-12 17:07 . 2010-02-12 17:07	23456	----a-w-	c:\windows\system32\drivers\DrvAgent32.sys
    2010-02-12 16:56 . 2010-01-31 17:14	--------	d-----w-	c:\users\Edem\Serials World
    2010-02-12 16:09 . 2010-02-12 16:09	--------	d-----w-	c:\program files\Lavalys
    2010-02-11 17:56 . 2010-02-11 17:48	318976	----a-w-	c:\windows\system32\CF18509.exe
    2010-02-11 17:15 . 2010-02-04 09:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
    2010-02-11 17:15 . 2010-02-04 09:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
    2010-02-11 17:15 . 2010-02-04 09:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
    2010-02-11 17:15 . 2010-02-04 09:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
    2010-02-10 13:57 . 2009-12-11 11:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
    2010-02-10 13:57 . 2009-12-11 11:43	98816	----a-w-	c:\windows\system32\drivers\srvnet.sys
    2010-02-10 13:57 . 2009-12-08 20:01	3600456	----a-w-	c:\windows\system32\ntkrnlpa.exe
    2010-02-10 13:57 . 2009-12-08 20:01	3548216	----a-w-	c:\windows\system32\ntoskrnl.exe
    2010-02-10 13:57 . 2009-12-08 20:01	904776	----a-w-	c:\windows\system32\drivers\tcpip.sys
    2010-02-10 13:57 . 2009-12-08 17:26	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
    2010-02-10 13:56 . 2009-12-04 18:30	12288	----a-w-	c:\windows\system32\tsbyuv.dll
    2010-02-10 13:56 . 2009-12-04 18:29	1314816	----a-w-	c:\windows\system32\quartz.dll
    2010-02-10 13:56 . 2009-12-04 18:28	22528	----a-w-	c:\windows\system32\msyuv.dll
    2010-02-10 13:56 . 2009-12-04 18:28	31744	----a-w-	c:\windows\system32\msvidc32.dll
    2010-02-10 13:56 . 2009-12-04 18:28	13312	----a-w-	c:\windows\system32\msrle32.dll
    2010-02-10 13:56 . 2009-12-04 18:28	50176	----a-w-	c:\windows\system32\iyuv_32.dll
    2010-02-10 13:56 . 2009-12-04 18:28	123904	----a-w-	c:\windows\system32\msvfw32.dll
    2010-02-10 13:56 . 2009-12-04 18:28	82944	----a-w-	c:\windows\system32\mciavi32.dll
    2010-02-10 13:56 . 2009-12-04 18:27	91136	----a-w-	c:\windows\system32\avifil32.dll
    2010-02-10 13:56 . 2009-12-04 15:56	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-10 13:56 . 2009-12-04 15:56	105984	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
    2010-02-09 19:11 . 2010-02-09 19:11	--------	d-----w-	c:\users\Edem\AppData\Roaming\Sibelius Software
    2010-02-09 19:06 . 2010-02-09 19:06	--------	d-----w-	c:\program files\Sibelius Software
    2010-02-05 19:29 . 2010-02-05 19:29	--------	d-----w-	c:\program files\iPod
    2010-02-05 19:29 . 2010-02-05 19:30	--------	d-----w-	c:\program files\iTunes
    2010-02-05 19:28 . 2010-02-05 19:28	--------	d-----w-	c:\program files\Bonjour
    2010-02-05 17:18 . 2010-01-12 04:03	68200	----a-w-	c:\windows\system32\OpenCL.dll
    2010-02-05 17:18 . 2010-01-12 04:03	11586280	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
    2010-02-05 17:18 . 2010-01-12 04:03	4321384	----a-w-	c:\windows\system32\nvwgf2um.dll
    2010-02-05 17:18 . 2010-01-12 04:03	14924392	----a-w-	c:\windows\system32\nvoglv32.dll
    2010-02-05 17:18 . 2010-01-12 04:03	2243176	----a-w-	c:\windows\system32\nvcuvid.dll
    2010-02-05 17:17 . 2010-01-12 04:03	4077672	----a-w-	c:\windows\system32\nvcuvenc.dll
    2010-02-05 17:17 . 2010-01-12 04:03	4061800	----a-w-	c:\windows\system32\nvcuda.dll
    2010-02-05 17:17 . 2010-01-12 04:03	182888	----a-w-	c:\windows\system32\nvcod189.dll
    2010-02-05 17:17 . 2010-01-12 04:03	11639400	----a-w-	c:\windows\system32\nvcompiler.dll
    2010-02-04 21:42 . 2010-02-10 16:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\vlc
    2010-02-04 21:35 . 2010-02-04 21:35	--------	d-----w-	c:\program files\VideoLAN
    2010-01-30 21:33 . 2010-01-05 14:57	545280	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2010-01-30 21:33 . 2010-01-05 14:57	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2010-01-30 21:33 . 2010-01-05 14:57	153600	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2010-01-30 21:33 . 2010-01-05 14:57	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2010-01-30 21:33 . 2010-01-05 14:57	57856	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2010-01-30 21:33 . 2010-01-05 14:57	4725760	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
    2010-01-19 18:05 . 2010-01-19 22:36	--------	d-----w-	C:\DVDVideoSoft
    2010-01-17 13:34 . 2009-11-21 02:34	182888	----a-w-	c:\windows\system32\nvcod178.dll
    2010-01-17 13:34 . 2009-11-21 02:34	182888	----a-w-	c:\windows\system32\nvcod.dll
    16508-12-01 17:49 . 2009-06-04 11:03	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-14 13:01 . 2009-11-17 16:49	--------	d-----w-	c:\program files\Steam
    2010-02-12 22:37 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2010-02-12 22:35 . 2008-03-12 11:04	--------	d-----w-	c:\program files\Common Files\Symantec Shared
    2010-02-12 22:27 . 2009-04-29 16:19	--------	d-----w-	c:\program files\Lavasoft
    2010-02-12 22:03 . 2008-11-28 15:37	--------	d-----w-	c:\program files\Common Files\Adobe
    2010-02-12 19:25 . 2008-11-28 17:59	--------	d-----w-	c:\program files\MSI
    2010-02-12 19:09 . 2009-01-09 15:36	--------	d-----w-	c:\program files\Ubisoft
    2010-02-12 19:09 . 2008-03-12 10:58	--------	d--h--w-	c:\program files\InstallShield Installation Information
    2010-02-11 17:14 . 2009-03-15 20:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
    2010-02-11 15:55 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2010-02-09 19:11 . 2008-11-28 14:57	131024	----a-w-	c:\users\Edem\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-09 18:18 . 2009-11-28 13:19	--------	d-----w-	c:\users\Edem\AppData\Roaming\Skype
    2010-02-09 18:17 . 2009-11-28 13:25	--------	d-----w-	c:\users\Edem\AppData\Roaming\skypePM
    2010-02-06 23:37 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2010-02-05 19:29 . 2009-09-29 17:57	--------	d-----w-	c:\program files\Common Files\Apple
    2010-02-05 19:28 . 2009-09-29 17:59	--------	d-----w-	c:\program files\QuickTime
    2010-02-05 17:58 . 2009-11-17 16:50	--------	d-----w-	c:\program files\Common Files\Steam
    2010-02-05 17:25 . 2009-03-15 20:31	--------	d-----w-	c:\program files\AGEIA Technologies
    2010-02-05 17:24 . 2009-08-18 18:43	--------	d-----w-	c:\program files\NVIDIA Corporation
    2010-02-04 18:43 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2010-02-04 18:43 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2010-02-04 18:42 . 2008-11-29 11:13	1992	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2010-02-02 19:22 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2010-02-02 19:21 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2010-01-22 11:23 . 2008-03-12 14:33	--------	d-----w-	c:\program files\Microsoft Silverlight
    2010-01-20 19:04 . 2010-01-20 19:04	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2010-01-19 18:00 . 2009-03-02 19:13	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
    2010-01-19 17:57 . 2009-03-02 19:13	--------	d-----w-	c:\program files\DVDVideoSoft
    2010-01-14 10:12 . 2009-10-02 15:45	181120	------w-	c:\windows\system32\MpSigStub.exe
    2010-01-12 04:03 . 2010-02-05 17:18	10920	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
    2010-01-12 04:03 . 2008-03-24 17:52	9388648	----a-w-	c:\windows\system32\nvd3dum.dll
    2010-01-12 04:03 . 2008-03-24 17:52	1280616	----a-w-	c:\windows\system32\nvapi.dll
    2010-01-11 21:18 . 2010-01-11 21:18	962664	----a-w-	c:\windows\system32\nvsvc.dll
    2010-01-11 21:18 . 2010-01-11 21:18	1515112	----a-w-	c:\windows\system32\nvsvcr.dll
    2010-01-11 21:18 . 2010-01-11 21:18	13679720	----a-w-	c:\windows\system32\nvcpl.dll
    2010-01-11 21:18 . 2010-01-11 21:18	129640	----a-w-	c:\windows\system32\nvvsvc.exe
    2010-01-11 21:18 . 2010-01-11 21:18	110696	----a-w-	c:\windows\system32\nvmctray.dll
    2010-01-10 11:25 . 2009-05-07 15:53	--------	d-----w-	c:\program files\Live-Player
    2010-01-07 16:18 . 2009-09-29 18:02	--------	d-----w-	c:\users\Edem\AppData\Roaming\Apple Computer
    2010-01-06 20:53 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2010-01-06 20:52 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2010-01-02 06:38 . 2010-01-22 11:33	916480	----a-w-	c:\windows\system32\wininet.dll
    2010-01-02 06:32 . 2010-01-22 11:33	71680	----a-w-	c:\windows\system32\iesetup.dll
    2010-01-02 06:32 . 2010-01-22 11:33	109056	----a-w-	c:\windows\system32\iesysprep.dll
    2010-01-02 04:57 . 2010-01-22 11:33	133632	----a-w-	c:\windows\system32\ieUnatt.exe
    2009-11-30 17:02 . 2009-11-30 17:02	171144	----a-w-	c:\windows\system32\xliveinstall.dll
    2009-11-30 17:02 . 2009-11-30 17:02	72840	----a-w-	c:\windows\system32\xliveinstallhost.exe
    2009-11-28 13:25 . 2009-11-28 13:25	56	---ha-w-	c:\documents and settings\All Users\Application Data\ezsidmv.dat
    2009-11-24 16:40 . 2009-12-30 16:59	838176	----a-w-	c:\windows\RtlExUpd.dll
    2009-11-24 08:55 . 2009-12-30 17:00	345328	----a-w-	c:\windows\system32\SRSTSXT.dll
    2009-11-24 08:55 . 2009-12-30 17:00	185584	----a-w-	c:\windows\system32\SRSTSHD.dll
    2009-11-24 08:55 . 2009-12-30 17:00	173296	----a-w-	c:\windows\system32\SRSHP360.dll
    2009-11-24 08:55 . 2009-12-30 17:00	140528	----a-w-	c:\windows\system32\SRSWOW.dll
    2009-11-21 02:34 . 2009-09-27 22:12	592488	----a-w-	c:\windows\system32\nvudisp.exe
    2009-11-19 20:42 . 2008-03-12 10:52	592488	----a-w-	c:\windows\system32\nvuninst.exe
    2009-11-18 17:42 . 2009-12-30 17:00	1783056	----a-w-	c:\windows\system32\WavesLib.dll
    2009-11-18 17:42 . 2009-12-30 17:00	311568	----a-w-	c:\windows\system32\MaxxAudioAPO20.dll
    2009-11-18 17:42 . 2009-12-30 17:00	1938704	----a-w-	c:\windows\system32\MaxxAudioEQ.dll
    2009-11-17 17:13 . 2009-12-30 16:59	96160	----a-w-	c:\windows\system32\AERTARen.dll
    2009-11-17 17:10 . 2009-12-30 16:59	146336	----a-w-	c:\windows\system32\AERTACap.dll
    2009-08-09 00:11 . 2009-08-09 00:11	10437264	----a-w-	c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2009-11-28 11:10 . 2009-11-28 11:10	107760	----a-w-	c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    .
    
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Steam"="c:\program files\steam\steam.exe" [2009-11-17 1217808]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-10 8120864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ACCControl.lnk]
    backup=c:\windows\pss\ACCControl.lnk.CommonStartup
    backupExtension=.CommonStartup
    
    [HKLM\~\startupfolder\C:^Users^Edem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-06 17:51	3885408	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):7c,f0,f3,04,f8,53,ca,01
    
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 07:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 19:28 108289]
    R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30.05.2008 01:17 208896]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [11.01.2010 21:00 240232]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 08:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 08:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 07:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 08:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 07:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 07:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 07:55 17280]
    R3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 13:40 88704]
    R3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 16:30 486912]
    R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 16:30 7680]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 19:46 133104]
    S3 DrvAgent32;DrvAgent32;c:\windows\System32\drivers\DrvAgent32.sys [12.02.2010 18:07 23456]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [12.02.2010 17:09 27248]
    S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [12.02.2010 20:25 9216]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 17:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 17:08 533360]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.03.2009 13:48 136704]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 22:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 22:46 27072]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 10:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 10:40 28800]
    
    --- Andere Dienste/Treiber im Speicher ---
    
    *Deregistered* - kxddapoc
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 09:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhalt des "geplante Tasks" Ordners
    
    2010-02-14 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2010-02-14 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=0&l=dir
    uInternet Settings,ProxyOverride = *.local
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Notify-fsp_lmwl - (no file)
    
    
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-14 15:21
    Windows 6.0.6002 Service Pack 2 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0
    
    **************************************************************************
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:b7,d2,72,9f,15,e0,54,eb,6d,59,7c,2b,19,0f,be,7b,38,d4,52,7a,73,
       81,2d,cf,9b,65,d1,bc,c6,5a,a4,64,c1,43,7d,d5,98,b5,47,db,f1,1b,27,be,71,4f,\
    "rkeysecu"=hex:22,42,85,07,0e,00,09,85,b7,da,37,03,6b,7a,67,86
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Zeit der Fertigstellung: 2010-02-14  15:25:34
    ComboFix-quarantined-files.txt  2010-02-14 14:25
    ComboFix2.txt  2010-02-11 18:46
    ComboFix3.txt  2009-08-03 14:44
    ComboFix4.txt  2009-07-15 21:39
    ComboFix5.txt  2010-02-14 13:35
    
    Vor Suchlauf: 21 Verzeichnis(se), 96.777.211.904 Bytes frei
    Nach Suchlauf: 22 Verzeichnis(se), 98.171.686.912 Bytes frei
    
    - - End Of File - - 6985BF401C924E9EE138E4F5B3BA3CC4
    und Qoobox:
    Code:
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3 - Deutsch
    Adobe Shockwave Player 11.5
    Advertising Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 9.03
    Assassin's Creed
    Avira AntiVir Personal - Free Antivirus
    BAA Environment Screensaver
    BAA Screensaver
    BAA Villains screensaver
    Batman: Arkham Asylum
    Bonjour
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    CCleaner
    Choice Guard
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DolbyFiles
    DriverAgent by eSupport.com
    DualCoreCenter
    DVD to VCD AVI DivX Converter v3.2 (build 069)
    EVEREST Ultimate Edition v5.30
    FLV Player 2.0 (build 25)
    Free Audio CD Burner version 1.2
    Free Audio CD to MP3 Converter version 1.1
    Free Audio Converter version 1.2
    Free Studio version 4.2
    Free YouTube to iPod Converter version 3.2
    Free YouTube to MP3 Converter version 3.2
    Full Tilt Poker
    Garmin City Navigator Europe NT 2010 Update
    Garmin Communicator Plugin
    Garmin POI Loader
    Garmin USB Drivers
    Google Earth
    Google Earth Pro 4.2
    Google SketchUp 6
    Google Update Helper
    Google Updater
    Grand Theft Auto IV
    Grand Theft Auto IV Screenshot Screen Saver
    Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImagXpress
    iTunes
    Java(TM) 6 Update 17
    Junk Mail filter update
    LightScribe Applications
    LightScribe System Software  1.14.17.1
    Liveupdate4
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (German)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Microsoft Xbox 360 Accessories 1.1
    Mozilla Firefox (3.6)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Card Reader
    MyDVD-VR Recorder
    Need for Speed™ Undercover
    Nero 9
    Nero ControlCenter
    Nero InCD-Reader
    Nero Installer
    neroxml
    NetCologne-Installationsdateien entfernen
    Nimo Codecs Pack v5.0 (Remove Only)
    Nokia Connectivity Cable Driver
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    Philips Intelligent Agent
    Philips SPC530NC Webcam
    Philips VLounge
    Prototype(TM)
    PunkBuster Services
    PVSonyDll
    QuickTime
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    Roxio Update Manager
    Roxio WinOnCD 9 Basic
    screensaver_6000
    SecurDisc Viewer
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Serials World v3.2.0.022
    Sibelius Scorch (all browsers)
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Silvercrest MTS2218 driver
    Skype™ 4.1
    Sonic MyDVD-VR
    Stardock MyColors
    Steam
    Thrustmaster Force Feedback Driver
    Tsunami-Filter-Pack
    TuneUp Utilities 2009
    Uniblue DriverScanner 2009
    Uniblue RegistryBooster 2009
    Uniblue SpeedUpMyPC 2009
    Uninstall 1.0.0.1
    Universal DVB Receiver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.0.5
    Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (05/07/2008 1.0.5.12)
    Windows-Treiberpaket - Philips USB  (05/21/2008 1.01.3.6650)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
    Windows Live-Uploadtool
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Fotogalerie
    Windows Live ID-Anmelde-Assistent
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker-Betaversion
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinRAR
    Der Anlass war das ich probleme mit einem Virus hatte: TR/Crypt.ZPACK.Gen.


    greetz edman

  6. #6
    Ehrenmitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    44.149

    AW: Bildschirm wird beim Spielen schwarz

    Ok, dann brauche ich noch ein paar Infos.

    Ich sehe, dass Combofix bei Dir sage und schreibe 11x gelaufen ist. Schaue mal in C:\Qoobox und poste mir alle vorhandenen Combofix-Logfiles sowie die Datei ComboFix-quarantined-files.txt


    ===== Punkt 1 =====

    Scan mit SystemLook

    Bitte unbedingt alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks und Flash-Cards an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. Ich möchte prüfen, ob bestimmte Dateien noch auf Deinem System sind.

    Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

    Download Mirror #1 - Download Mirror #2
    • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
      Vista- und Windows 7-User mit Rechtsklick und als Administrator starten.
    • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

      Code:
      :dir
      C:\qoobox /sub
    • Klicke nun auf den Button Look, um den Scan zu starten.
    • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
    • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.


    ===== Punkt 2 =====

    RSIT in im falschen Pfad installiert => verschiebe es von hier => C:\Users\Edem\Downloads\Desktop\RSIT.exe
    auf Deinen Desktop und lasse es erneut laufen.
    [°¿°] Ciao, Petra

    ab 01.07.2015 bin ich hier inaktiv =>
    Abschied von HijackThis

    Neu hier? Bitte abarbeiten! | Daten sichern!
    Kein Support per PN oder Mail! | Danke

  7. #7
    Forenbenutzer
    Registriert seit
    12.02.2010
    Ort
    Köln
    Beiträge
    38

    AW: Bildschirm wird beim Spielen schwarz

    ===== Punkt 1 =====
    SystemLook:

    Code:
    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 16:32 on 14/02/2010 by Edem (Administrator - Elevation successful)
    
    ========== dir ==========
    
    C:\qoobox - Parameters: "/sub"
    
    ---Files---
    Add-Remove Programs.txt	--a--- 6720 bytes	[10:27 01/06/2009]	[14:24 14/02/2010]
    CFScript_used_2009-06-01_20.21.54.txt	--a--- 69 bytes	[18:21 01/06/2009]	[18:19 01/06/2009]
    ComboFix-quarantined-files.txt	--a--- 3721 bytes	[18:46 11/02/2010]	[14:25 14/02/2010]
    ComboFix2.txt	--a--- 28540 bytes	[10:27 01/06/2009]	[18:46 11/02/2010]
    ComboFix3.txt	--a--- 45441 bytes	[10:27 01/06/2009]	[14:44 03/08/2009]
    ComboFix4.txt	--a--- 51339 bytes	[10:27 01/06/2009]	[21:39 15/07/2009]
    ComboFix5.txt	--a--- 292737 bytes	[15:24 29/06/2009]	[13:35 14/02/2010]
    SnapShot@2009-06-01_10.26.17.dat	--a--- 2124484 bytes	[10:26 01/06/2009]	[10:26 01/06/2009]
    SnapShot@2010-02-11_18.45.26.dat	--a--- 2888762 bytes	[18:46 11/02/2010]	[18:46 11/02/2010]
    SnapShot@2010-02-14_14.20.57.dat	--a--- 0 bytes	[14:24 14/02/2010]	[14:24 14/02/2010]
    SnapShot_2009-06-01_18.26.43.dat	--a--- 2152155 bytes	[18:27 01/06/2009]	[18:27 01/06/2009]
    SnapShot_2009-06-03_16.19.42.dat	--a--- 2159758 bytes	[16:19 03/06/2009]	[16:19 03/06/2009]
    SnapShot_2009-06-14_10.55.56.dat	--a--- 2215230 bytes	[10:56 14/06/2009]	[10:56 14/06/2009]
    SnapShot_2009-06-29_15.32.48.dat	--a--- 2183132 bytes	[15:33 29/06/2009]	[15:33 29/06/2009]
    SnapShot_2009-07-02_18.17.15.dat	--a--- 2192457 bytes	[18:17 02/07/2009]	[18:17 02/07/2009]
    SnapShot_2009-07-15_21.38.35.dat	--a--- 2189111 bytes	[21:39 15/07/2009]	[21:39 15/07/2009]
    SnapShot_2009-08-03_14.42.58.dat	--a--- 2200551 bytes	[14:43 03/08/2009]	[14:43 03/08/2009]
    
    C:\qoobox\BackEnv	d-----	[17:57 11/02/2010]
    appdata.folder.dat	--a--- 220 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    cache.folder.dat	--a--- 328 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    Cookies.folder.dat	--a--- 145 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    desktop.folder.dat	--a--- 167 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    favorites.folder.dat	--a--- 166 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    localappdata.folder.dat	--a--- 156 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    LocalSettings.folder.dat	--a--- 156 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    mypictures.folder.dat	--a--- 136 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    personal.folder.dat	--a--- 140 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    Profiles.Folder.dat	--a--- 176 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    Profiles.Folder.folder.dat	--a--- 199 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    programs.folder.dat	--a--- 440 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    SetPath.bat	--a--- 6806 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    startmenu.folder.dat	--a--- 327 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    startup.folder.dat	--a--- 488 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    SysPath.dat	--a--- 2962 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    templates.folder.dat	--a--- 411 bytes	[17:57 11/02/2010]	[17:57 11/02/2010]
    
    C:\qoobox\Quarantine	d-----	[10:05 01/06/2009]
    catchme.log	--a--- 1079 bytes	[10:05 01/06/2009]	[13:46 14/02/2010]
    catchme.txt	--a--- 0 bytes	[18:21 01/06/2009]	[18:21 01/06/2009]
    
    C:\qoobox\Quarantine\C	d-----	[10:08 01/06/2009]
    
    C:\qoobox\Quarantine\C\Program Files	d-----	[15:31 29/06/2009]
    
    C:\qoobox\Quarantine\C\Program Files\Mozilla Firefox	d-----	[15:31 29/06/2009]
    
    C:\qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions	d-----	[15:31 29/06/2009]
    
    C:\qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}	d-----	[15:31 29/06/2009]
    chrome.manifest.vir	--a--- 120 bytes	[19:21 28/04/2009]	[19:21 28/04/2009]
    install.rdf.vir	--a--- 770 bytes	[19:21 28/04/2009]	[19:21 28/04/2009]
    
    C:\qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}\chrome	d-----	[15:31 29/06/2009]
    
    C:\qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}\chrome\content	d-----	[15:31 29/06/2009]
    overlay.xul.vir	--a--- 6003 bytes	[19:21 28/04/2009]	[19:21 28/04/2009]
    
    C:\qoobox\Quarantine\C\Users	d-----	[10:23 01/06/2009]
    
    C:\qoobox\Quarantine\C\Users\Edem	d-----	[10:23 01/06/2009]
    
    C:\qoobox\Quarantine\C\Users\Edem\AppData	d-----	[10:23 01/06/2009]
    
    C:\qoobox\Quarantine\C\Users\Edem\AppData\Local	d-----	[10:23 01/06/2009]
    ksgwm.bat.vir	--a--- 87 bytes	[15:53 07/05/2009]	[15:30 29/05/2009]
    ssqgw.dat.vir	--a--- 3188 bytes	[10:47 21/05/2009]	[15:59 29/05/2009]
    ssqgw_nav.dat.vir	--a--- 321462 bytes	[10:47 21/05/2009]	[15:35 29/05/2009]
    ssqgw_navps.dat.vir	--a--- 1300 bytes	[10:47 21/05/2009]	[16:00 29/05/2009]
    
    C:\qoobox\Quarantine\C\Windows	d-----	[10:20 01/06/2009]
    icon.ico.vir	--a--- 135041 bytes	[18:55 01/02/2008]	[18:55 01/02/2008]
    
    C:\qoobox\Quarantine\C\Windows\Installer	d-----	[18:16 02/07/2009]
    2b0f7f.msi.vir	--a--- 14812160 bytes	[03:00 11/03/2009]	[03:00 11/03/2009]
    
    C:\qoobox\Quarantine\C\Windows\System32	d-----	[10:20 01/06/2009]
    ahtn.htm.vir	--a--- 1400 bytes	[14:18 28/04/2009]	[14:18 28/04/2009]
    lmn_setup.exe.vir	--a--- 20480 bytes	[11:42 21/05/2009]	[11:42 21/05/2009]
    lmppcsetup.exe.vir	--a--- 531 bytes	[19:08 30/04/2009]	[21:08 30/04/2009]
    ovfsthxdcieeclh.dat.vir	--a--- 43 bytes	[17:13 23/04/2009]	[20:38 15/05/2009]
    ovfsthxpbkpoonv.dat.vir	--a--- 2104787 bytes	[16:57 23/04/2009]	[10:08 01/06/2009]
    p2hhr.bat.vir	--a--- 46 bytes	[17:56 05/05/2009]	[13:24 18/05/2009]
    uniq.tll.vir	--a--- 1 bytes	[14:18 28/04/2009]	[14:18 28/04/2009]
    warning.gif.vir	--a--- 4785 bytes	[14:18 28/04/2009]	[14:18 28/04/2009]
    
    C:\qoobox\Quarantine\C\Windows\System32\drivers	d-----	[10:20 01/06/2009]
    Msft_Kernel_phaudlwr_01005.Wdf.vir	--a--- 0 bytes	[12:51 30/11/2008]	[12:51 30/11/2008]
    Msft_User_WpdFs_01_00_00.Wdf.vir	--a--- 0 bytes	[05:23 26/11/2008]	[05:23 26/11/2008]
    
    C:\qoobox\Quarantine\Registry_backups	d-----	[10:05 01/06/2009]
    HKCU-Run-ssqgw.reg.dat	--a--- 143 bytes	[10:26 01/06/2009]	[10:26 01/06/2009]
    Notify-fsp_lmwl.reg.dat	--a--- 270 bytes	[14:24 14/02/2010]	[14:24 14/02/2010]
    SafeBoot-procexp90.Sys.reg.dat	--a--- 562 bytes	[10:26 01/06/2009]	[10:26 01/06/2009]
    Service_ovfsthxtjrroqtq.reg.dat	--a--- 1846 bytes	[10:09 01/06/2009]	[10:09 01/06/2009]
    tcpip.reg	--a--- 4137 bytes	[10:25 01/06/2009]	[14:08 14/02/2010]
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat	--a--- 171 bytes	[14:24 14/02/2010]	[14:24 14/02/2010]
    
    -=End Of File=-
    ===== Punkt 2 =====
    C:\rsit\info.txt:

    Code:
    info.txt logfile of random's system information tool 1.06 2010-02-14 16:38:09
    
    ======Uninstall list======
    
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="4M03-8379-8APW-PTEE-M7WC-6ZL9-XWH7-A48W"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="4M0A-8KA9-5WTM-H0UH-XHCP-MW4U-CATK-AW2U"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="5M06-84A5-95H9-XUX0-HCXC-PA7X-XWCE-7L9W"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="5M09-80MA-8CLC-L7W5-CPPA-TC7L-CTH7-AM32"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7M03-8177-56X8-U6T3-MHPT-4CUC-E7CP-3E9Z"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7M03-8X6C-87P6-LLHL-E8UT-73TK-UMH5-1ZWH"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7M06-837E-0AP7-E1W0-XHP9-H81U-KKME-42AK"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7M09-821M-A9CK-UHUW-P6TL-E125-KKZ2-8941"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7M09-88KA-6KE7-HMWZ-PKC9-X733-E6XL-A4H9"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7M0A-812E-8KZ0-EZHK-H6Z2-PH83-LZHK-AM11"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7M11-87X5-5EM1-XCHK-XXX8-H89X-PHP0-4MP5"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M11-85E7-13W4-T7H7-ULKX-L87W-WHL9-496P"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="EM0A-86KM-AAH4-UWEZ-T5TX-E2A0-UTPM-9ZCW"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="EM11-8MM3-50XW-P4LE-EWT1-M881-HXKA-328U"
    -->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="KM06-8K3M-47EP-THX2-TKE4-LCP9-M9MP-0ACW"
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
    -->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    -->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
    -->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    -->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    -->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    -->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    -->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    -->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
    Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Ashampoo Burning Studio 9.03-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 9\unins000.exe"
    Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    BAA Environment Screensaver-->"C:\Windows\BAA Environment Screensaver Uninstaller\unins000.exe"
    BAA Screensaver-->"C:\Windows\BAA Screensaver Uninstaller\unins000.exe"
    BAA Villains screensaver-->"C:\Windows\BAA Villains screensaver Uninstaller\unins000.exe"
    Batman: Arkham Asylum-->"C:\Program Files\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe" -runfromtemp -l0x0007 -removeonly
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Call of Duty: Modern Warfare 2 - Multiplayer-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10190
    Call of Duty: Modern Warfare 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10180
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
    DualCoreCenter-->"C:\Program Files\MSI\DualCoreCenter\unins000.exe"
    DVD to VCD AVI DivX Converter v3.2 (build 069)-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
    EVEREST Ultimate Edition v5.30-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
    Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
    Free Audio CD to MP3 Converter version 1.1-->"C:\Program Files\DVDVideoSoft\Free Audio CD to MP3 Converter\unins000.exe"
    Free Audio Converter version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio Converter\unins000.exe"
    Free Studio version 4.2-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
    Free YouTube to iPod Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
    Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe"
    Full Tilt Poker-->C:\Program Files\Full Tilt Poker\uninstall.exe
    Garmin City Navigator Europe NT 2010 Update-->MsiExec.exe /X{C07B86C3-1816-4C59-927E-0287925DFB96}
    Garmin Communicator Plugin-->MsiExec.exe /X{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}
    Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
    Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
    Google Earth Pro 4.2-->"C:\Windows\Google Earth Pro 4.2\uninstall.exe" "/U:C:\Program Files\Google Earth Pro 4.2\Uninstall\uninstall.xml"
    Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
    Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x7  -removeonly
    Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x7  -removeonly
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Grand Theft Auto IV Screenshot Screen Saver-->C:\Windows\system32\Grand Theft Auto IV Screenshot.scr /u
    Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
    Hauppauge MCE XP/Vista Software Encoder (2.0.26057)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
    Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    LightScribe Applications-->MsiExec.exe /X{7373184D-8E8F-4308-912A-3901071FA1AD}
    LightScribe System Software  1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
    Liveupdate4-->"C:\Program Files\MSI\Live Update 4\unins000.exe"
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
    Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
    Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
    Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
    Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}
    Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0AFECCA6-61A0-409F-9205-67613984209D} /l1031 
    Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
    Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
    Nero InCD-Reader-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7KX0-7693-91X9-75K0-EX4K-39EE-C588"
    Nero InCD-Reader-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9KX0-2995-95KC-5120-8KAX-4647-9523"
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NetCologne-Installationsdateien entfernen-->C:\Program Files\Common Files\NetCologne\uninst.exe
    Nimo Codecs Pack v5.0 (Remove Only)-->"C:\Program Files\NimoCodec Pack\uninstall.exe"
    Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
    NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
    NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
    NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
    NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    Philips Intelligent Agent-->"C:\Program Files\Philips\Intelligent Agent\Uninst\unins000.exe"
    Philips SPC530NC Webcam-->"C:\Program Files\InstallShield Installation Information\{69D598A7-A9C5-4396-8C92-39465FF2C874}\Setup.exe" -runfromtemp -l0x0007 -removeonly
    Philips VLounge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}\Setup.exe" -l0x7 
    Prototype(TM)-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
    PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
    PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
    QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
    Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
    Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Roxio WinOnCD 9 Basic-->MsiExec.exe /I{DCFFB64E-A757-4430-A455-B947F029BFD4}
    screensaver_6000-->C:\Windows\system32\screensaver_6000.scr /u
    SecurDisc Viewer-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="7KX1-2A7C-87K5-5CK0-3E47-CM05-9032"
    SecurDisc Viewer-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="KKX1-0145-92XC-5EK0-4C64-AMC0-3314"
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
    Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
    Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
    Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
    Serials World v3.2.0.022-->"C:\Program Files\Serials World\unins000.exe"
    Sibelius Scorch (all browsers)-->MsiExec.exe /I{ECE80888-45E5-46FD-8E0C-FEF3648847BB}
    Sibelius Scorch (Firefox, Opera, Netscape only)-->MsiExec.exe /I{672D0014-71A9-45EF-B10E-DEF7426961A6}
    Silvercrest MTS2218 driver-->C:\Program Files\InstallShield Installation Information\{2F2B569E-2024-48B8-867B-DB1BF2338F38}\setup.exe -runfromtemp -l0x0407
    Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    Sonic MyDVD-VR-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{897CA0D9-948F-4E5B-A20E-535E1060D3E6} /l1031 
    Stardock MyColors-->C:\ProgramData\{F0297D39-7A45-442F-AFF5-271488E85934}\MyColors.exe
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Thrustmaster Force Feedback Driver-->C:\Program Files\InstallShield Installation Information\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}\setup.exe -runfromtemp -l0x0007 -removeonly
    Tsunami-Filter-Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCFF9230-22DC-40ED-BBCC-0F260B85734C}\setup.exe" -l0x9 
    TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
    Uniblue DriverScanner 2009-->"C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
    Uniblue DriverScanner 2009-->C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
    Uniblue RegistryBooster 2009-->"C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
    Uniblue RegistryBooster 2009-->C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
    Uniblue SpeedUpMyPC 2009-->"C:\ProgramData\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\speedupmypc2009.exe" REMOVE=TRUE MODIFY=FALSE
    Uniblue SpeedUpMyPC 2009-->C:\ProgramData\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\speedupmypc2009.exe
    Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    Universal DVB Receiver-->C:\Program Files\InstallShield Installation Information\{B3E33662-872D-4D04-9DCA-665488D170A2}\setup.exe -runfromtemp -l0x0007 -removeonly
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
    Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
    Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
    Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
    Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
    Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
    Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
    Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
    Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
    Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
    Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
    Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
    VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
    VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_6b094708\grmnusb.inf
    Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
    Windows Live Family Safety-->MsiExec.exe /X{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}
    Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
    Windows Live ID-Anmelde-Assistent-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
    Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
    Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
    Windows Live Movie Maker-Betaversion-->MsiExec.exe /X{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}
    Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
    Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
    Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
    Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (05/07/2008 1.0.5.12)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\phaudlwr.inf_85c324f3\phaudlwr.inf
    Windows-Treiberpaket - Philips USB  (05/21/2008 1.01.3.6650)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\spc530c.inf_615da9fc\spc530c.inf
    WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    
    ======Security center information======
    
    AS: Lavasoft Ad-Watch Live! (disabled)
    AS: Windows Defender
    
    ======System event log======
    
    Computer Name: Edem-PC
    Event Code: 7036
    Message: Dienst "Windows Media Center-Planerdienst" befindet sich jetzt im Status "Ausgeführt".
    Record Number: 118695
    Source Name: Service Control Manager
    Time Written: 20090904154817.000000-000
    Event Type: Informationen
    User: 
    
    Computer Name: Edem-PC
    Event Code: 10029
    Message: DCOM hat den Dienst ehSched mit den Argumenten "-Service" gestartet, um den Server auszuführen:
    {4B635ECB-0887-4015-8CA6-D621362F98D1}
    Record Number: 118694
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090904154817.000000-000
    Event Type: Informationen
    User: 
    
    Computer Name: Edem-PC
    Event Code: 7036
    Message: Dienst "Anwendungsinformationen" befindet sich jetzt im Status "Ausgeführt".
    Record Number: 118693
    Source Name: Service Control Manager
    Time Written: 20090904154815.000000-000
    Event Type: Informationen
    User: 
    
    Computer Name: Edem-PC
    Event Code: 7001
    Message: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "UPnP-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
    Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
    Record Number: 118692
    Source Name: Service Control Manager
    Time Written: 20090904154805.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: Edem-PC
    Event Code: 7036
    Message: Dienst "Google Update Service (gupdate1c9951de375afd7)" befindet sich jetzt im Status "Beendet".
    Record Number: 118691
    Source Name: Service Control Manager
    Time Written: 20090904154708.000000-000
    Event Type: Informationen
    User: 
    
    =====Application event log=====
    
    Computer Name: WIN-S4KO49LVV6X
    Event Code: 37
    Message: 
    Record Number: 1883
    Source Name: ccSvcHst
    Time Written: 20081126065227.000000-000
    Event Type: Informationen
    User: Edem-PC\Administrator
    
    Computer Name: WIN-S4KO49LVV6X
    Event Code: 36
    Message: 
    Record Number: 1882
    Source Name: ccSvcHst
    Time Written: 20081126065227.000000-000
    Event Type: Informationen
    User: Edem-PC\Administrator
    
    Computer Name: WIN-S4KO49LVV6X
    Event Code: 36
    Message: 
    Record Number: 1881
    Source Name: ccSvcHst
    Time Written: 20081126065227.000000-000
    Event Type: Informationen
    User: Edem-PC\Administrator
    
    Computer Name: WIN-S4KO49LVV6X
    Event Code: 103
    Message: Windows (3444) Windows: Das Datenbankmodul hat die Instanz (0) beendet.
    Record Number: 1880
    Source Name: ESENT
    Time Written: 20081126065225.000000-000
    Event Type: Informationen
    User: 
    
    Computer Name: WIN-S4KO49LVV6X
    Event Code: 1013
    Message: Der Windows-Suchdienst wurde normal beendet.
    
    Record Number: 1879
    Source Name: Microsoft-Windows-Search
    Time Written: 20081126065225.000000-000
    Event Type: Informationen
    User: 
    
    =====Security event log=====
    
    Computer Name: Edem-PC
    Event Code: 4624
    Message: Ein Konto wurde erfolgreich angemeldet.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-18
    	Kontoname:		EDEM-PC$
    	Kontodomäne:		WORKGROUP
    	Anmelde-ID:		0x3e7
    
    Anmeldetyp:			5
    
    Neue Anmeldung:
    	Sicherheits-ID:		S-1-5-18
    	Kontoname:		SYSTEM
    	Kontodomäne:		NT-AUTORITÄT
    	Anmelde-ID:		0x3e7
    	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}
    
    Prozessinformationen:
    	Prozess-ID:		0x298
    	Prozessname:		C:\Windows\System32\services.exe
    
    Netzwerkinformationen:
    	Arbeitsstationsname:	
    	Quellnetzwerkadresse:	-
    	Quellport:		-
    
    Detaillierte Authentifizierungsinformationen:
    	Anmeldeprozess:		Advapi  
    	Authentifizierungspaket:	Negotiate
    	Übertragene Dienste:	-
    	Paketname (nur NTLM):	-
    	Schlüssellänge:		0
    
    Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
    
    Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
    
    Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
    
    Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
    
    Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
    
    Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
    	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
    	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
    	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
    	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
    Record Number: 7179
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081211220838.090245-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: Edem-PC
    Event Code: 4648
    Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-18
    	Kontoname:		EDEM-PC$
    	Kontodomäne:		WORKGROUP
    	Anmelde-ID:		0x3e7
    	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}
    
    Konto, dessen Anmeldeinformationen verwendet wurden:
    	Kontoname:		SYSTEM
    	Kontodomäne:		NT-AUTORITÄT
    	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}
    
    Zielserver:
    	Zielservername:	localhost
    	Weitere Informationen:	localhost
    
    Prozessinformationen:
    	Prozess-ID:		0x298
    	Prozessname:		C:\Windows\System32\services.exe
    
    Netzwerkinformationen:
    	Netzwerkadresse:	-
    	Port:			-
    
    Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
    Record Number: 7178
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081211220838.090245-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: Edem-PC
    Event Code: 4647
    Message: Benutzerinitiierte Abmeldung:
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-21-4005247752-3487466502-3436956655-1001
    	Kontoname:		Edem
    	Kontodomäne:		Edem-PC
    	Anmelde-ID:		0x240bf
    
    Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
    Record Number: 7177
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081211220835.316009-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: Edem-PC
    Event Code: 4672
    Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-18
    	Kontoname:		SYSTEM
    	Kontodomäne:		NT-AUTORITÄT
    	Anmelde-ID:		0x3e7
    
    Berechtigungen:		SeAssignPrimaryTokenPrivilege
    			SeTcbPrivilege
    			SeSecurityPrivilege
    			SeTakeOwnershipPrivilege
    			SeLoadDriverPrivilege
    			SeBackupPrivilege
    			SeRestorePrivilege
    			SeDebugPrivilege
    			SeAuditPrivilege
    			SeSystemEnvironmentPrivilege
    			SeImpersonatePrivilege
    Record Number: 7176
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081211215720.726373-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: Edem-PC
    Event Code: 4624
    Message: Ein Konto wurde erfolgreich angemeldet.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-18
    	Kontoname:		EDEM-PC$
    	Kontodomäne:		WORKGROUP
    	Anmelde-ID:		0x3e7
    
    Anmeldetyp:			5
    
    Neue Anmeldung:
    	Sicherheits-ID:		S-1-5-18
    	Kontoname:		SYSTEM
    	Kontodomäne:		NT-AUTORITÄT
    	Anmelde-ID:		0x3e7
    	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}
    
    Prozessinformationen:
    	Prozess-ID:		0x298
    	Prozessname:		C:\Windows\System32\services.exe
    
    Netzwerkinformationen:
    	Arbeitsstationsname:	
    	Quellnetzwerkadresse:	-
    	Quellport:		-
    
    Detaillierte Authentifizierungsinformationen:
    	Anmeldeprozess:		Advapi  
    	Authentifizierungspaket:	Negotiate
    	Übertragene Dienste:	-
    	Paketname (nur NTLM):	-
    	Schlüssellänge:		0
    
    Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
    
    Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
    
    Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
    
    Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
    
    Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
    
    Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
    	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
    	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
    	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
    	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
    Record Number: 7175
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081211215720.726373-000
    Event Type: Überwachung erfolgreich
    User: 
    
    ======Environment variables======
    
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\NVIDIA Corporation\PhysX\Common;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "NUMBER_OF_PROCESSORS"=2
    "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
    "DFSTRACINGON"=FALSE
    "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    "RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
    "RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    
    -----------------EOF-----------------

    greetz, edman

  8. #8
    Forenbenutzer
    Registriert seit
    12.02.2010
    Ort
    Köln
    Beiträge
    38

    AW: Bildschirm wird beim Spielen schwarz

    Comofix logs:

    Code:
    ComboFix 10-02-10.05 - Edem 11.02.2010  19:23:44.10.2 - x86
    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.1938 [GMT 1:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
     * Im Speicher befindliches AV aktiv.
    
    .
    
    ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\program files\temp
    
    .
    (((((((((((((((((((((((   Dateien erstellt von 2010-01-11 bis 2010-02-11  ))))))))))))))))))))))))))))))
    .
    
    2010-02-11 18:45 . 2010-02-11 18:45	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2010-02-11 18:45 . 2010-02-11 18:45	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-02-11 18:45 . 2010-02-11 18:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
    2010-02-11 17:56 . 2010-02-11 17:48	318976	----a-w-	c:\windows\system32\CF18509.exe
    2010-02-11 17:15 . 2010-02-04 09:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
    2010-02-11 17:15 . 2010-02-04 09:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
    2010-02-11 17:15 . 2010-02-04 09:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
    2010-02-11 17:15 . 2010-02-04 09:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
    2010-02-10 13:57 . 2009-12-11 11:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
    2010-02-10 13:57 . 2009-12-11 11:43	98816	----a-w-	c:\windows\system32\drivers\srvnet.sys
    2010-02-10 13:57 . 2009-12-08 20:01	3600456	----a-w-	c:\windows\system32\ntkrnlpa.exe
    2010-02-10 13:57 . 2009-12-08 20:01	3548216	----a-w-	c:\windows\system32\ntoskrnl.exe
    2010-02-10 13:57 . 2009-12-08 20:01	904776	----a-w-	c:\windows\system32\drivers\tcpip.sys
    2010-02-10 13:57 . 2009-12-08 17:26	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
    2010-02-10 13:56 . 2009-12-04 18:30	12288	----a-w-	c:\windows\system32\tsbyuv.dll
    2010-02-10 13:56 . 2009-12-04 18:29	1314816	----a-w-	c:\windows\system32\quartz.dll
    2010-02-10 13:56 . 2009-12-04 18:28	22528	----a-w-	c:\windows\system32\msyuv.dll
    2010-02-10 13:56 . 2009-12-04 18:28	31744	----a-w-	c:\windows\system32\msvidc32.dll
    2010-02-10 13:56 . 2009-12-04 18:28	13312	----a-w-	c:\windows\system32\msrle32.dll
    2010-02-10 13:56 . 2009-12-04 18:28	50176	----a-w-	c:\windows\system32\iyuv_32.dll
    2010-02-10 13:56 . 2009-12-04 18:28	123904	----a-w-	c:\windows\system32\msvfw32.dll
    2010-02-10 13:56 . 2009-12-04 18:28	82944	----a-w-	c:\windows\system32\mciavi32.dll
    2010-02-10 13:56 . 2009-12-04 18:27	91136	----a-w-	c:\windows\system32\avifil32.dll
    2010-02-10 13:56 . 2009-12-04 15:56	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-10 13:56 . 2009-12-04 15:56	105984	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
    2010-02-09 19:11 . 2010-02-09 19:11	--------	d-----w-	c:\users\Edem\AppData\Roaming\Sibelius Software
    2010-02-09 19:06 . 2010-02-09 19:06	--------	d-----w-	c:\program files\Sibelius Software
    2010-02-05 19:29 . 2010-02-05 19:29	--------	d-----w-	c:\program files\iPod
    2010-02-05 19:29 . 2010-02-05 19:30	--------	d-----w-	c:\program files\iTunes
    2010-02-05 19:28 . 2010-02-05 19:28	--------	d-----w-	c:\program files\Bonjour
    2010-02-05 17:18 . 2010-01-12 04:03	68200	----a-w-	c:\windows\system32\OpenCL.dll
    2010-02-05 17:18 . 2010-01-12 04:03	11586280	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
    2010-02-05 17:18 . 2010-01-12 04:03	4321384	----a-w-	c:\windows\system32\nvwgf2um.dll
    2010-02-05 17:18 . 2010-01-12 04:03	14924392	----a-w-	c:\windows\system32\nvoglv32.dll
    2010-02-05 17:18 . 2010-01-12 04:03	2243176	----a-w-	c:\windows\system32\nvcuvid.dll
    2010-02-05 17:17 . 2010-01-12 04:03	4077672	----a-w-	c:\windows\system32\nvcuvenc.dll
    2010-02-05 17:17 . 2010-01-12 04:03	4061800	----a-w-	c:\windows\system32\nvcuda.dll
    2010-02-05 17:17 . 2010-01-12 04:03	182888	----a-w-	c:\windows\system32\nvcod189.dll
    2010-02-05 17:17 . 2010-01-12 04:03	11639400	----a-w-	c:\windows\system32\nvcompiler.dll
    2010-02-04 21:42 . 2010-02-10 16:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\vlc
    2010-02-04 21:35 . 2010-02-04 21:35	--------	d-----w-	c:\program files\VideoLAN
    2010-02-04 09:21 . 2010-02-04 09:21	525656	----a-w-	c:\users\Edem\DXSETUP.exe
    2010-02-04 09:21 . 2010-02-04 09:21	94040	----a-w-	c:\users\Edem\DSETUP.dll
    2010-02-04 09:21 . 2010-02-04 09:21	1691480	----a-w-	c:\users\Edem\dsetup32.dll
    2010-01-30 21:33 . 2010-01-05 14:57	545280	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2010-01-30 21:33 . 2010-01-05 14:57	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2010-01-30 21:33 . 2010-01-05 14:57	153600	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2010-01-30 21:33 . 2010-01-05 14:57	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2010-01-30 21:33 . 2010-01-05 14:57	57856	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2010-01-30 21:33 . 2010-01-05 14:57	4725760	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
    2010-01-19 18:05 . 2010-01-19 22:36	--------	d-----w-	C:\DVDVideoSoft
    2010-01-17 13:34 . 2009-11-21 02:34	182888	----a-w-	c:\windows\system32\nvcod178.dll
    2010-01-17 13:34 . 2009-11-21 02:34	182888	----a-w-	c:\windows\system32\nvcod.dll
    2010-01-14 16:00 . 2009-10-19 13:38	156672	----a-w-	c:\windows\system32\t2embed.dll
    2010-01-14 16:00 . 2009-10-19 13:35	72704	----a-w-	c:\windows\system32\fontsub.dll
    16508-12-01 17:49 . 2009-06-04 11:03	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-11 17:36 . 2009-11-17 16:49	--------	d-----w-	c:\program files\Steam
    2010-02-11 17:14 . 2009-03-15 20:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
    2010-02-11 15:55 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2010-02-09 19:11 . 2008-11-28 14:57	131024	----a-w-	c:\users\Edem\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-09 18:18 . 2009-11-28 13:19	--------	d-----w-	c:\users\Edem\AppData\Roaming\Skype
    2010-02-09 18:17 . 2009-11-28 13:25	--------	d-----w-	c:\users\Edem\AppData\Roaming\skypePM
    2010-02-06 23:37 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2010-02-05 19:29 . 2009-09-29 17:57	--------	d-----w-	c:\program files\Common Files\Apple
    2010-02-05 19:28 . 2009-09-29 17:59	--------	d-----w-	c:\program files\QuickTime
    2010-02-05 17:58 . 2009-11-17 16:50	--------	d-----w-	c:\program files\Common Files\Steam
    2010-02-05 17:25 . 2009-03-15 20:31	--------	d-----w-	c:\program files\AGEIA Technologies
    2010-02-05 17:24 . 2009-08-18 18:43	--------	d-----w-	c:\program files\NVIDIA Corporation
    2010-02-04 18:43 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2010-02-04 18:43 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2010-02-04 18:42 . 2008-11-29 11:13	1992	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2010-02-02 19:22 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2010-02-02 19:21 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2010-01-22 11:23 . 2008-03-12 14:33	--------	d-----w-	c:\program files\Microsoft Silverlight
    2010-01-20 19:04 . 2010-01-20 19:04	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2010-01-19 18:00 . 2009-03-02 19:13	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
    2010-01-19 17:57 . 2009-03-02 19:13	--------	d-----w-	c:\program files\DVDVideoSoft
    2010-01-14 10:12 . 2009-10-02 15:45	181120	------w-	c:\windows\system32\MpSigStub.exe
    2010-01-12 04:03 . 2010-02-05 17:18	10920	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
    2010-01-12 04:03 . 2008-03-24 17:52	9388648	----a-w-	c:\windows\system32\nvd3dum.dll
    2010-01-12 04:03 . 2008-03-24 17:52	1280616	----a-w-	c:\windows\system32\nvapi.dll
    2010-01-11 21:18 . 2010-01-11 21:18	962664	----a-w-	c:\windows\system32\nvsvc.dll
    2010-01-11 21:18 . 2010-01-11 21:18	1515112	----a-w-	c:\windows\system32\nvsvcr.dll
    2010-01-11 21:18 . 2010-01-11 21:18	13679720	----a-w-	c:\windows\system32\nvcpl.dll
    2010-01-11 21:18 . 2010-01-11 21:18	129640	----a-w-	c:\windows\system32\nvvsvc.exe
    2010-01-11 21:18 . 2010-01-11 21:18	110696	----a-w-	c:\windows\system32\nvmctray.dll
    2010-01-10 11:25 . 2009-05-07 15:53	--------	d-----w-	c:\program files\Live-Player
    2010-01-07 16:18 . 2009-09-29 18:02	--------	d-----w-	c:\users\Edem\AppData\Roaming\Apple Computer
    2010-01-06 20:53 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2010-01-06 20:52 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2010-01-02 06:38 . 2010-01-22 11:33	916480	----a-w-	c:\windows\system32\wininet.dll
    2010-01-02 06:32 . 2010-01-22 11:33	71680	----a-w-	c:\windows\system32\iesetup.dll
    2010-01-02 06:32 . 2010-01-22 11:33	109056	----a-w-	c:\windows\system32\iesysprep.dll
    2010-01-02 04:57 . 2010-01-22 11:33	133632	----a-w-	c:\windows\system32\ieUnatt.exe
    2009-12-07 16:03 . 2009-03-20 18:28	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys
    2009-12-04 17:26 . 2009-12-30 17:00	297376	----a-w-	c:\windows\system32\FMAPO.dll
    2009-12-04 14:43 . 2009-12-30 17:00	132368	----a-w-	c:\windows\system32\MaxxAudioAPO.dll
    2009-11-30 17:02 . 2009-11-30 17:02	171144	----a-w-	c:\windows\system32\xliveinstall.dll
    2009-11-30 17:02 . 2009-11-30 17:02	72840	----a-w-	c:\windows\system32\xliveinstallhost.exe
    2009-11-28 13:25 . 2009-11-28 13:25	56	---ha-w-	c:\documents and settings\All Users\Application Data\ezsidmv.dat
    2009-11-24 16:40 . 2009-12-30 16:59	838176	----a-w-	c:\windows\RtlExUpd.dll
    2009-11-24 08:55 . 2009-12-30 17:00	345328	----a-w-	c:\windows\system32\SRSTSXT.dll
    2009-11-24 08:55 . 2009-12-30 17:00	185584	----a-w-	c:\windows\system32\SRSTSHD.dll
    2009-11-24 08:55 . 2009-12-30 17:00	173296	----a-w-	c:\windows\system32\SRSHP360.dll
    2009-11-24 08:55 . 2009-12-30 17:00	140528	----a-w-	c:\windows\system32\SRSWOW.dll
    2009-11-21 02:34 . 2009-09-27 22:12	592488	----a-w-	c:\windows\system32\nvudisp.exe
    2009-11-19 20:42 . 2008-03-12 10:52	592488	----a-w-	c:\windows\system32\nvuninst.exe
    2009-11-18 17:42 . 2009-12-30 17:00	1783056	----a-w-	c:\windows\system32\WavesLib.dll
    2009-11-18 17:42 . 2009-12-30 17:00	311568	----a-w-	c:\windows\system32\MaxxAudioAPO20.dll
    2009-11-18 17:42 . 2009-12-30 17:00	1938704	----a-w-	c:\windows\system32\MaxxAudioEQ.dll
    2009-11-17 17:13 . 2009-12-30 16:59	96160	----a-w-	c:\windows\system32\AERTARen.dll
    2009-11-17 17:10 . 2009-12-30 16:59	146336	----a-w-	c:\windows\system32\AERTACap.dll
    2009-11-14 00:47 . 2009-11-14 00:47	856064	----a-w-	c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47 . 2009-11-14 00:47	856064	----a-w-	c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47 . 2009-11-14 00:47	847872	----a-w-	c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47 . 2009-11-14 00:47	843776	----a-w-	c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47 . 2009-11-14 00:47	839680	----a-w-	c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47 . 2009-11-14 00:47	696320	----a-w-	c:\windows\system32\DivX.dll
    2009-08-09 00:11 . 2009-08-09 00:11	10437264	----a-w-	c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2009-11-28 11:10 . 2009-11-28 11:10	107760	----a-w-	c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    .
    
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-06-16 15:22	1144712	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
    
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
    
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Steam"="c:\program files\steam\steam.exe" [2009-11-17 1217808]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-01 520024]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-10 8120864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ACCControl.lnk]
    backup=c:\windows\pss\ACCControl.lnk.CommonStartup
    backupExtension=.CommonStartup
    
    [HKLM\~\startupfolder\C:^Users^Edem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-06 17:51	3885408	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):7c,f0,f3,04,f8,53,ca,01
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 17:21 64160]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 07:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 19:28 108289]
    R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30.05.2008 01:17 208896]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 22:34 1028432]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 21:56 52592]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [11.01.2010 21:00 240232]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 08:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 08:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 07:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 08:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 07:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 07:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 07:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 21:56 10096]
    R3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 13:40 88704]
    R3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 16:30 486912]
    R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 16:30 7680]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 19:46 133104]
    S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 17:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 17:08 533360]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.03.2009 13:48 136704]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 22:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 22:46 27072]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 19:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 10:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 10:40 28800]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 09:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhalt des "geplante Tasks" Ordners
    
    2010-02-11 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2010-02-10 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=0&l=dir
    uInternet Settings,ProxyOverride = *.local
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-11 19:45
    Windows 6.0.6002 Service Pack 2 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:f5,c6,40,94,51,f8,1e,92,e1,89,6d,90,52,8d,31,66,cd,20,3b,88,c9,
       4e,88,a0,c0,c0,ba,1b,51,a7,af,76,a2,35,98,32,d3,be,03,e7,28,cf,98,91,9c,45,\
    "rkeysecu"=hex:f4,6a,3b,5e,a5,70,1e,15,99,81,60,2e,f4,c4,df,1c
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Zeit der Fertigstellung: 2010-02-11  19:46:57
    ComboFix-quarantined-files.txt  2010-02-11 18:46
    ComboFix2.txt  2009-08-03 14:44
    ComboFix3.txt  2009-07-15 21:39
    ComboFix4.txt  2009-07-02 18:18
    ComboFix5.txt  2010-02-11 17:57
    
    Vor Suchlauf: 16 Verzeichnis(se), 77.307.215.872 Bytes frei
    Nach Suchlauf: 21 Verzeichnis(se), 81.229.340.672 Bytes frei
    
    - - End Of File - - B7AA21395E6FBE19872676AD32E3BE18

  9. #9
    Forenbenutzer
    Registriert seit
    12.02.2010
    Ort
    Köln
    Beiträge
    38

    AW: Bildschirm wird beim Spielen schwarz

    Code:
    ComboFix 09-08-02.04 - Edem 03.08.2009 16:39.8.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.2202 [GMT 2:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    
    (((((((((((((((((((((((   Dateien erstellt von 2009-07-03 bis 2009-08-03  ))))))))))))))))))))))))))))))
    .
    
    2009-08-03 14:42 . 2009-08-03 14:42	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2009-08-03 14:42 . 2009-08-03 14:42	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-07-27 17:09 . 2009-07-27 17:09	--------	d-----w-	c:\windows\CheckSur
    2009-07-26 01:51 . 2008-08-12 03:39	443392	----a-w-	c:\windows\system32\win32spl.dll
    2009-07-26 01:35 . 2009-07-26 01:35	--------	d-----w-	c:\users\Edem\AppData\Roaming\Uniblue
    2009-07-15 20:54 . 2009-06-15 15:24	156672	----a-w-	c:\windows\system32\t2embed.dll
    2009-07-15 20:54 . 2009-06-15 15:20	72704	----a-w-	c:\windows\system32\fontsub.dll
    2009-07-15 20:54 . 2009-06-15 15:20	10240	----a-w-	c:\windows\system32\dciman32.dll
    2009-07-15 20:54 . 2009-06-15 12:52	289792	----a-w-	c:\windows\system32\atmfd.dll
    2009-07-15 00:44 . 2009-07-15 00:44	--------	d-----w-	c:\program files\NimoCodec Pack
    2009-07-15 00:44 . 2009-07-15 00:44	--------	d-----w-	c:\windows\system32\quicktime
    2009-07-08 10:54 . 2009-07-06 20:39	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-07-08 10:54 . 2009-07-06 20:39	937984	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-07-08 10:54 . 2009-07-06 20:39	106496	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2009-07-08 10:54 . 2009-07-06 20:39	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-07-08 10:54 . 2009-07-06 20:39	4722688	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-07-08 10:54 . 2009-07-06 20:39	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-07-08 09:56 . 2009-07-08 09:56	--------	d-----w-	c:\program files\Microsoft Xbox 360 Accessories
    16508-12-01 17:49 . 2009-06-04 11:03	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-03 14:08 . 2009-05-29 15:28	1356	----a-w-	c:\users\Edem\AppData\Local\d3d9caps.dat
    2009-08-01 17:44 . 2008-03-12 14:33	--------	d-----w-	c:\program files\Microsoft Silverlight
    2009-08-01 17:15 . 2009-08-01 17:15	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
    2009-07-21 21:52 . 2009-07-28 19:51	915456	----a-w-	c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-28 19:51	109056	----a-w-	c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-28 19:51	71680	----a-w-	c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-28 19:51	133632	----a-w-	c:\windows\system32\ieUnatt.exe
    2009-07-15 21:05 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2009-07-09 12:09 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2009-07-09 12:09 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2009-07-08 09:57 . 2009-07-08 09:57	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
    2009-07-04 07:29 . 2009-04-18 22:17	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-07-03 15:57 . 2008-12-01 17:12	--------	d--h--w-	c:\program files\Temp
    2009-07-03 15:56 . 2008-03-12 10:58	319456	----a-w-	c:\windows\DIFxAPI.dll
    2009-07-03 15:40 . 2008-03-12 10:58	--------	d--h--w-	c:\program files\InstallShield Installation Information
    2009-07-03 15:21 . 2009-06-01 11:05	--------	d-----w-	c:\program files\Activision
    2009-07-02 18:26 . 2009-07-02 18:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
    2009-07-01 15:46 . 2009-03-20 16:21	--------	d-----w-	c:\program files\Password Protect Folders
    2009-07-01 15:43 . 2009-03-15 19:43	--------	d-----w-	c:\program files\Watchmen The End is Nigh
    2009-06-29 17:15 . 2009-06-29 17:15	1878984	----a-w-	c:\users\Edem\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-06-29 13:28 . 2009-07-01 15:47	106496	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
    2009-06-25 21:01 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2009-06-18 19:46 . 2006-11-02 07:26	16496640	----a-w-	c:\windows\system32\imageres.dll
    2009-06-18 19:45 . 2009-06-18 17:48	--------	d-----w-	c:\program files\Stardock
    2009-06-18 19:37 . 2009-06-18 17:48	--------	d-----w-	c:\program files\Common Files\Stardock
    2009-06-18 17:49 . 2009-06-18 17:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Stardock
    2009-06-18 17:04 . 2009-04-09 17:03	--------	d-----w-	c:\program files\Easy-Hide-IP
    2009-06-17 20:23 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2009-06-17 20:23 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2009-06-17 09:27 . 2009-07-02 18:26	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 09:27 . 2009-07-02 18:26	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
    2009-06-16 16:34 . 2009-06-16 16:32	--------	d-----w-	c:\users\Edem\AppData\Roaming\SecondLife
    2009-06-16 16:32 . 2009-06-16 16:31	--------	d-----w-	c:\program files\SecondLife
    2009-06-16 15:35 . 2009-06-06 11:48	--------	d-----w-	c:\program files\ProgDVB
    2009-06-16 15:30 . 2009-06-03 18:33	--------	d-----w-	c:\program files\AnyUtils
    2009-06-14 12:30 . 2008-11-30 11:59	--------	d-----w-	c:\program files\EA Games
    2009-06-13 17:32 . 2009-06-13 17:32	520192	----a-w-	c:\windows\system32\Grand Theft Auto IV Screenshot.scr
    2009-06-11 21:08 . 2008-03-12 11:59	--------	d-----w-	c:\program files\Microsoft Works
    2009-06-06 10:47 . 2008-11-29 11:13	1626	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2009-06-02 18:56 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2009-06-02 18:56 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2009-07-20 05:47 . 2008-11-28 15:12	137208	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    
    (((((((((((((((((((((((((((((   SnapShot_2009-07-15_21.38.35   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-28 21:19 . 2009-07-28 21:19	97280              c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
    + 2009-07-26 01:51 . 2008-08-12 03:25	37888              c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\printcom.dll
    + 2009-07-26 01:51 . 2008-08-12 03:17	37376              c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\printcom.dll
    + 2009-07-26 01:51 . 2008-08-12 03:29	37376              c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\printcom.dll
    + 2009-07-28 19:51 . 2009-07-22 05:58	71680              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iesetup.dll
    + 2009-07-28 19:51 . 2009-07-22 05:58	55808              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iernonce.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	71680              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iesetup.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	55808              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iernonce.dll
    + 2009-07-28 19:51 . 2009-07-22 04:26	13312              c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedssync.exe
    + 2009-07-28 19:51 . 2009-07-22 05:59	55296              c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedsbs.dll
    + 2009-07-28 19:51 . 2009-07-21 20:13	13312              c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedssync.exe
    + 2009-07-28 19:51 . 2009-07-21 21:48	55296              c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedsbs.dll
    + 2009-07-28 19:51 . 2009-07-22 06:03	64512              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\WininetPlugin.dll
    + 2009-07-28 19:51 . 2009-07-22 05:58	25600              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\jsproxy.dll
    + 2009-07-28 19:51 . 2009-07-21 21:52	64512              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\WininetPlugin.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	25600              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\jsproxy.dll
    + 2008-01-21 01:58 . 2009-08-03 13:15	63980              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-08-03 14:09	92084              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-11-28 14:58 . 2009-08-03 14:09	15294              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4005247752-3487466502-3436956655-1001_UserData.bin
    - 2009-06-06 11:39 . 2009-03-08 11:31	13312              c:\windows\System32\msfeedssync.exe
    + 2009-07-28 19:51 . 2009-07-21 20:13	13312              c:\windows\System32\msfeedssync.exe
    - 2009-06-06 11:39 . 2009-03-08 11:31	55296              c:\windows\System32\msfeedsbs.dll
    + 2009-07-28 19:51 . 2009-07-21 21:48	55296              c:\windows\System32\msfeedsbs.dll
    + 2009-07-28 19:51 . 2009-07-21 21:52	64512              c:\windows\System32\migration\WininetPlugin.dll
    - 2009-06-11 14:23 . 2009-05-09 05:50	64512              c:\windows\System32\migration\WininetPlugin.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	25600              c:\windows\System32\jsproxy.dll
    - 2009-06-11 14:23 . 2009-05-09 05:35	25600              c:\windows\System32\jsproxy.dll
    - 2009-06-11 14:23 . 2009-05-09 05:34	55808              c:\windows\System32\iernonce.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	55808              c:\windows\System32\iernonce.dll
    + 2009-04-08 12:29 . 2009-04-08 12:29	56448              c:\windows\System32\DriverStore\FileRepository\xusb21.inf_a8b5dcaa\x86\xusb21.sys
    + 2009-04-08 12:29 . 2009-04-08 12:29	56448              c:\windows\System32\drivers\xusb21.sys
    + 2008-11-28 14:29 . 2009-08-03 14:17	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-07-15 21:04	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-07-15 21:04	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-11-28 14:29 . 2009-08-03 14:17	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-06-06 12:32 . 2009-08-03 14:08	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-06-06 12:32 . 2009-07-15 21:30	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-06-06 12:32 . 2009-07-15 21:30	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-06-06 12:32 . 2009-08-03 14:08	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-06-06 12:32 . 2009-07-15 21:30	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-06-06 12:32 . 2009-08-03 14:08	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2006-11-02 10:25 . 2009-07-08 09:56	86016              c:\windows\inf\infstor.dat
    + 2006-11-02 10:25 . 2009-08-01 17:14	86016              c:\windows\inf\infstor.dat
    + 2006-11-02 10:25 . 2009-08-01 17:14	51200              c:\windows\inf\infpub.dat
    - 2006-11-02 10:25 . 2009-07-08 09:56	51200              c:\windows\inf\infpub.dat
    + 2009-08-03 13:12 . 2009-08-03 14:00	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-07-15 21:26 . 2009-07-15 21:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-07-15 21:26 . 2009-07-15 21:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-08-03 13:12 . 2009-08-03 14:00	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-28 21:19 . 2009-07-28 21:19	159032              c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
    + 2009-07-26 01:51 . 2008-08-12 03:25	443392              c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\win32spl.dll
    + 2009-07-26 01:51 . 2008-08-12 03:39	443392              c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\win32spl.dll
    + 2009-07-26 01:51 . 2008-08-12 03:18	444928              c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\win32spl.dll
    + 2009-07-26 01:51 . 2008-08-12 03:29	441856              c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\win32spl.dll
    + 2009-07-28 19:51 . 2009-07-22 05:58	164352              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieui.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	164352              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieui.dll
    + 2009-07-28 19:51 . 2009-07-22 05:58	109056              c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8\iesysprep.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	109056              c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff\iesysprep.dll
    + 2009-07-28 19:51 . 2009-07-22 04:27	173056              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\ie4uinit.exe
    + 2009-07-28 19:51 . 2009-07-21 20:13	173056              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\ie4uinit.exe
    + 2009-07-28 19:51 . 2009-07-22 06:02	129536              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\sqmapi.dll
    + 2009-07-28 19:51 . 2009-07-21 21:51	129536              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\sqmapi.dll
    + 2009-07-28 19:51 . 2009-07-22 06:01	206848              c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_1a9c2981430b3c56\occache.dll
    + 2009-07-28 19:51 . 2009-07-21 21:50	206848              c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_1a07bcca29f5b87d\occache.dll
    + 2009-07-28 19:51 . 2009-07-22 06:04	638232              c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
    + 2009-07-28 19:51 . 2009-07-22 04:27	133632              c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\ieUnatt.exe
    + 2009-07-28 19:51 . 2009-07-21 21:53	638216              c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
    + 2009-07-28 19:51 . 2009-07-21 20:13	133632              c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\ieUnatt.exe
    + 2009-07-28 19:51 . 2009-07-22 05:58	197632              c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978\IEShims.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	197632              c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f\IEShims.dll
    + 2009-07-28 19:51 . 2009-07-22 05:58	246272              c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a\ieproxy.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	246272              c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31\ieproxy.dll
    + 2009-07-21 21:35 . 2009-06-30 11:31	101376              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22895_none_8405f92d60197b7e\iecompat.dll
    + 2009-07-21 21:35 . 2009-06-30 03:37	101376              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18805_none_83ddad9446b2dd62\iecompat.dll
    + 2009-07-28 19:51 . 2009-07-22 05:59	594432              c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22903_none_435c4ba1695e8b43\msfeeds.dll
    + 2009-07-28 19:51 . 2009-07-21 21:48	594432              c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18813_none_42c7deea5049076a\msfeeds.dll
    + 2009-07-28 19:51 . 2009-07-22 05:58	184320              c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed\iepeers.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	184320              c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14\iepeers.dll
    + 2009-07-28 19:51 . 2009-07-22 05:58	386048              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22903_none_57c62dce86655952\iedkcs32.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	386048              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18813_none_5731c1176d4fd579\iedkcs32.dll
    + 2009-07-28 19:51 . 2009-07-22 06:03	915456              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\wininet.dll
    + 2009-07-28 19:51 . 2009-07-21 21:52	915456              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\wininet.dll
    + 2009-02-12 15:28 . 2009-07-26 04:10	260656              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-28 19:51 . 2009-07-21 21:50	206848              c:\windows\System32\occache.dll
    - 2009-06-06 11:39 . 2009-03-08 11:32	594432              c:\windows\System32\msfeeds.dll
    + 2009-07-28 19:51 . 2009-07-21 21:48	594432              c:\windows\System32\msfeeds.dll
    - 2009-06-11 14:23 . 2009-05-09 05:34	164352              c:\windows\System32\ieui.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	164352              c:\windows\System32\ieui.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	184320              c:\windows\System32\iepeers.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	386048              c:\windows\System32\iedkcs32.dll
    - 2009-06-11 14:23 . 2009-05-09 03:36	173056              c:\windows\System32\ie4uinit.exe
    + 2009-07-28 19:51 . 2009-07-21 20:13	173056              c:\windows\System32\ie4uinit.exe
    + 2009-07-28 21:19 . 2009-07-28 21:19	195584              c:\windows\Installer\583632.msi
    + 2009-07-28 21:19 . 2009-07-28 21:19	248832              c:\windows\Installer\58362c.msi
    + 2009-07-26 01:35 . 2009-07-26 01:35	265216              c:\windows\Installer\12f9fec.msi
    + 2006-11-02 10:25 . 2009-08-01 17:14	143360              c:\windows\inf\infstrng.dat
    - 2006-11-02 10:25 . 2009-07-08 09:56	143360              c:\windows\inf\infstrng.dat
    + 2009-07-28 19:51 . 2009-07-22 05:58	1985536              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\iertutil.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	1985536              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\iertutil.dll
    + 2009-07-28 19:51 . 2009-07-22 05:59	5938176              c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1\mshtml.dll
    + 2009-07-28 19:51 . 2009-07-21 21:48	5937152              c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8\mshtml.dll
    + 2009-07-28 19:51 . 2009-07-22 06:02	1208832              c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22903_none_9858d93105b211f8\urlmon.dll
    + 2009-07-28 19:51 . 2009-07-21 21:52	1208832              c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18813_none_97c46c79ec9c8e1f\urlmon.dll
    + 2008-03-27 21:49 . 2008-03-27 21:49	1112288              c:\windows\System32\WdfCoInstaller01007.dll
    + 2009-07-28 19:51 . 2009-07-21 21:52	1208832              c:\windows\System32\urlmon.dll
    - 2006-11-02 10:22 . 2009-07-15 21:38	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 10:22 . 2009-07-30 21:30	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-28 19:51 . 2009-07-21 21:48	5937152              c:\windows\System32\mshtml.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	1985536              c:\windows\System32\iertutil.dll
    + 2008-03-27 21:49 . 2008-03-27 21:49	1112288              c:\windows\System32\DriverStore\FileRepository\xusb21.inf_a8b5dcaa\x86\WdfCoInstaller01007.dll
    - 2009-06-22 20:13 . 2009-07-15 21:06	4753008              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-06-22 20:13 . 2009-08-02 18:41	4753008              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-28 19:51 . 2009-07-22 05:58	11068416              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieframe.dll
    + 2009-07-28 19:51 . 2009-07-21 21:47	11067392              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieframe.dll
    + 2009-06-03 16:30 . 2009-07-28 21:19	47797516              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
    + 2009-07-28 19:51 . 2009-07-21 21:47	11067392              c:\windows\System32\ieframe.dll
    + 2009-07-22 00:58 . 2009-07-22 00:58	15706112              c:\windows\Installer\c0fb38.msp
    + 2009-08-01 17:10 . 2009-08-01 17:10	15705600              c:\windows\Installer\796b7.msp
    .
    -- Snapshot auf jetziges Datum zurückgesetzt --
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "Uniblue RegistryBooster 2009"="c:\users\edem\downloads\desktop\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-29 516440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    c:\users\Edem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-6-18 728576]
    
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ACCControl.lnk - c:\program files\Universal DVB Receiver\Wizard\AccControl.exe [2008-9-19 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2646394D-E733-439C-83C9-B7CC01B2E1E9}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "UDP Query User{58313528-5373-4943-9A40-0C00310E6112}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "{B41CAFB6-E1EF-422B-B654-506B53E2D099}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{F7B11F93-0C92-4984-817A-CAF83B975F6F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B3E6F6F7-5174-4805-B79E-71DDCD488C14}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{00CD27A8-0340-440F-B89E-6B0EE16C5374}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{3D182488-23A3-45AE-90A1-395FDE232D27}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{F9B9690D-3578-4747-B65E-68835FDF16E7}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{5D1B62F9-0BDE-4955-B392-B8C891CDF752}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{63C2C407-8B8E-4C48-8B52-39E404E8851D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{2B6859F0-CF8B-427B-AD85-DE59B19CAC24}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{FA215510-D03A-405B-BE10-ED052C6B4D5D}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{140D9DF7-23D4-4A64-941F-8471849736A9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{8C58747E-079E-4209-9A47-A341C0BB8F09}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0B4A0B8F-4B88-4B3F-BE26-E390F8B99844}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{26FFC045-E122-4B2B-9A7D-67B421E72580}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{8308432D-4AB3-4AF9-A6AD-0F06CAD4979E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{0D3F5237-D24A-42B7-AC9C-83415EDC6D59}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{DB988C9A-95CC-44EF-997C-3B444D72A89B}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{22B2092C-FE36-4B03-A3A9-074682694CFA}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{E3EBD3B8-231F-4A2B-B7B0-43532C4FF21A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{98408E1B-1AFA-4A9A-85B2-F0AF46B1130E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{5A0C4BD1-6620-4A42-88FC-EC7297C576FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E9B9E188-9C80-4A2A-8E89-FBC096651446}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{4A5B2C63-15D4-4ED0-A316-87B99EB7A29F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A909D77B-C137-4DBA-AAE4-9EE78BC5163F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{218954EB-C383-4AA7-AA02-18D6BF830CD1}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{CECEE2DD-0A59-41DE-BE30-F5FB9B7B65A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{23E1BAC1-04AD-48CE-BBEF-7713D99B2A36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{85DD9BC7-867C-4EB8-9FC1-C0C44447D1AD}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{CCB99321-D246-4CD0-ABC1-460E1FB8AA31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{22AC0706-6B49-4C77-9D94-AAAF5BFAA379}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{FBE9CF26-246A-493E-B8D8-97C31DB1972C}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "TCP Query User{741F3CC3-294E-4C25-9EA1-A4AF5B8A7048}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
    "UDP Query User{820ED1AB-217A-46D3-9555-5186C14002FF}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
    "TCP Query User{38DC76E4-4EF4-4132-B73E-3C4EE179B43C}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
    "UDP Query User{624FEFF5-6B43-4F8D-8FA9-1E306D166C7A}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
    "{83F5908F-2B0D-4485-B4C5-B34B8FF90CB0}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
    "{058BBBAF-19FD-4464-B087-AD95292890A0}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 18:21 64160]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 08:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 20:28 108289]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 22:56 52592]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07.01.2009 15:17 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 09:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 09:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 08:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 09:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 08:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 08:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 08:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 22:56 10096]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 20:46 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 953168]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 18:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
    S3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 14:40 88704]
    S3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 17:30 486912]
    S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 17:30 7680]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 20:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhalt des "geplante Tasks" Ordners
    
    2009-08-03 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2009-07-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-08-03 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=13166&l=dis
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npnul32.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-03 16:42
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    
    c:\users\Edem\AppData\Local\Temp\catchme.dll 53248 bytes executable
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 1
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:43,5d,13,3c,ae,c2,8f,36,9e,dd,df,1e,7f,b2,4f,e6,79,11,ec,3b,b5,
       b6,04,61,52,34,07,6b,4d,06,64,a0,83,f6,a4,d0,4a,bc,16,98,56,02,bf,c0,c4,16,\
    "rkeysecu"=hex:1c,00,a7,68,f2,20,a6,92,47,ed,16,fc,19,83,75,bd
    .
    Zeit der Fertigstellung: 2009-08-03 16:44
    ComboFix-quarantined-files.txt  2009-08-03 14:44
    ComboFix2.txt  2009-07-15 21:39
    ComboFix3.txt  2009-07-02 18:18
    ComboFix4.txt  2009-06-29 15:34
    ComboFix5.txt  2009-08-03 14:37
    
    Vor Suchlauf: 15 Verzeichnis(se), 154.562.834.432 Bytes frei
    Nach Suchlauf: 15 Verzeichnis(se), 156.679.192.576 Bytes frei
    
    431	--- E O F ---	2009-08-01 17:15

    Code:
    ComboFix 09-07-14.08 - Edem 15.07.2009 23:33.7.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.2120 [GMT 2:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    
    (((((((((((((((((((((((   Dateien erstellt von 2009-06-15 bis 2009-07-15  ))))))))))))))))))))))))))))))
    .
    
    2009-07-15 21:38 . 2009-07-15 21:38	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-07-15 20:54 . 2009-06-15 15:24	156672	----a-w-	c:\windows\system32\t2embed.dll
    2009-07-15 20:54 . 2009-06-15 15:20	72704	----a-w-	c:\windows\system32\fontsub.dll
    2009-07-15 20:54 . 2009-06-15 15:20	10240	----a-w-	c:\windows\system32\dciman32.dll
    2009-07-15 20:54 . 2009-06-15 12:52	289792	----a-w-	c:\windows\system32\atmfd.dll
    2009-07-15 00:44 . 2009-07-15 00:44	--------	d-----w-	c:\program files\NimoCodec Pack
    2009-07-15 00:44 . 2009-07-15 00:44	--------	d-----w-	c:\windows\system32\quicktime
    2009-07-08 10:54 . 2009-07-06 20:39	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-07-08 10:54 . 2009-07-06 20:39	937984	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-07-08 10:54 . 2009-07-06 20:39	106496	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2009-07-08 10:54 . 2009-07-06 20:39	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-07-08 10:54 . 2009-07-06 20:39	4722688	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-07-08 10:54 . 2009-07-06 20:39	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-07-08 09:56 . 2009-07-08 09:56	--------	d-----w-	c:\program files\Microsoft Xbox 360 Accessories
    2009-07-03 15:21 . 2009-07-03 15:39	--------	d-----w-	C:\Root
    2009-07-02 18:26 . 2009-06-17 09:27	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-02 18:26 . 2009-07-02 18:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
    2009-07-02 18:26 . 2009-06-17 09:27	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
    2009-07-02 18:17 . 2009-07-15 21:38	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2009-07-01 15:47 . 2009-06-29 13:28	106496	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
    2009-06-29 17:15 . 2009-06-29 17:15	1878984	----a-w-	c:\users\Edem\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-06-18 19:45 . 2009-06-18 19:45	--------	d-----w-	c:\users\Edem\AppData\Local\Stardock
    2009-06-18 17:49 . 2009-06-18 17:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Stardock
    2009-06-18 17:48 . 2009-06-18 19:37	--------	d-----w-	c:\program files\Common Files\Stardock
    2009-06-18 17:48 . 2009-06-18 19:45	--------	d-----w-	c:\program files\Stardock
    2009-06-16 16:32 . 2009-06-16 20:53	--------	d-----w-	c:\users\Edem\AppData\Local\SecondLife
    2009-06-16 16:32 . 2009-06-16 16:34	--------	d-----w-	c:\users\Edem\AppData\Roaming\SecondLife
    2009-06-16 16:31 . 2009-06-16 16:32	--------	d-----w-	c:\program files\SecondLife
    16508-12-01 17:49 . 2009-06-04 11:03	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-15 21:05 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2009-07-09 12:09 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2009-07-09 12:09 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2009-07-08 09:57 . 2009-07-08 09:57	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
    2009-07-04 07:29 . 2009-04-18 22:17	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-07-03 15:57 . 2008-12-01 17:12	--------	d--h--w-	c:\program files\Temp
    2009-07-03 15:56 . 2008-03-12 10:58	319456	----a-w-	c:\windows\DIFxAPI.dll
    2009-07-03 15:40 . 2008-03-12 10:58	--------	d--h--w-	c:\program files\InstallShield Installation Information
    2009-07-03 15:21 . 2009-06-01 11:05	--------	d-----w-	c:\program files\Activision
    2009-07-01 15:46 . 2009-03-20 16:21	--------	d-----w-	c:\program files\Password Protect Folders
    2009-07-01 15:43 . 2009-03-15 19:43	--------	d-----w-	c:\program files\Watchmen The End is Nigh
    2009-06-25 21:01 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2009-06-18 19:46 . 2006-11-02 07:26	16496640	----a-w-	c:\windows\system32\imageres.dll
    2009-06-18 17:04 . 2009-04-09 17:03	--------	d-----w-	c:\program files\Easy-Hide-IP
    2009-06-17 20:23 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2009-06-17 20:23 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2009-06-16 15:35 . 2009-06-06 11:48	--------	d-----w-	c:\program files\ProgDVB
    2009-06-16 15:30 . 2009-06-03 18:33	--------	d-----w-	c:\program files\AnyUtils
    2009-06-14 12:30 . 2008-11-30 11:59	--------	d-----w-	c:\program files\EA Games
    2009-06-13 17:32 . 2009-06-13 17:32	520192	----a-w-	c:\windows\system32\Grand Theft Auto IV Screenshot.scr
    2009-06-11 21:08 . 2008-03-12 11:59	--------	d-----w-	c:\program files\Microsoft Works
    2009-06-06 10:47 . 2008-11-29 11:13	1626	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2009-06-04 11:22 . 2009-03-15 20:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
    2009-06-04 11:22 . 2009-03-15 20:31	--------	d-----w-	c:\program files\AGEIA Technologies
    2009-06-03 09:34 . 2009-04-09 15:02	--------	d-----w-	c:\program files\Hide My IP 2009
    2009-06-03 09:34 . 2009-03-20 16:04	--------	d-----w-	c:\program files\FolderAccess
    2009-06-03 09:33 . 2009-02-27 17:14	--------	d-----w-	c:\program files\Ashampoo
    2009-06-03 09:12 . 2009-06-03 09:12	--------	d-----w-	c:\program files\CCleaner
    2009-06-02 18:56 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2009-06-02 18:56 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2009-05-31 11:06 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2009-05-29 16:22 . 2009-02-27 17:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\Ashampoo
    2009-05-29 15:28 . 2009-05-29 15:28	680	----a-w-	c:\users\Edem\AppData\Local\d3d9caps.dat
    2009-05-18 13:41 . 2009-05-07 15:53	--------	d-----w-	c:\program files\Live-Player
    2009-05-09 05:50 . 2009-06-11 14:23	915456	----a-w-	c:\windows\system32\wininet.dll
    2009-05-09 05:34 . 2009-06-11 14:23	71680	----a-w-	c:\windows\system32\iesetup.dll
    2009-05-01 21:02 . 2009-05-01 21:02	823296	----a-w-	c:\windows\system32\divx_xx0c.dll
    2009-05-01 21:02 . 2009-05-01 21:02	823296	----a-w-	c:\windows\system32\divx_xx07.dll
    2009-05-01 21:02 . 2009-05-01 21:02	815104	----a-w-	c:\windows\system32\divx_xx0a.dll
    2009-05-01 21:02 . 2009-05-01 21:02	811008	----a-w-	c:\windows\system32\divx_xx16.dll
    2009-05-01 21:02 . 2009-05-01 21:02	802816	----a-w-	c:\windows\system32\divx_xx11.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1505824	----a-w-	c:\windows\system32\nvcpluir.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1194528	----a-w-	c:\windows\system32\nvcplui.exe
    2009-04-30 22:08 . 2009-04-30 22:08	1358368	----a-w-	c:\windows\system32\nvsvsr.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1292832	----a-w-	c:\windows\system32\nvsvs.dll
    2009-04-30 20:02 . 2009-04-30 20:02	9850016	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
    2009-04-30 20:02 . 2009-04-30 20:02	663552	----a-w-	c:\windows\system32\nvcuvid.dll
    2009-04-30 20:02 . 2009-04-30 20:02	457248	----a-w-	c:\windows\system32\nvudisp.exe
    2009-04-30 20:02 . 2009-04-30 20:02	3128320	----a-w-	c:\windows\system32\nvwgf2um.dll
    2009-04-30 20:02 . 2009-04-30 20:02	1704960	----a-w-	c:\windows\system32\nvcuda.dll
    2009-04-30 20:02 . 2009-04-30 20:02	143360	----a-w-	c:\windows\system32\nvcod146.dll
    2009-04-30 20:02 . 2009-04-30 20:02	143360	----a-w-	c:\windows\system32\nvcod.dll
    2009-04-30 20:02 . 2009-04-30 20:02	1314816	----a-w-	c:\windows\system32\nvcuvenc.dll
    2009-04-30 20:02 . 2009-04-30 20:02	10366976	----a-w-	c:\windows\system32\nvoglv32.dll
    2009-04-30 20:02 . 2008-03-24 17:52	983552	----a-w-	c:\windows\system32\nvapi.dll
    2009-04-30 20:02 . 2008-03-24 17:52	7593472	----a-w-	c:\windows\system32\nvd3dum.dll
    2009-04-30 12:37 . 2009-06-14 10:16	293376	----a-w-	c:\windows\system32\psisdecd.dll
    2009-04-30 12:37 . 2009-06-14 10:16	428544	----a-w-	c:\windows\system32\EncDec.dll
    2009-04-29 16:21 . 2009-04-29 16:28	15688	----a-w-	c:\windows\system32\lsdelete.exe
    2009-04-29 16:20 . 2009-04-29 16:21	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
    2009-04-27 11:19 . 2009-03-20 18:28	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
    2009-04-27 11:19 . 2009-03-20 18:28	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
    2009-04-26 22:42 . 2008-03-12 10:52	457248	----a-w-	c:\windows\system32\nvuninst.exe
    2009-04-23 12:43 . 2009-06-11 14:23	784896	----a-w-	c:\windows\system32\rpcrt4.dll
    2009-04-23 12:42 . 2009-06-11 14:23	636928	----a-w-	c:\windows\system32\localspl.dll
    2009-04-21 22:20 . 2009-04-21 22:20	14311680	----a-w-	c:\windows\system32\xlive.dll
    2009-04-21 22:20 . 2009-04-21 22:20	13642496	----a-w-	c:\windows\system32\xlivefnt.dll
    2009-04-21 11:55 . 2009-06-11 14:23	2033152	----a-w-	c:\windows\system32\win32k.sys
    2009-06-24 14:27 . 2008-11-28 15:12	137208	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    
    (((((((((((((((((((((((((((((   SnapShot_2009-07-02_18.17.15   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-15 20:54 . 2009-06-15 14:58	23552              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\lpk.dll
    + 2009-07-15 20:54 . 2009-06-15 14:58	72704              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\fontsub.dll
    + 2009-07-15 20:54 . 2009-06-15 14:58	10240              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\dciman32.dll
    + 2009-07-15 20:54 . 2009-06-15 12:45	34304              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmlib.dll
    + 2009-07-15 20:54 . 2009-06-15 14:52	23552              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\lpk.dll
    + 2009-07-15 20:54 . 2009-06-15 14:52	72704              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\fontsub.dll
    + 2009-07-15 20:54 . 2009-06-15 14:51	10240              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\dciman32.dll
    + 2009-07-15 20:54 . 2009-04-11 06:28	34304              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmlib.dll
    + 2009-07-15 20:54 . 2009-06-15 15:22	23552              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\lpk.dll
    + 2009-07-15 20:54 . 2009-06-15 15:20	72704              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\fontsub.dll
    + 2009-07-15 20:54 . 2009-06-15 15:19	10240              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\dciman32.dll
    + 2009-07-15 20:54 . 2009-06-15 15:19	34304              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmlib.dll
    + 2008-01-21 02:24 . 2008-01-21 02:24	23552              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\lpk.dll
    + 2009-07-15 20:54 . 2009-06-15 15:20	72704              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\fontsub.dll
    + 2009-07-15 20:54 . 2009-06-15 15:20	10240              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\dciman32.dll
    + 2006-11-02 08:38 . 2006-11-02 09:46	34304              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmlib.dll
    + 2009-07-15 20:54 . 2009-06-15 15:04	24064              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\lpk.dll
    + 2009-07-15 20:54 . 2009-06-15 15:03	72704              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\fontsub.dll
    + 2009-07-15 20:54 . 2009-06-15 15:02	10240              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\dciman32.dll
    + 2009-07-15 20:54 . 2009-06-15 15:02	34304              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmlib.dll
    + 2009-07-15 20:54 . 2009-06-15 15:23	24064              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\lpk.dll
    + 2009-07-15 20:54 . 2009-06-15 15:22	72704              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\fontsub.dll
    + 2009-07-15 20:54 . 2009-06-15 15:21	10240              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\dciman32.dll
    + 2009-07-15 20:54 . 2009-06-15 15:20	34304              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmlib.dll
    + 2008-01-21 01:58 . 2009-07-15 21:28	62540              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-07-15 21:28	92044              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-11-28 14:58 . 2009-07-15 20:49	15206              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4005247752-3487466502-3436956655-1001_UserData.bin
    + 2002-07-29 16:15 . 2002-07-29 16:15	61440              c:\windows\System32\SimpleResize.dll
    + 1999-06-23 23:47 . 1999-06-23 23:47	19968              c:\windows\System32\RaMp3Cfg.exe
    + 2002-04-01 22:15 . 2002-04-01 22:15	11264              c:\windows\System32\ogg.dll
    + 2002-05-15 23:38 . 2002-05-15 23:38	91136              c:\windows\System32\mp4fil32.dll
    + 2007-02-27 01:15 . 2007-02-27 01:15	61984              c:\windows\System32\DriverStore\FileRepository\xusb21.inf_c287d6fe\x86\xusb21.sys
    + 2007-02-27 01:15 . 2007-02-27 01:15	61984              c:\windows\System32\drivers\xusb21.sys
    - 2008-11-28 14:29 . 2009-07-02 16:05	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-11-28 14:29 . 2009-07-15 21:04	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-07-02 16:05	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-11-28 14:29 . 2009-07-15 21:04	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2002-05-04 13:19 . 2002-05-04 13:19	49152              c:\windows\System32\avisynthEx.dll
    + 2009-06-06 12:32 . 2009-07-15 21:30	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-06-06 12:32 . 2009-06-12 18:02	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-06-06 12:32 . 2009-07-15 21:30	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-06-06 12:32 . 2009-06-12 18:02	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-06-06 12:32 . 2009-06-12 18:02	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-06-06 12:32 . 2009-07-15 21:30	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-08 09:56 . 2009-07-08 09:56	25214              c:\windows\Installer\{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}\Checker.exe
    + 2009-07-03 15:40 . 2009-07-03 15:40	11502              c:\windows\Installer\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\ARPPRODUCTICON.exe
    + 2006-11-02 10:25 . 2009-07-08 09:56	86016              c:\windows\inf\infstor.dat
    - 2006-11-02 10:25 . 2009-06-04 11:20	86016              c:\windows\inf\infstor.dat
    + 2006-11-02 10:25 . 2009-07-08 09:56	51200              c:\windows\inf\infpub.dat
    - 2006-11-02 10:25 . 2009-06-04 11:20	51200              c:\windows\inf\infpub.dat
    - 2009-06-03 10:19 . 2009-06-03 10:19	12800              c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	12800              c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	53248              c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	53248              c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2009-07-02 18:08 . 2009-07-02 18:08	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-07-15 21:26 . 2009-07-15 21:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-07-02 18:08 . 2009-07-02 18:08	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-15 21:26 . 2009-07-15 21:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-15 20:54 . 2009-06-15 12:45	289792              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmfd.dll
    + 2009-07-15 20:54 . 2009-06-15 12:42	289792              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmfd.dll
    + 2009-07-15 20:54 . 2009-06-15 12:56	289792              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmfd.dll
    + 2009-07-15 20:54 . 2009-06-15 12:52	289792              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmfd.dll
    + 2009-07-15 20:54 . 2009-06-15 12:53	289792              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmfd.dll
    + 2009-07-15 20:54 . 2009-06-15 13:03	289792              c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmfd.dll
    + 2009-07-15 20:54 . 2009-06-15 15:00	156672              c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22152_none_b7fc28a4355e72c9\t2embed.dll
    + 2009-07-15 20:54 . 2009-06-15 14:53	156672              c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8\t2embed.dll
    + 2009-07-15 20:54 . 2009-06-15 15:26	156672              c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22450_none_b613b6283839eaf7\t2embed.dll
    + 2009-07-15 20:54 . 2009-06-15 15:24	156672              c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18272_none_b57678331f2ab896\t2embed.dll
    + 2009-07-15 20:54 . 2009-06-15 15:09	156160              c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21067_none_b4297fd83b155d73\t2embed.dll
    + 2009-07-15 20:54 . 2009-06-15 15:29	156160              c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16870_none_b38e38f92205f4f7\t2embed.dll
    + 2009-02-12 15:28 . 2009-07-09 20:57	259314              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2002-04-01 22:16 . 2002-04-01 22:16	454656              c:\windows\System32\VorbisEnc.dll
    + 2002-04-01 22:16 . 2002-04-01 22:16	118784              c:\windows\System32\vorbis.dll
    + 2002-08-11 11:48 . 2002-08-11 11:48	339968              c:\windows\System32\vobsub.dll
    + 2002-02-21 16:41 . 2002-02-21 16:41	157184              c:\windows\System32\unrar.dll
    - 2006-11-02 10:33 . 2009-07-02 18:15	586980              c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-07-09 12:09	586980              c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-07-09 12:09	101052              c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-07-02 18:15	101052              c:\windows\System32\perfc009.dat
    + 2002-04-21 18:30 . 2002-04-21 18:30	151552              c:\windows\System32\OggDS.dll
    + 2002-01-05 03:37 . 2002-01-05 03:37	344064              c:\windows\System32\msvcr70.dll
    - 2009-03-02 19:13 . 2002-01-05 13:37	344064              c:\windows\System32\msvcr70.dll
    + 2001-04-01 23:47 . 2001-04-01 23:47	416304              c:\windows\System32\Mpg4c32.dll
    + 2001-06-22 11:06 . 2001-06-22 11:06	167936              c:\windows\System32\MPEG2DEC.dll
    + 2002-04-19 14:23 . 2002-04-19 14:23	106137              c:\windows\System32\libpostproc.dll
    + 2002-04-19 13:51 . 2002-04-19 13:51	211760              c:\windows\System32\libavcodec.dll
    - 2006-11-02 12:47 . 2009-06-12 17:59	333296              c:\windows\System32\FNTCACHE.DAT
    + 2006-11-02 12:47 . 2009-07-15 21:26	333296              c:\windows\System32\FNTCACHE.DAT
    + 2002-05-13 13:49 . 2002-05-13 13:49	594432              c:\windows\System32\DivX.dll
    + 2002-08-07 11:26 . 2002-08-07 11:26	339968              c:\windows\System32\avisynth.dll
    + 2009-07-08 09:56 . 2009-07-08 09:56	439926              c:\windows\Installer\{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}\XBoxStat.exe
    + 2006-11-02 10:25 . 2009-07-08 09:56	143360              c:\windows\inf\infstrng.dat
    - 2006-11-02 10:25 . 2009-06-04 11:20	143360              c:\windows\inf\infstrng.dat
    + 2009-07-03 15:41 . 2009-07-03 15:41	223232              c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	223232              c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	178176              c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	178176              c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	364544              c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	364544              c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	159232              c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	159232              c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	145920              c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	145920              c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:40 . 2009-07-03 15:40	577024              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	577024              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	576000              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:40 . 2009-07-03 15:40	576000              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	567296              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:40 . 2009-07-03 15:40	567296              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:18 . 2009-06-03 10:18	563712              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:40 . 2009-07-03 15:40	563712              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:41 . 2009-07-03 15:41	473600              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    - 2009-06-03 10:19 . 2009-06-03 10:19	473600              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2009-07-15 20:54 . 2009-06-17 08:02	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22160_none_f4b74f0181eee730\OESpamFilter.dat
    + 2009-07-15 20:54 . 2009-06-17 07:35	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18056_none_f43e83de68c3c37f\OESpamFilter.dat
    + 2009-07-15 20:54 . 2009-06-17 07:30	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22459_none_f2e4af9f84b85a2a\OESpamFilter.dat
    + 2009-07-15 20:54 . 2009-06-17 07:35	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18278_none_f24470cc6babdbc4\OESpamFilter.dat
    + 2009-07-15 20:54 . 2009-06-17 07:35	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21074_none_f0e3a5eb87a6b883\OESpamFilter.dat
    + 2009-07-15 20:54 . 2009-06-17 07:36	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16876_none_f05c31926e871825\OESpamFilter.dat
    + 2007-02-27 01:15 . 2007-02-27 01:15	1421216              c:\windows\System32\WdfCoInstaller01001.dll
    - 2006-11-02 10:22 . 2009-06-24 20:47	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 10:22 . 2009-07-15 21:38	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2007-02-27 01:15 . 2007-02-27 01:15	1421216              c:\windows\System32\DriverStore\FileRepository\xusb21.inf_c287d6fe\x86\WdfCoInstaller01001.dll
    + 2009-06-22 20:13 . 2009-07-15 21:06	4753008              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-08 09:56 . 2009-07-08 09:56	1181184              c:\windows\Installer\ce7f9.msi
    + 2009-07-03 15:40 . 2009-07-03 15:40	2846720              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:18 . 2009-06-03 10:18	2846720              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-06-03 10:18 . 2009-06-03 10:18	2676224              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-07-03 15:40 . 2009-07-03 15:40	2676224              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 16:30 . 2009-07-15 21:04	61111406              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
    + 2006-11-02 10:24 . 2009-07-07 15:10	24539592              c:\windows\System32\mrt.exe
    + 2009-07-03 15:39 . 2009-07-03 15:40	25352192              c:\windows\Installer\70c08.msi
    .
    -- Snapshot auf jetziges Datum zurückgesetzt --
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-29 516440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    c:\users\Edem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-6-18 728576]
    
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ACCControl.lnk - c:\program files\Universal DVB Receiver\Wizard\AccControl.exe [2008-9-19 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2646394D-E733-439C-83C9-B7CC01B2E1E9}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "UDP Query User{58313528-5373-4943-9A40-0C00310E6112}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "{B41CAFB6-E1EF-422B-B654-506B53E2D099}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{F7B11F93-0C92-4984-817A-CAF83B975F6F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B3E6F6F7-5174-4805-B79E-71DDCD488C14}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{00CD27A8-0340-440F-B89E-6B0EE16C5374}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{3D182488-23A3-45AE-90A1-395FDE232D27}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{F9B9690D-3578-4747-B65E-68835FDF16E7}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{5D1B62F9-0BDE-4955-B392-B8C891CDF752}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{63C2C407-8B8E-4C48-8B52-39E404E8851D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{2B6859F0-CF8B-427B-AD85-DE59B19CAC24}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{FA215510-D03A-405B-BE10-ED052C6B4D5D}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{140D9DF7-23D4-4A64-941F-8471849736A9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{8C58747E-079E-4209-9A47-A341C0BB8F09}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0B4A0B8F-4B88-4B3F-BE26-E390F8B99844}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{26FFC045-E122-4B2B-9A7D-67B421E72580}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{8308432D-4AB3-4AF9-A6AD-0F06CAD4979E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{0D3F5237-D24A-42B7-AC9C-83415EDC6D59}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{DB988C9A-95CC-44EF-997C-3B444D72A89B}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{22B2092C-FE36-4B03-A3A9-074682694CFA}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{E3EBD3B8-231F-4A2B-B7B0-43532C4FF21A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{98408E1B-1AFA-4A9A-85B2-F0AF46B1130E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{5A0C4BD1-6620-4A42-88FC-EC7297C576FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E9B9E188-9C80-4A2A-8E89-FBC096651446}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{4A5B2C63-15D4-4ED0-A316-87B99EB7A29F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A909D77B-C137-4DBA-AAE4-9EE78BC5163F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{218954EB-C383-4AA7-AA02-18D6BF830CD1}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{CECEE2DD-0A59-41DE-BE30-F5FB9B7B65A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{23E1BAC1-04AD-48CE-BBEF-7713D99B2A36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{85DD9BC7-867C-4EB8-9FC1-C0C44447D1AD}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{CCB99321-D246-4CD0-ABC1-460E1FB8AA31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{22AC0706-6B49-4C77-9D94-AAAF5BFAA379}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{FBE9CF26-246A-493E-B8D8-97C31DB1972C}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "TCP Query User{741F3CC3-294E-4C25-9EA1-A4AF5B8A7048}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
    "UDP Query User{820ED1AB-217A-46D3-9555-5186C14002FF}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
    "TCP Query User{38DC76E4-4EF4-4132-B73E-3C4EE179B43C}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
    "UDP Query User{624FEFF5-6B43-4F8D-8FA9-1E306D166C7A}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
    "{83F5908F-2B0D-4485-B4C5-B34B8FF90CB0}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
    "{058BBBAF-19FD-4464-B087-AD95292890A0}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 18:21 64160]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 08:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 20:28 108289]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 22:56 52592]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07.01.2009 15:17 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 09:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 09:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 08:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 09:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 08:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 08:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 08:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 22:56 10096]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 20:46 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 953168]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 18:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
    S3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 14:40 88704]
    S3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 17:30 486912]
    S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 17:30 7680]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 20:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhalt des "geplante Tasks" Ordners
    
    2009-07-15 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2009-07-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2009-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-07-15 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=13166&l=dis
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-15 23:38
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:2d,d0,ed,b7,4e,9d,8d,9a,5e,28,f6,f4,8f,bc,60,13,fa,37,10,23,03,
       17,a3,39,61,c2,3a,7b,50,b8,85,ec,1d,79,a4,b1,51,91,ad,56,18,30,bd,17,c8,3d,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    Zeit der Fertigstellung: 2009-07-15 23:39
    ComboFix-quarantined-files.txt  2009-07-15 21:39
    ComboFix2.txt  2009-07-02 18:18
    ComboFix3.txt  2009-06-29 15:34
    ComboFix4.txt  2009-06-14 10:57
    ComboFix5.txt  2009-07-15 21:32
    
    Vor Suchlauf: 15 Verzeichnis(se), 30.247.964.672 Bytes frei
    Nach Suchlauf: 15 Verzeichnis(se), 30.228.877.312 Bytes frei
    
    485	--- E O F ---	2009-07-15 21:05
    Code:
    ComboFix 09-05-31.05 - Edem 01.06.2009 12:19.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.1809 [GMT 2:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
     * Im Speicher befindliches AV aktiv.
    
    .
    
    ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\users\Edem\AppData\Local\ssqgw.dat
    c:\users\Edem\AppData\Local\ssqgw_nav.dat
    c:\users\Edem\AppData\Local\ssqgw_navps.dat
    c:\windows\system32\ahtn.htm
    c:\windows\system32\drivers\ovfsthxmfbppxrt.sys
    c:\windows\system32\lmn_setup.exe
    c:\windows\system32\lmppcsetup.exe
    c:\windows\system32\ovfsthxdcieeclh.dat
    c:\windows\system32\ovfsthxpbkpoonv.dat
    c:\windows\system32\ovfsthxqeiirjgi.dll
    c:\windows\system32\ovfsthxuhnbtimx.dll
    c:\windows\system32\ovfsthxxuyyoubv.dll
    c:\windows\system32\p2hhr.bat
    c:\windows\system32\uniq.tll
    c:\windows\system32\warning.gif
    
    .
    (((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    -------\Service_ovfsthxtjrroqtq
    
    
    (((((((((((((((((((((((   Dateien erstellt von 2009-05-01 bis 2009-06-01  ))))))))))))))))))))))))))))))
    .
    
    2009-06-01 10:25 . 2009-06-01 10:26	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2009-05-31 19:01 . 2009-05-31 19:01	--------	d-----w-	C:\rsit
    2009-05-31 16:21 . 2009-05-31 18:07	107218	----a-w-	c:\windows\system32\vic_setup.exe
    2009-05-29 15:28 . 2009-05-29 15:28	680	----a-w-	c:\users\Edem\AppData\Local\d3d9caps.dat
    2009-05-14 16:01 . 2009-02-05 20:06	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
    2009-05-14 16:01 . 2009-02-05 20:06	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
    2009-05-14 16:01 . 2009-02-05 20:04	97480	----a-w-	c:\windows\system32\AvastSS.scr
    2009-05-14 16:01 . 2009-02-05 20:07	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
    2009-05-14 16:01 . 2009-02-05 20:07	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
    2009-05-14 16:00 . 2009-02-05 20:11	1256296	----a-w-	c:\windows\system32\aswBoot.exe
    2009-05-14 16:00 . 2009-02-05 20:06	51792	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
    2009-05-14 16:00 . 2009-05-14 16:00	--------	d-----w-	c:\program files\Alwil Software
    2009-05-12 18:30 . 2009-05-12 18:30	--------	d-----w-	c:\program files\Serials World
    2009-05-07 15:53 . 2009-05-07 15:53	--------	d-----w-	c:\users\Edem\AppData\Roaming\live-player
    2009-05-07 15:53 . 2009-05-29 15:30	87	----a-w-	c:\users\Edem\AppData\Local\ksgwm.bat
    2009-05-07 15:53 . 2009-05-18 13:41	--------	d-----w-	c:\program files\Live-Player
    2009-05-06 16:48 . 2009-05-06 16:48	--------	d-----w-	C:\adaptec
    2009-05-06 16:41 . 2009-05-06 16:49	--------	d-----w-	c:\users\Edem\AppData\Roaming\DeepBurner
    2009-05-06 16:41 . 2009-05-06 16:41	--------	d-----w-	c:\program files\Astonsoft
    2009-05-06 16:21 . 2009-05-06 16:21	--------	d-----w-	c:\users\Edem\AppData\Local\MicroVision Applications
    16508-12-01 17:49 . 2009-02-27 21:20	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-31 17:17 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2009-05-31 17:17 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2009-05-31 11:06 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2009-05-29 16:22 . 2009-02-27 17:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\Ashampoo
    2009-05-29 16:20 . 2009-02-27 17:14	--------	d-----w-	c:\program files\Ashampoo
    2009-05-29 15:28 . 2009-04-18 22:17	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-05-23 19:24 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2009-05-12 15:37 . 2009-04-28 17:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
    2009-05-05 20:12 . 2008-11-28 20:27	--------	d-----w-	c:\program files\Java
    2009-05-05 19:06 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2009-05-05 19:06 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2009-04-29 16:21 . 2009-04-29 16:28	15688	----a-w-	c:\windows\system32\lsdelete.exe
    2009-04-29 16:20 . 2009-04-29 16:21	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
    2009-04-29 16:19 . 2009-04-29 16:19	--------	d-----w-	c:\program files\Lavasoft
    2009-04-28 17:00 . 2009-04-28 17:00	--------	d-----w-	c:\users\Edem\AppData\Roaming\Malwarebytes
    2009-04-28 16:49 . 2009-04-28 16:49	--------	d-----w-	c:\program files\a-squared HiJackFree
    2009-04-27 11:19 . 2009-03-20 18:28	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
    2009-04-27 11:19 . 2009-03-20 18:28	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
    2009-04-18 09:08 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2009-04-12 17:54 . 2009-04-18 22:18	954368	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-04-12 17:54 . 2009-04-18 22:18	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-04-12 17:54 . 2009-04-18 22:18	71652	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
    2009-04-12 17:54 . 2009-04-18 22:18	4534272	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-04-12 17:54 . 2009-04-18 22:18	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-04-12 17:54 . 2009-04-18 22:18	131868	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
    2009-04-12 17:54 . 2009-04-18 22:18	1161626	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
    2009-04-12 17:54 . 2009-04-18 22:18	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-04-09 17:03 . 2009-04-09 17:03	--------	d-----w-	c:\program files\Easy-Hide-IP
    2009-04-09 16:53 . 2009-04-09 16:52	--------	d-----w-	c:\program files\Hide IP Platinum
    2009-04-09 16:52 . 2009-04-09 16:52	827377	----a-w-	c:\users\Edem\EmiycLwG.exe
    2009-04-09 15:02 . 2009-04-09 15:02	--------	d-----w-	c:\program files\Hide My IP 2009
    2009-04-09 14:53 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2009-04-09 14:52 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2009-04-06 13:32 . 2009-04-28 17:00	38496	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 13:32 . 2009-04-28 17:00	15504	----a-w-	c:\windows\system32\drivers\mbam.sys
    2009-04-03 19:21 . 2008-11-30 11:59	--------	d-----w-	c:\program files\EA Games
    2009-03-23 15:56 . 2009-03-23 15:56	14312704	----a-w-	c:\windows\system32\xlive.dll
    2009-03-23 15:56 . 2009-03-23 15:56	13642512	----a-w-	c:\windows\system32\xlivefnt.dll
    2009-03-20 21:06 . 2008-11-29 11:13	1626	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2009-03-20 16:10 . 2008-11-28 14:57	84792	----a-w-	c:\users\Edem\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-03-17 03:38 . 2009-04-17 13:02	13824	----a-w-	c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-17 13:02	24064	----a-w-	c:\windows\system32\amxread.dll
    2009-03-09 03:19 . 2008-11-28 20:28	410984	----a-w-	c:\windows\system32\deploytk.dll
    2009-02-24 19:34 . 2009-02-24 19:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
    2004-06-01 15:22 . 2004-06-01 15:22	122880	--sha-w-	c:\windows\System32\ppfsys.exe
    .
    
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-29 516440]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ACCControl.lnk - c:\program files\Universal DVB Receiver\Wizard\AccControl.exe [2008-9-19 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2646394D-E733-439C-83C9-B7CC01B2E1E9}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "UDP Query User{58313528-5373-4943-9A40-0C00310E6112}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "{B41CAFB6-E1EF-422B-B654-506B53E2D099}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{F7B11F93-0C92-4984-817A-CAF83B975F6F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B3E6F6F7-5174-4805-B79E-71DDCD488C14}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{00CD27A8-0340-440F-B89E-6B0EE16C5374}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{3D182488-23A3-45AE-90A1-395FDE232D27}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{F9B9690D-3578-4747-B65E-68835FDF16E7}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{5D1B62F9-0BDE-4955-B392-B8C891CDF752}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{63C2C407-8B8E-4C48-8B52-39E404E8851D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{2B6859F0-CF8B-427B-AD85-DE59B19CAC24}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{FA215510-D03A-405B-BE10-ED052C6B4D5D}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{140D9DF7-23D4-4A64-941F-8471849736A9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{8C58747E-079E-4209-9A47-A341C0BB8F09}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0B4A0B8F-4B88-4B3F-BE26-E390F8B99844}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{26FFC045-E122-4B2B-9A7D-67B421E72580}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{8308432D-4AB3-4AF9-A6AD-0F06CAD4979E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{0D3F5237-D24A-42B7-AC9C-83415EDC6D59}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{DB988C9A-95CC-44EF-997C-3B444D72A89B}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{22B2092C-FE36-4B03-A3A9-074682694CFA}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{E3EBD3B8-231F-4A2B-B7B0-43532C4FF21A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{98408E1B-1AFA-4A9A-85B2-F0AF46B1130E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{5A0C4BD1-6620-4A42-88FC-EC7297C576FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E9B9E188-9C80-4A2A-8E89-FBC096651446}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{4A5B2C63-15D4-4ED0-A316-87B99EB7A29F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A909D77B-C137-4DBA-AAE4-9EE78BC5163F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{218954EB-C383-4AA7-AA02-18D6BF830CD1}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{CECEE2DD-0A59-41DE-BE30-F5FB9B7B65A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{23E1BAC1-04AD-48CE-BBEF-7713D99B2A36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{85DD9BC7-867C-4EB8-9FC1-C0C44447D1AD}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{CCB99321-D246-4CD0-ABC1-460E1FB8AA31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{22AC0706-6B49-4C77-9D94-AAAF5BFAA379}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{FBE9CF26-246A-493E-B8D8-97C31DB1972C}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "TCP Query User{741F3CC3-294E-4C25-9EA1-A4AF5B8A7048}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
    "UDP Query User{820ED1AB-217A-46D3-9555-5186C14002FF}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 18:21 64160]
    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [14.05.2009 18:01 114768]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 08:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 20:28 108289]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [14.05.2009 18:01 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [14.05.2009 18:00 51792]
    R2 EasyHideIP;EasyHideIP;c:\program files\Easy-Hide-IP\services\EasyHideIp.exe [09.04.2009 19:03 45056]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 953168]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 22:56 52592]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07.01.2009 15:17 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 09:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 09:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 08:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 09:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 08:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 08:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 08:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 22:56 10096]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 20:46 133104]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 18:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [28.04.2009 19:00 38496]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
    S3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 14:40 88704]
    S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [09.04.2009 17:02 532784]
    S3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 17:30 486912]
    S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 17:30 7680]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 20:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhalt des "geplante Tasks" Ordners
    
    2009-06-01 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2009-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:20]
    
    2009-06-01 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2009-06-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-05-31 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    
    HKCU-Run-ssqgw - c:\users\edem\appdata\local\ssqgw.exe
    SafeBoot-procexp90.Sys
    
    
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=13166&l=dis
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-01 12:26
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:b2,5b,80,70,21,98,99,c4,b5,44,09,62,f9,bf,9a,be,cc,26,58,39,27,
       66,8e,5c,f2,31,c1,51,59,45,ec,5b,12,95,82,40,e3,d4,c9,66,aa,84,13,43,63,c9,\
    "rkeysecu"=hex:93,18,8c,57,ee,f4,71,7f,34,25,18,1d,e5,b9,a5,d4
    .
    Zeit der Fertigstellung: 2009-06-01 12:27
    ComboFix-quarantined-files.txt  2009-06-01 10:27
    
    Vor Suchlauf: 21 Verzeichnis(se), 77.339.488.256 Bytes frei
    Nach Suchlauf: 20 Verzeichnis(se), 77.281.267.712 Bytes frei
    
    300	--- E O F ---	2009-06-01 10:04
    ComboFix 09-05-31.06 - Edem 01.06.2009 20:22.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.1980 [GMT 2:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    Benutzte Befehlsschalter :: c:\users\Edem\Downloads\Desktop\CFScript.txt
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    
    FILE ::
    "c:\users\Edem\AppData\Local\ksgwm.bat"
    "c:\windows\ckwgvhf.txt"
    .
    
    ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\users\Edem\AppData\Local\ksgwm.bat
    
    .
    (((((((((((((((((((((((   Dateien erstellt von 2009-05-01 bis 2009-06-01  ))))))))))))))))))))))))))))))
    .
    
    2009-06-01 18:26 . 2009-06-01 18:26	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2009-06-01 18:26 . 2009-06-01 18:26	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-06-01 16:07 . 2009-05-26 11:20	40160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-01 16:07 . 2009-05-26 11:19	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
    2009-06-01 16:07 . 2009-06-01 16:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
    2009-06-01 11:05 . 2009-06-01 18:00	--------	d-----w-	c:\program files\Activision
    2009-05-31 19:01 . 2009-05-31 19:01	--------	d-----w-	C:\rsit
    2009-05-29 15:28 . 2009-05-29 15:28	680	----a-w-	c:\users\Edem\AppData\Local\d3d9caps.dat
    2009-05-14 16:01 . 2009-02-05 20:06	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
    2009-05-14 16:01 . 2009-02-05 20:06	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
    2009-05-14 16:01 . 2009-02-05 20:04	97480	----a-w-	c:\windows\system32\AvastSS.scr
    2009-05-14 16:01 . 2009-02-05 20:07	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
    2009-05-14 16:01 . 2009-02-05 20:07	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
    2009-05-14 16:00 . 2009-02-05 20:11	1256296	----a-w-	c:\windows\system32\aswBoot.exe
    2009-05-14 16:00 . 2009-02-05 20:06	51792	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
    2009-05-14 16:00 . 2009-05-14 16:00	--------	d-----w-	c:\program files\Alwil Software
    2009-05-12 18:30 . 2009-05-12 18:30	--------	d-----w-	c:\program files\Serials World
    2009-05-07 15:53 . 2009-05-07 15:53	--------	d-----w-	c:\users\Edem\AppData\Roaming\live-player
    2009-05-07 15:53 . 2009-05-18 13:41	--------	d-----w-	c:\program files\Live-Player
    2009-05-06 16:48 . 2009-05-06 16:48	--------	d-----w-	C:\adaptec
    2009-05-06 16:41 . 2009-05-06 16:49	--------	d-----w-	c:\users\Edem\AppData\Roaming\DeepBurner
    2009-05-06 16:41 . 2009-05-06 16:41	--------	d-----w-	c:\program files\Astonsoft
    2009-05-06 16:21 . 2009-05-06 16:21	--------	d-----w-	c:\users\Edem\AppData\Local\MicroVision Applications
    16508-12-01 17:49 . 2009-02-27 21:20	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-31 17:17 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2009-05-31 17:17 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2009-05-31 11:06 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2009-05-29 16:22 . 2009-02-27 17:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\Ashampoo
    2009-05-29 16:20 . 2009-02-27 17:14	--------	d-----w-	c:\program files\Ashampoo
    2009-05-29 15:28 . 2009-04-18 22:17	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-05-23 19:24 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2009-05-05 20:12 . 2008-11-28 20:27	--------	d-----w-	c:\program files\Java
    2009-05-05 19:06 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2009-05-05 19:06 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2009-04-29 16:21 . 2009-04-29 16:28	15688	----a-w-	c:\windows\system32\lsdelete.exe
    2009-04-29 16:20 . 2009-04-29 16:21	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
    2009-04-29 16:19 . 2009-04-29 16:19	--------	d-----w-	c:\program files\Lavasoft
    2009-04-28 17:00 . 2009-04-28 17:00	--------	d-----w-	c:\users\Edem\AppData\Roaming\Malwarebytes
    2009-04-28 16:49 . 2009-04-28 16:49	--------	d-----w-	c:\program files\a-squared HiJackFree
    2009-04-27 11:19 . 2009-03-20 18:28	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
    2009-04-27 11:19 . 2009-03-20 18:28	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
    2009-04-18 09:08 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2009-04-12 17:54 . 2009-04-18 22:18	954368	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-04-12 17:54 . 2009-04-18 22:18	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-04-12 17:54 . 2009-04-18 22:18	71652	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
    2009-04-12 17:54 . 2009-04-18 22:18	4534272	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-04-12 17:54 . 2009-04-18 22:18	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-04-12 17:54 . 2009-04-18 22:18	131868	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
    2009-04-12 17:54 . 2009-04-18 22:18	1161626	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
    2009-04-12 17:54 . 2009-04-18 22:18	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-04-09 17:03 . 2009-04-09 17:03	--------	d-----w-	c:\program files\Easy-Hide-IP
    2009-04-09 16:53 . 2009-04-09 16:52	--------	d-----w-	c:\program files\Hide IP Platinum
    2009-04-09 16:52 . 2009-04-09 16:52	827377	----a-w-	c:\users\Edem\EmiycLwG.exe
    2009-04-09 15:02 . 2009-04-09 15:02	--------	d-----w-	c:\program files\Hide My IP 2009
    2009-04-09 14:53 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2009-04-09 14:52 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2009-04-03 19:21 . 2008-11-30 11:59	--------	d-----w-	c:\program files\EA Games
    2009-03-23 15:56 . 2009-03-23 15:56	14312704	----a-w-	c:\windows\system32\xlive.dll
    2009-03-23 15:56 . 2009-03-23 15:56	13642512	----a-w-	c:\windows\system32\xlivefnt.dll
    2009-03-20 21:06 . 2008-11-29 11:13	1626	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2009-03-20 16:10 . 2008-11-28 14:57	84792	----a-w-	c:\users\Edem\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-03-17 03:38 . 2009-04-17 13:02	13824	----a-w-	c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-17 13:02	24064	----a-w-	c:\windows\system32\amxread.dll
    2009-03-09 03:19 . 2008-11-28 20:28	410984	----a-w-	c:\windows\system32\deploytk.dll
    2009-02-24 19:34 . 2009-02-24 19:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
    2004-06-01 15:22 . 2004-06-01 15:22	122880	--sha-w-	c:\windows\System32\ppfsys.exe
    .
    
    (((((((((((((((((((((((((((((   SnapShot@2009-06-01_10.26.17   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-06-01 17:35	56684              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-06-01 17:35	90900              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-11-28 14:58 . 2009-06-01 17:35	14638              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4005247752-3487466502-3436956655-1001_UserData.bin
    + 2008-11-28 14:29 . 2009-06-01 17:50	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-06-01 10:18	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-06-01 10:18	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-28 14:29 . 2009-06-01 17:50	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-28 14:29 . 2009-06-01 17:50	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-11-28 14:29 . 2009-06-01 10:18	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-06-01 10:26 . 2009-06-01 10:26	47616              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\f0940934a3aa33b7671f416206a76c03\WindowsLiveWriter.ni.exe
    + 2009-06-01 10:27 . 2009-06-01 10:27	99840              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b63823a5b3ae8aa81cb94997db390ab\WindowsLive.Writer.Api.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\0c6011681b9ff9fce5a7024cc945220f\UIAutomationProvider.ni.dll
    + 2009-06-01 10:46 . 2009-06-01 10:46	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\ade62baef300f037ae756f801663f9c5\System.Windows.Presentation.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40591112ed6a3fac4dbfa337c00d2122\System.Web.DynamicData.Design.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\8e4110e20bba40ee1fe7f23aaff7d2ee\System.ComponentModel.DataAnnotations.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\995b89ec2f32e0c5989f84a8a96ceb28\System.AddIn.Contract.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\7dba5af5f1c6d3d23d3f3b2b4d7ebc14\PresentationFontCache.ni.exe
    + 2009-06-01 10:44 . 2009-06-01 10:44	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\96166332e0d92f8b7fcd3a12fba9e758\PresentationCFFRasterizer.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	79872              c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\53285198805a96a48fddfd0179dadfc9\napcrypt.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e20de95af9baeabe4d076fef079e1765\Microsoft.Vsa.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	15872              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\73c0364cb7c03a06285567d8905e72a0\Microsoft.VisualC.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d05258f88517512acc1ba5ad8d0c44ff\Microsoft.Build.Framework.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0b3322dd033251dbfeb5ffaa63628e2b\Microsoft.Build.Framework.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	68608              c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\fc224855f47caa5ea29753358ac27717\loadmxf.ni.exe
    + 2009-06-01 10:27 . 2009-06-01 10:27	57856              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\e8bc543a751c904dd7e1c2ab2c06ae35\ehiUserXp.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\fa98de6cbcf056d4d79c6fada3a06d5f\ehiReplay.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	23552              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\6dbd12480f119249468f90945e63cd7d\ehiExtCOM.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\f98e5b3186c8e48621477a05e264e73e\ehExtCOM.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\79f0864babc826355d3642420230abad\dfsvc.ni.exe
    + 2009-06-01 10:26 . 2009-06-01 10:26	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e66c5af83e8fb89b4dc5547ef663f4c8\Accessibility.ni.dll
    + 2009-06-01 17:33 . 2009-06-01 17:33	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-06-01 10:18 . 2009-06-01 10:18	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-06-01 17:33 . 2009-06-01 17:33	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-06-01 10:18 . 2009-06-01 10:18	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-06-01 10:46 . 2009-06-01 10:46	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a3811d1d99a4643e21362276281045a7\WsatConfig.ni.exe
    + 2009-06-01 10:27 . 2009-06-01 10:27	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a362ea14c0fe23d4f2aea8ec021f0d3e\WindowsLiveLocal.WriterPlugin.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	174080              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dff83a93cfce38247be2ac2e0a8785a9\WindowsLive.Writer.BrowserControl.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	334848              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\db7a09cf44aa9b0d0e57ddee3762ab1a\WindowsLive.Writer.Interop.Mshtml.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	108544              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b58392b9d39e8daf17f3bd78ab1147d0\WindowsLive.Writer.Passport.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	322048              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\93193886e8077ef3c8de1ea5f0edd7f8\WindowsLive.Writer.SpellChecker.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	313856              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8a6fcbec105088d656a22542a0af3327\WindowsLive.Writer.Interop.SHDocVw.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	319488              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84e8e405b3075006fb93c866af02c63c\WindowsLive.Writer.Interop.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	117760              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7db7da9911abb2aa8a4e94ef744e7586\WindowsLive.Writer.Instrumentation.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	152064              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56771dc2fe172f871091c71ac3a561c2\WindowsLive.Writer.HtmlParser.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	119296              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\423d86baaaa446228fc3205bd0671318\WindowsLive.Writer.FileDestinations.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	851968              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3c0571b569bad5e54a9932c8a898107e\WindowsLive.Writer.BlogClient.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2e9d7206e575145912ce8aa61b211d77\WindowsLive.Writer.Mshtml.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	594944              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\20fb431e55c3f27ad51498fe55d37ae4\WindowsLive.Writer.HtmlEditor.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	428032              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c76889f6da313c75b11eaf60461c82e\WindowsLive.Writer.Localization.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	843776              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0521176f85dd52cee07fb05917197f4f\WindowsLive.Writer.Controls.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	118784              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\01ac4b7ff5021dad8a2a4ca560e4b2d7\WindowsLive.Writer.Extensibility.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	145920              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b6c3541e8a9df4ddbd720eb4c4dfd5e8\WindowsLive.Client.ni.dll
    + 2009-06-01 10:46 . 2009-06-01 10:46	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\41dcf4e0061193634534f67cea2d360e\WindowsFormsIntegration.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3caf0510d20c5799d772066ce085b2dc\UIAutomationTypes.ni.dll
    + 2009-06-01 10:46 . 2009-06-01 10:46	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\50adf5948f698ac2a6fd66a05c77fa6b\UIAutomationClient.ni.dll
    + 2009-06-01 10:46 . 2009-06-01 10:46	235520              c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\514f3a2e1240411c66b5809b99ecb0e4\TaskScheduler.ni.dll
    + 2009-06-01 10:46 . 2009-06-01 10:46	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\85e2233bc3d7c5cf8fc07f9a8ce241cd\System.Xml.Linq.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\71e9648c03c18a69e85293da03413183\System.Web.Routing.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc555eb256a646332b3154bc91bbdb27\System.Web.RegularExpressions.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\40b16dc65e32c4b7800bbde94fd4f9b7\System.Web.Extensions.Design.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\1ecd0493d33f74af1d96570662979a66\System.Web.Entity.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\c52120bb862d84082d917c4bb0a738c5\System.Web.Entity.Design.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\6f2bb0a35c228aba6e3a02a1238beb20\System.Web.DynamicData.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\3b49817ad348c94fc41bbf26fdde9eec\System.Web.Abstractions.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9a01d9b5c7b5509bbc964881ce2be5a1\System.Transactions.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	676352              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\91895552b86d90ec9e0bdda831f69521\System.Security.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b404ce9f79efc15f7cb09da0881adeb9\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	771584              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\892f786ce75bd2e0ca400a8dae347a58\System.Net.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	593408              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\11312bae768c4e69dfd6d9a3f34c1e62\System.Messaging.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\9c1bbc7a8431ba14f3138a9b9d0b2758\System.Management.Instrumentation.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\2e19d1e42380f35043e0a6083de30852\System.IO.Log.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\b3e2a96dff5a63aaf7d7d974cdf40dcb\System.IdentityModel.Selectors.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7895f580432cd243f19aa40db58d38bc\System.EnterpriseServices.Wrapper.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7895f580432cd243f19aa40db58d38bc\System.EnterpriseServices.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8921bfdd4653796b3f71c0f55064bef2\System.DirectoryServices.Protocols.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4c8a9e6f92e1274ad537e52cbbfe63b1\System.DirectoryServices.AccountManagement.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d14d5cbf6da54f47fa2480aabc3287a4\System.Data.Services.Design.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\66e561a2111eb84b814de5ee29acfe6e\System.Data.Services.Client.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\959bf3a05aa862385201a0fc7ff82b7c\System.Data.Entity.Design.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ae6e232c6323706a525ea09110674d84\System.Data.DataSetExtensions.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\d3915d0144a91ab76bfaad80d5d7308c\System.Configuration.Install.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\e40798cf217d051ccb60ce51df76608a\System.AddIn.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	232448              c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\559a52145a3500b9be72f13c1a3e1018\sysglobl.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\58de8d4959e4d79d8f992dd3ab045a72\SMSvcHost.ni.exe
    + 2009-06-01 10:26 . 2009-06-01 10:26	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\fe38867d2e5f029a61369d60cb366db6\SMDiagnostics.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\09f0313dbe55d6d0d843fecc42a93420\ServiceModelReg.ni.exe
    + 2009-06-01 10:44 . 2009-06-01 10:44	724992              c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\414c80f21207fd50457c33c7be16fba4\napsnap.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	110080              c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\73112fe6d1ba98baec29bb6a54af81ff\napinit.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	115712              c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\c9fcddbf15afb72d7bc8ac081f9b2a8a\naphlpr.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\a6f1ced3df616396a4980276ce9324be\MSBuild.ni.exe
    + 2009-06-01 10:44 . 2009-06-01 10:44	283648              c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\683027751803820e53367579ad1c025c\MMCFxCommon.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\d64dd85d512244087920e240e2ead636\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	582656              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\f33fdf014aebbbc113eebaadabf073dd\Microsoft.MediaCenter.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	217088              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\2170d1dbbea3ba2b2a2fa2ce7dcff6dd\Microsoft.MediaCenter.Shell.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	659968              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\041d6147fc2abe031ad4b007a031b428\Microsoft.MediaCenter.Sports.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	550912              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ae044af516de3b58071f06237f346f08\Microsoft.ManagementConsole.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fb6b64d9951841d62e4a7fdb69773753\Microsoft.Build.Utilities.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\141d01ee47d7293ff827c087bebc8f80\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\469f74b1a5c04d4d122298419a78ee5a\Microsoft.Build.Engine.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\300b894f5f93950e037a3e965f18d19a\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	238592              c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\54f957fb5fc7f4a161e4194615a7134d\Mcx2Dvcs.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	253440              c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\f09b0cb5443e0651e607083ff33ce998\mcupdate.ni.exe
    + 2009-06-01 10:27 . 2009-06-01 10:27	218624              c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\e0e85b15b5b51c8c9054099131c85c19\mcstoredb.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\f1c4d243141cc2434b22a6929581c6c9\mcstore.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	543744              c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\9d3bbd186caa7d4838248d7ea0abf867\EventViewer.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	103936              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\7d21f43601837a5612c3683a6df8bf0a\ehiWUapi.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	338432              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\9562343f3e6f6baf5058c7af4d5e7fc2\ehiwmp.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	797696              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\fa78a432baa1ae0f90fa00d230947eff\ehiVidCtl.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	965632              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\d98eb25afa000fdbd568df63e209fd01\ehiProxy.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	565760              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\982054f1e8d3a031f93f73b8d04c9c93\ehiPlay.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	160768              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\de83e978bb105ef5c1c509d821b2b716\ehiExtens.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	242688              c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\cf5d56932dd9deb7f9dca3ae3a222642\ehExtHost.ni.exe
    + 2009-06-01 10:27 . 2009-06-01 10:27	305152              c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\ebe207ffeae6f025589c23dfb33c842b\ehepgdat.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	220160              c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\0001077b9b4cce62554bf521aca63297\ehCIR.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\227b6533d7f1fdfb94558e22f83d7159\CustomMarshalers.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\700b8218bf42b9c34c1202806960fc4e\ComSvcConfig.ni.exe
    + 2009-06-01 10:26 . 2009-06-01 10:26	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\8b8db66965a927b5070244d256709fe9\BDATunePIA.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\660850afa77bfd5145eab2d362859404\AspNetMMCExt.ni.dll
    - 2006-11-02 10:22 . 2009-06-01 10:17	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 10:22 . 2009-06-01 10:54	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-04-13 00:10 . 2009-06-01 17:31	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-04-13 00:10 . 2009-06-01 10:17	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-06-01 10:27 . 2009-06-01 10:27	1105920              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ce1b4192a4cf7472f1755e3aaee3aef3\WindowsLive.Writer.ApplicationFramework.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	2002432              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\99870d72535ce9a8c53ac80236c675c4\WindowsLive.Writer.CoreServices.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	6392832              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a806fa96e3330a853ef9834dffdebf4\WindowsLive.Writer.PostEditor.ni.dll
    + 2009-06-01 10:46 . 2009-06-01 10:46	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\bf4b41f6504f6e0bb9ebfe81ee898f41\UIAutomationClientsideProviders.ni.dll
    + 2009-06-01 10:46 . 2009-06-01 10:46	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\770bd1f92877fcca1e7d5520deb1524b\System.WorkflowServices.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2e2615fe0b5497263891553e13b697c6\System.Web.Services.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\50dbb91ff2cd5f634b7cc56fb2125d55\System.Web.Mobile.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	2403328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\060fca61fc10971f381204ccb623fc58\System.Web.Extensions.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	1917440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\a4524eb304ba9694838780c3d707bb6e\System.Speech.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\463d79ec2065b26873bffcd35615d00b\System.ServiceModel.Web.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	2338304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\19ca73856f91e0fd4d5353a9373f8b6a\System.Runtime.Serialization.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	1035264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\9def64da16f075e10ce1b0cb97e44646\System.Printing.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	1056768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\63d1eb27f55bfa47a1a9328172bfb604\System.IdentityModel.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c59a8a0f03578ceb0eadd3bd8ac20876\System.DirectoryServices.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\341bad47d4e45c4b1a994ab574d18ccf\System.Deployment.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\58408e7157a149ee82d88687489d61ed\System.Data.Services.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	1115136              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\aff131554aeba820851285057b7c73c5\System.Data.OracleClient.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c17219ce79b8df5966381230bd9e2130\System.Data.Entity.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\bbab0671945f6dfb330735832b8db69c\ReachFramework.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bdc87c67f45de6c8798344e2625d3801\PresentationUI.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\291b46ea56e2487200a16d5f8c4f4e7b\PresentationBuildTasks.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	2538496              c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\155b02ef85edc0b1bce415aa278494c2\Narrator.ni.exe
    + 2009-06-01 10:44 . 2009-06-01 10:44	1534464              c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\9251d1eb8b2439954bc2f18ea4268ed2\MMCEx.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	6338560              c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\7ea0a047d6a73d97d2d7c0d5477c59e2\MIGUIControls.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\10fc12b6bf6510f0b967d20a2b04c476\Microsoft.VisualBasic.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19fe1d203e18c2002cc0a7cfbcc8000\Microsoft.Transactions.Bridge.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	5475840              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5ce392dfd51b1ab765df143ef5c4845d\Microsoft.MediaCenter.UI.ni.dll
    + 2009-06-01 10:45 . 2009-06-01 10:45	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\d0c457bb6166af76d39e30b872b98680\Microsoft.JScript.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\77c72d8ae1eb97866124ff94944eba65\Microsoft.Ink.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\51998ee525859b487f792fa991b578e0\Microsoft.Build.Tasks.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\158f491d14b18b2c84dea624fa16f97e\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6be4f17a5301e550b4ba72e8c0954951\Microsoft.Build.Engine.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	1721856              c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\757c5789e30cbaad7a3c136fb611f354\ehRecObj.ni.dll
    + 2009-06-01 10:27 . 2009-06-01 10:27	2119680              c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\66f5e0bc60a4fe0436449217fa3bdffa\ehepg.ni.dll
    + 2009-06-01 10:26 . 2009-06-01 10:26	11796992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
    + 2009-06-01 10:44 . 2009-06-01 10:44	11575808              c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\2fbbc44efab8b54702d6d2b9e0b879c6\ehshell.ni.dll
    + 2008-03-12 09:45 . 2009-06-01 10:54	153947855              c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    .
    -- Snapshot auf jetziges Datum zurückgesetzt --
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-29 516440]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ACCControl.lnk - c:\program files\Universal DVB Receiver\Wizard\AccControl.exe [2008-9-19 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2646394D-E733-439C-83C9-B7CC01B2E1E9}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "UDP Query User{58313528-5373-4943-9A40-0C00310E6112}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "{B41CAFB6-E1EF-422B-B654-506B53E2D099}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{F7B11F93-0C92-4984-817A-CAF83B975F6F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B3E6F6F7-5174-4805-B79E-71DDCD488C14}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{00CD27A8-0340-440F-B89E-6B0EE16C5374}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{3D182488-23A3-45AE-90A1-395FDE232D27}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{F9B9690D-3578-4747-B65E-68835FDF16E7}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{5D1B62F9-0BDE-4955-B392-B8C891CDF752}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{63C2C407-8B8E-4C48-8B52-39E404E8851D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{2B6859F0-CF8B-427B-AD85-DE59B19CAC24}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{FA215510-D03A-405B-BE10-ED052C6B4D5D}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{140D9DF7-23D4-4A64-941F-8471849736A9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{8C58747E-079E-4209-9A47-A341C0BB8F09}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0B4A0B8F-4B88-4B3F-BE26-E390F8B99844}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{26FFC045-E122-4B2B-9A7D-67B421E72580}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{8308432D-4AB3-4AF9-A6AD-0F06CAD4979E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{0D3F5237-D24A-42B7-AC9C-83415EDC6D59}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{DB988C9A-95CC-44EF-997C-3B444D72A89B}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{22B2092C-FE36-4B03-A3A9-074682694CFA}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{E3EBD3B8-231F-4A2B-B7B0-43532C4FF21A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{98408E1B-1AFA-4A9A-85B2-F0AF46B1130E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{5A0C4BD1-6620-4A42-88FC-EC7297C576FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E9B9E188-9C80-4A2A-8E89-FBC096651446}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{4A5B2C63-15D4-4ED0-A316-87B99EB7A29F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A909D77B-C137-4DBA-AAE4-9EE78BC5163F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{218954EB-C383-4AA7-AA02-18D6BF830CD1}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{CECEE2DD-0A59-41DE-BE30-F5FB9B7B65A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{23E1BAC1-04AD-48CE-BBEF-7713D99B2A36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{85DD9BC7-867C-4EB8-9FC1-C0C44447D1AD}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{CCB99321-D246-4CD0-ABC1-460E1FB8AA31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{22AC0706-6B49-4C77-9D94-AAAF5BFAA379}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{FBE9CF26-246A-493E-B8D8-97C31DB1972C}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "TCP Query User{741F3CC3-294E-4C25-9EA1-A4AF5B8A7048}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
    "UDP Query User{820ED1AB-217A-46D3-9555-5186C14002FF}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 18:21 64160]
    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [14.05.2009 18:01 114768]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 08:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 20:28 108289]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [14.05.2009 18:01 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [14.05.2009 18:00 51792]
    R2 EasyHideIP;EasyHideIP;c:\program files\Easy-Hide-IP\services\EasyHideIp.exe [09.04.2009 19:03 45056]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 22:56 52592]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07.01.2009 15:17 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 09:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 09:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 08:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 09:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 08:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 08:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 08:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 22:56 10096]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 20:46 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 953168]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 18:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
    S3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 14:40 88704]
    S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [09.04.2009 17:02 532784]
    S3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 17:30 486912]
    S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 17:30 7680]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 20:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhalt des "geplante Tasks" Ordners
    
    2009-06-01 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:20]
    
    2009-06-01 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2009-06-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=13166&l=dis
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-01 20:26
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:fa,66,fa,2e,b5,7c,8f,f1,f3,1e,db,c8,b7,eb,e3,87,05,13,bd,e2,43,
       6f,bd,46,65,ec,ce,48,86,8a,94,5e,48,5a,70,0c,c5,ea,d3,15,ac,66,3c,5d,6e,8f,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    Zeit der Fertigstellung: 2009-06-01 20:27
    ComboFix-quarantined-files.txt  2009-06-01 18:27
    ComboFix2.txt  2009-06-01 10:27
    
    Vor Suchlauf: 21 Verzeichnis(se), 79.123.755.008 Bytes frei
    Nach Suchlauf: 20 Verzeichnis(se), 79.113.158.656 Bytes frei
    
    450	--- E O F ---	2009-06-01 10:04
    ComboFix 09-06-01.03 - Edem 03.06.2009 18:17.3 - NTFSx86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.1864 [GMT 2:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    
    ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\windows\system32\drivers\Msft_Kernel_phaudlwr_01005.Wdf
    c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    
    .
    (((((((((((((((((((((((   Dateien erstellt von 2009-05-03 bis 2009-06-03  ))))))))))))))))))))))))))))))
    .
    
    2009-06-03 16:19 . 2009-06-03 16:19	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2009-06-03 16:19 . 2009-06-03 16:19	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-06-03 09:12 . 2009-06-03 09:12	--------	d-----w-	c:\program files\CCleaner
    2009-06-02 15:35 . 2009-06-02 15:35	--------	d-----w-	c:\windows\Sun
    2009-06-01 16:07 . 2009-05-26 11:20	40160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-01 16:07 . 2009-05-26 11:19	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
    2009-06-01 16:07 . 2009-06-01 16:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
    2009-06-01 11:05 . 2009-06-03 11:00	--------	d-----w-	c:\program files\Activision
    2009-05-31 19:01 . 2009-05-31 19:01	--------	d-----w-	C:\rsit
    2009-05-29 15:28 . 2009-05-29 15:28	680	----a-w-	c:\users\Edem\AppData\Local\d3d9caps.dat
    2009-05-14 16:01 . 2009-02-05 20:06	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
    2009-05-14 16:01 . 2009-02-05 20:06	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
    2009-05-14 16:01 . 2009-02-05 20:04	97480	----a-w-	c:\windows\system32\AvastSS.scr
    2009-05-14 16:01 . 2009-02-05 20:07	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
    2009-05-14 16:01 . 2009-02-05 20:07	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
    2009-05-14 16:00 . 2009-02-05 20:11	1256296	----a-w-	c:\windows\system32\aswBoot.exe
    2009-05-14 16:00 . 2009-02-05 20:06	51792	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
    2009-05-14 16:00 . 2009-05-14 16:00	--------	d-----w-	c:\program files\Alwil Software
    2009-05-12 18:30 . 2009-05-12 18:30	--------	d-----w-	c:\program files\Serials World
    2009-05-07 15:53 . 2009-05-07 15:53	--------	d-----w-	c:\users\Edem\AppData\Roaming\live-player
    2009-05-07 15:53 . 2009-05-18 13:41	--------	d-----w-	c:\program files\Live-Player
    2009-05-06 16:48 . 2009-05-06 16:48	--------	d-----w-	C:\adaptec
    2009-05-06 16:41 . 2009-05-06 16:49	--------	d-----w-	c:\users\Edem\AppData\Roaming\DeepBurner
    2009-05-06 16:41 . 2009-05-06 16:41	--------	d-----w-	c:\program files\Astonsoft
    2009-05-06 16:21 . 2009-05-06 16:21	--------	d-----w-	c:\users\Edem\AppData\Local\MicroVision Applications
    16508-12-01 17:49 . 2009-02-27 21:20	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-03 09:56 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2009-06-03 09:56 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2009-06-03 09:47 . 2008-11-30 11:59	--------	d-----w-	c:\program files\EA Games
    2009-06-03 09:34 . 2009-04-09 15:02	--------	d-----w-	c:\program files\Hide My IP 2009
    2009-06-03 09:34 . 2009-03-20 16:04	--------	d-----w-	c:\program files\FolderAccess
    2009-06-03 09:33 . 2009-02-27 17:14	--------	d-----w-	c:\program files\Ashampoo
    2009-06-02 20:26 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2009-06-02 18:56 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2009-06-02 18:56 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2009-06-02 15:37 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2009-05-31 11:06 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2009-05-29 16:22 . 2009-02-27 17:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\Ashampoo
    2009-05-29 15:28 . 2009-04-18 22:17	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-05-05 20:12 . 2008-11-28 20:27	--------	d-----w-	c:\program files\Java
    2009-04-29 16:21 . 2009-04-29 16:28	15688	----a-w-	c:\windows\system32\lsdelete.exe
    2009-04-29 16:20 . 2009-04-29 16:21	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
    2009-04-29 16:19 . 2009-04-29 16:19	--------	d-----w-	c:\program files\Lavasoft
    2009-04-28 17:00 . 2009-04-28 17:00	--------	d-----w-	c:\users\Edem\AppData\Roaming\Malwarebytes
    2009-04-28 16:49 . 2009-04-28 16:49	--------	d-----w-	c:\program files\a-squared HiJackFree
    2009-04-27 11:19 . 2009-03-20 18:28	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
    2009-04-27 11:19 . 2009-03-20 18:28	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
    2009-04-12 17:54 . 2009-04-18 22:18	954368	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-04-12 17:54 . 2009-04-18 22:18	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-04-12 17:54 . 2009-04-18 22:18	71652	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
    2009-04-12 17:54 . 2009-04-18 22:18	4534272	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-04-12 17:54 . 2009-04-18 22:18	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-04-12 17:54 . 2009-04-18 22:18	131868	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
    2009-04-12 17:54 . 2009-04-18 22:18	1161626	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
    2009-04-12 17:54 . 2009-04-18 22:18	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-04-09 17:03 . 2009-04-09 17:03	--------	d-----w-	c:\program files\Easy-Hide-IP
    2009-04-09 16:52 . 2009-04-09 16:52	827377	----a-w-	c:\users\Edem\EmiycLwG.exe
    2009-04-09 14:53 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2009-04-09 14:52 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2009-03-23 15:56 . 2009-03-23 15:56	14312704	----a-w-	c:\windows\system32\xlive.dll
    2009-03-23 15:56 . 2009-03-23 15:56	13642512	----a-w-	c:\windows\system32\xlivefnt.dll
    2009-03-20 21:06 . 2008-11-29 11:13	1626	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2009-03-20 16:10 . 2008-11-28 14:57	84792	----a-w-	c:\users\Edem\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-03-17 03:38 . 2009-04-17 13:02	13824	----a-w-	c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-17 13:02	24064	----a-w-	c:\windows\system32\amxread.dll
    2009-03-09 03:19 . 2008-11-28 20:28	410984	----a-w-	c:\windows\system32\deploytk.dll
    2009-02-24 19:34 . 2009-02-24 19:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
    2004-06-01 15:22 . 2004-06-01 15:22	122880	--sha-w-	c:\windows\System32\ppfsys.exe
    .
    
    (((((((((((((((((((((((((((((   SnapShot_2009-06-01_18.26.43   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-06-03 09:32	57226              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-06-03 09:53	90988              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-11-28 14:58 . 2009-06-03 09:53	14654              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4005247752-3487466502-3436956655-1001_UserData.bin
    - 2008-11-28 14:29 . 2009-06-01 17:50	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-11-28 14:29 . 2009-06-03 13:51	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-11-28 14:29 . 2009-06-03 13:51	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-11-28 14:29 . 2009-06-01 17:50	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-06-02 15:41 . 2009-06-02 15:41	49936              c:\windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe
    - 2008-11-30 11:16 . 2008-11-30 11:16	49936              c:\windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe
    - 2009-04-18 09:06 . 2009-04-18 09:06	35600              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2009-06-02 15:41 . 2009-06-02 15:41	35600              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2006-10-26 20:07 . 2006-10-26 20:07	17680              c:\windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.4518\PXBPROXY.DLL
    + 2009-06-03 10:19 . 2009-06-03 10:19	12800              c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	12800              c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	53248              c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	53248              c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2009-06-03 09:30 . 2009-06-03 09:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-06-01 17:33 . 2009-06-01 17:33	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-06-03 09:30 . 2009-06-03 09:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-06-01 17:33 . 2009-06-01 17:33	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2006-11-02 10:33 . 2009-05-05 19:06	586980              c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-06-03 09:56	586980              c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-05-05 19:06	101052              c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2009-06-03 09:56	101052              c:\windows\System32\perfc009.dat
    + 2009-06-03 10:19 . 2009-06-03 10:19	223232              c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	223232              c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	178176              c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	178176              c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	364544              c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	364544              c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	159232              c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	159232              c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	145920              c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	145920              c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	577024              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	577024              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	576000              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	576000              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	567296              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	567296              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	563712              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:18 . 2009-06-03 10:18	563712              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	473600              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2009-06-03 10:19 . 2009-06-03 10:19	473600              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2009-06-01 10:54 . 2009-04-14 07:03	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22409_none_f31abf3b848fce75\OESpamFilter.dat
    + 2009-06-01 10:54 . 2009-04-14 07:04	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18239_none_f270b0c66b8a8557\OESpamFilter.dat
    + 2009-06-01 10:54 . 2009-04-14 07:18	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21038_none_f112e6c38782ae1b\OESpamFilter.dat
    + 2009-06-01 10:54 . 2009-04-14 07:06	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16843_none_f079a0786e71784d\OESpamFilter.dat
    + 2006-11-02 10:22 . 2009-06-03 09:28	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2006-11-02 10:22 . 2009-06-01 10:54	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-04-13 00:10 . 2009-06-01 17:31	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-04-13 00:10 . 2009-06-03 09:28	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-06-03 10:18 . 2009-06-03 10:18	2846720              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	2846720              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-06-03 10:18 . 2009-06-03 10:18	2676224              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-03-21 12:15 . 2009-03-21 12:15	2676224              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2006-11-02 10:24 . 2009-05-06 22:16	24699336              c:\windows\System32\mrt.exe
    + 2008-03-12 09:45 . 2009-06-03 08:57	153998562              c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    .
    -- Snapshot auf jetziges Datum zurückgesetzt --
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-29 516440]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ACCControl.lnk - c:\program files\Universal DVB Receiver\Wizard\AccControl.exe [2008-9-19 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2646394D-E733-439C-83C9-B7CC01B2E1E9}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "UDP Query User{58313528-5373-4943-9A40-0C00310E6112}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "{B41CAFB6-E1EF-422B-B654-506B53E2D099}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{F7B11F93-0C92-4984-817A-CAF83B975F6F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B3E6F6F7-5174-4805-B79E-71DDCD488C14}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{00CD27A8-0340-440F-B89E-6B0EE16C5374}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{3D182488-23A3-45AE-90A1-395FDE232D27}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{F9B9690D-3578-4747-B65E-68835FDF16E7}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{5D1B62F9-0BDE-4955-B392-B8C891CDF752}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{63C2C407-8B8E-4C48-8B52-39E404E8851D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{2B6859F0-CF8B-427B-AD85-DE59B19CAC24}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{FA215510-D03A-405B-BE10-ED052C6B4D5D}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{140D9DF7-23D4-4A64-941F-8471849736A9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{8C58747E-079E-4209-9A47-A341C0BB8F09}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0B4A0B8F-4B88-4B3F-BE26-E390F8B99844}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{26FFC045-E122-4B2B-9A7D-67B421E72580}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{8308432D-4AB3-4AF9-A6AD-0F06CAD4979E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{0D3F5237-D24A-42B7-AC9C-83415EDC6D59}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{DB988C9A-95CC-44EF-997C-3B444D72A89B}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{22B2092C-FE36-4B03-A3A9-074682694CFA}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{E3EBD3B8-231F-4A2B-B7B0-43532C4FF21A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{98408E1B-1AFA-4A9A-85B2-F0AF46B1130E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{5A0C4BD1-6620-4A42-88FC-EC7297C576FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E9B9E188-9C80-4A2A-8E89-FBC096651446}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{4A5B2C63-15D4-4ED0-A316-87B99EB7A29F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A909D77B-C137-4DBA-AAE4-9EE78BC5163F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{218954EB-C383-4AA7-AA02-18D6BF830CD1}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{CECEE2DD-0A59-41DE-BE30-F5FB9B7B65A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{23E1BAC1-04AD-48CE-BBEF-7713D99B2A36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{85DD9BC7-867C-4EB8-9FC1-C0C44447D1AD}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{CCB99321-D246-4CD0-ABC1-460E1FB8AA31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{22AC0706-6B49-4C77-9D94-AAAF5BFAA379}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{FBE9CF26-246A-493E-B8D8-97C31DB1972C}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "TCP Query User{741F3CC3-294E-4C25-9EA1-A4AF5B8A7048}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
    "UDP Query User{820ED1AB-217A-46D3-9555-5186C14002FF}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 18:21 64160]
    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [14.05.2009 18:01 114768]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 08:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 20:28 108289]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [14.05.2009 18:01 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [14.05.2009 18:00 51792]
    R2 EasyHideIP;EasyHideIP;c:\program files\Easy-Hide-IP\services\EasyHideIp.exe [09.04.2009 19:03 45056]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 22:56 52592]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07.01.2009 15:17 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 09:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 09:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 08:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 09:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 08:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 08:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 08:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 22:56 10096]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 20:46 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 953168]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 18:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
    S3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 14:40 88704]
    S3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 17:30 486912]
    S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 17:30 7680]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 20:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhalt des "geplante Tasks" Ordners
    
    2009-06-03 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:20]
    
    2009-06-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2009-06-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-06-02 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=13166&l=dis
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-03 18:19
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:19,21,63,57,b4,a7,85,18,2a,98,4f,0d,a3,fb,b5,51,e3,19,bc,8a,e6,
       46,68,cb,57,dc,58,f0,9c,bb,10,77,4f,31,b9,15,95,74,3b,60,14,19,1c,54,bd,9a,\
    "rkeysecu"=hex:60,1b,f5,b2,4f,ec,e7,f0,95,5b,1c,12,35,ab,d9,12
    .
    Zeit der Fertigstellung: 2009-06-03 18:20
    ComboFix-quarantined-files.txt  2009-06-03 16:20
    ComboFix2.txt  2009-06-01 18:27
    ComboFix3.txt  2009-06-01 10:27
    
    Vor Suchlauf: 21 Verzeichnis(se), 87.029.231.616 Bytes frei
    Nach Suchlauf: 20 Verzeichnis(se), 86.996.090.880 Bytes frei
    
    352	--- E O F ---	2009-06-02 15:44
    ComboFix 09-06-13.09 - Edem 14.06.2009 12:49.4 - NTFSx86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.2033 [GMT 2:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    
    (((((((((((((((((((((((   Dateien erstellt von 2009-05-14 bis 2009-06-14  ))))))))))))))))))))))))))))))
    .
    
    2009-06-14 10:55 . 2009-06-14 10:55	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2009-06-14 10:55 . 2009-06-14 10:55	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-06-13 17:32 . 2009-06-13 17:32	--------	d-----w-	c:\windows\system32\Grand Theft Auto IV Screenshot dir
    2009-06-13 17:32 . 2009-06-13 17:32	520192	----a-w-	c:\windows\system32\Grand Theft Auto IV Screenshot.scr
    2009-06-06 11:48 . 2009-06-06 11:49	--------	d-----w-	c:\program files\ProgDVB
    2009-06-03 18:33 . 2009-06-03 18:33	--------	d-----w-	c:\users\Edem\AppData\Local\AnyUtils
    2009-06-03 18:33 . 2009-06-03 18:33	--------	d-----w-	c:\program files\AnyUtils
    2009-06-03 09:12 . 2009-06-03 09:12	--------	d-----w-	c:\program files\CCleaner
    2009-06-02 15:35 . 2009-06-02 15:35	--------	d-----w-	c:\windows\Sun
    2009-06-01 11:05 . 2009-06-03 11:00	--------	d-----w-	c:\program files\Activision
    2009-05-31 19:01 . 2009-05-31 19:01	--------	d-----w-	C:\rsit
    2009-05-29 15:28 . 2009-05-29 15:28	680	----a-w-	c:\users\Edem\AppData\Local\d3d9caps.dat
    16508-12-01 17:49 . 2009-06-04 11:03	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-14 10:13 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2009-06-14 10:13 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2009-06-12 19:07 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2009-06-11 21:08 . 2008-03-12 11:59	--------	d-----w-	c:\program files\Microsoft Works
    2009-06-06 10:47 . 2008-11-29 11:13	1626	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2009-06-04 11:22 . 2009-03-15 20:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
    2009-06-04 11:22 . 2009-03-15 20:31	--------	d-----w-	c:\program files\AGEIA Technologies
    2009-06-03 09:47 . 2008-11-30 11:59	--------	d-----w-	c:\program files\EA Games
    2009-06-03 09:34 . 2009-04-09 15:02	--------	d-----w-	c:\program files\Hide My IP 2009
    2009-06-03 09:34 . 2009-03-20 16:04	--------	d-----w-	c:\program files\FolderAccess
    2009-06-03 09:33 . 2009-02-27 17:14	--------	d-----w-	c:\program files\Ashampoo
    2009-06-02 18:56 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2009-06-02 18:56 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2009-06-02 15:37 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2009-05-31 11:06 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2009-05-29 16:22 . 2009-02-27 17:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\Ashampoo
    2009-05-29 15:28 . 2009-04-18 22:17	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-05-18 13:41 . 2009-05-07 15:53	--------	d-----w-	c:\program files\Live-Player
    2009-05-14 16:00 . 2009-05-14 16:00	--------	d-----w-	c:\program files\Alwil Software
    2009-05-12 18:30 . 2009-05-12 18:30	--------	d-----w-	c:\program files\Serials World
    2009-05-09 05:50 . 2009-06-11 14:23	915456	----a-w-	c:\windows\system32\wininet.dll
    2009-05-09 05:34 . 2009-06-11 14:23	71680	----a-w-	c:\windows\system32\iesetup.dll
    2009-05-07 15:53 . 2009-05-07 15:53	--------	d-----w-	c:\users\Edem\AppData\Roaming\live-player
    2009-05-06 16:49 . 2009-05-06 16:41	--------	d-----w-	c:\users\Edem\AppData\Roaming\DeepBurner
    2009-05-06 16:41 . 2009-05-06 16:41	--------	d-----w-	c:\program files\Astonsoft
    2009-05-05 20:12 . 2008-11-28 20:27	--------	d-----w-	c:\program files\Java
    2009-04-30 22:08 . 2009-04-30 22:08	1505824	----a-w-	c:\windows\system32\nvcpluir.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1194528	----a-w-	c:\windows\system32\nvcplui.exe
    2009-04-30 22:08 . 2009-04-30 22:08	1358368	----a-w-	c:\windows\system32\nvsvsr.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1292832	----a-w-	c:\windows\system32\nvsvs.dll
    2009-04-30 20:02 . 2009-04-30 20:02	9850016	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
    2009-04-30 20:02 . 2009-04-30 20:02	663552	----a-w-	c:\windows\system32\nvcuvid.dll
    2009-04-30 20:02 . 2009-04-30 20:02	457248	----a-w-	c:\windows\system32\nvudisp.exe
    2009-04-30 20:02 . 2009-04-30 20:02	4224	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
    2009-04-30 20:02 . 2009-04-30 20:02	3128320	----a-w-	c:\windows\system32\nvwgf2um.dll
    2009-04-30 20:02 . 2009-04-30 20:02	1704960	----a-w-	c:\windows\system32\nvcuda.dll
    2009-04-30 20:02 . 2009-04-30 20:02	143360	----a-w-	c:\windows\system32\nvcod146.dll
    2009-04-30 20:02 . 2009-04-30 20:02	143360	----a-w-	c:\windows\system32\nvcod.dll
    2009-04-30 20:02 . 2009-04-30 20:02	1314816	----a-w-	c:\windows\system32\nvcuvenc.dll
    2009-04-30 20:02 . 2009-04-30 20:02	10366976	----a-w-	c:\windows\system32\nvoglv32.dll
    2009-04-30 20:02 . 2008-03-24 17:52	983552	----a-w-	c:\windows\system32\nvapi.dll
    2009-04-30 20:02 . 2008-03-24 17:52	7593472	----a-w-	c:\windows\system32\nvd3dum.dll
    2009-04-29 16:21 . 2009-04-29 16:28	15688	----a-w-	c:\windows\system32\lsdelete.exe
    2009-04-29 16:20 . 2009-04-29 16:21	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
    2009-04-29 16:19 . 2009-04-29 16:19	--------	d-----w-	c:\program files\Lavasoft
    2009-04-28 17:00 . 2009-04-28 17:00	--------	d-----w-	c:\users\Edem\AppData\Roaming\Malwarebytes
    2009-04-27 11:19 . 2009-03-20 18:28	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
    2009-04-27 11:19 . 2009-03-20 18:28	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
    2009-04-26 22:42 . 2008-03-12 10:52	457248	----a-w-	c:\windows\system32\nvuninst.exe
    2009-04-23 12:43 . 2009-06-11 14:23	784896	----a-w-	c:\windows\system32\rpcrt4.dll
    2009-04-23 12:42 . 2009-06-11 14:23	636928	----a-w-	c:\windows\system32\localspl.dll
    2009-04-21 22:20 . 2009-04-21 22:20	14311680	----a-w-	c:\windows\system32\xlive.dll
    2009-04-21 22:20 . 2009-04-21 22:20	13642496	----a-w-	c:\windows\system32\xlivefnt.dll
    2009-04-21 11:55 . 2009-06-11 14:23	2033152	----a-w-	c:\windows\system32\win32k.sys
    2009-04-12 17:54 . 2009-04-18 22:18	954368	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-04-12 17:54 . 2009-04-18 22:18	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-04-12 17:54 . 2009-04-18 22:18	71652	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
    2009-04-12 17:54 . 2009-04-18 22:18	4534272	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-04-12 17:54 . 2009-04-18 22:18	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-04-12 17:54 . 2009-04-18 22:18	131868	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
    2009-04-12 17:54 . 2009-04-18 22:18	1161626	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
    2009-04-12 17:54 . 2009-04-18 22:18	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-04-09 16:52 . 2009-04-09 16:52	827377	----a-w-	c:\users\Edem\EmiycLwG.exe
    2009-04-03 10:39 . 2009-04-03 10:39	70936	----a-w-	c:\windows\system32\PhysXLoader.dll
    2009-03-27 22:03 . 2009-03-27 22:03	45056	----a-w-	c:\windows\system32\nvmccsrs.dll
    2009-03-27 22:03 . 2009-03-27 22:03	236064	----a-w-	c:\windows\system32\nvmccs.dll
    2009-03-27 22:03 . 2009-03-27 22:03	139264	----a-w-	c:\windows\system32\nvcod141.dll
    2009-03-20 16:10 . 2008-11-28 14:57	84792	----a-w-	c:\users\Edem\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-03-17 03:38 . 2009-04-17 13:02	13824	----a-w-	c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-17 13:02	24064	----a-w-	c:\windows\system32\amxread.dll
    2009-02-24 19:34 . 2009-02-24 19:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
    2004-06-01 15:22 . 2004-06-01 15:22	122880	--sha-w-	c:\windows\System32\ppfsys.exe
    .
    
    (((((((((((((((((((((((((((((   SnapShot_2009-06-03_16.19.42   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-06-03 08:58 . 2009-04-11 06:28	51712              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	83968              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wmiutils.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	30208              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemprox.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	35328              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mspatcha.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	22016              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsMsg.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	94720              c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
    + 2009-06-11 14:23 . 2009-05-12 22:35	71680              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iesetup.dll
    + 2009-06-11 14:23 . 2009-05-12 22:35	55808              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iernonce.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	71680              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iesetup.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	55808              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iernonce.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	71680              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	55808              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	59904              c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	34816              c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	66560              c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
    + 2009-06-06 11:39 . 2009-03-08 11:31	48128              c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	66560              c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	45568              c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
    + 2009-06-06 11:39 . 2009-03-08 11:31	13312              c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
    + 2009-06-06 11:39 . 2009-03-08 11:31	55296              c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	43008              c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	72704              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
    + 2009-06-11 14:23 . 2009-05-12 22:49	64512              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\WininetPlugin.dll
    + 2009-06-11 14:23 . 2009-05-12 22:36	25600              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\jsproxy.dll
    + 2009-06-11 14:23 . 2009-05-09 05:50	64512              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\WininetPlugin.dll
    + 2009-06-11 14:23 . 2009-05-09 05:35	25600              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\jsproxy.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	64512              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	25600              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	18944              c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	46592              c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	66560              c:\windows\System32\wextract.exe
    + 2008-01-21 01:58 . 2009-06-14 10:08	59046              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-06-14 10:08	91236              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-11-28 14:58 . 2009-06-03 09:53	14654              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4005247752-3487466502-3436956655-1001_UserData.bin
    + 2008-11-28 14:58 . 2009-06-14 10:08	14654              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4005247752-3487466502-3436956655-1001_UserData.bin
    + 2009-06-06 11:39 . 2009-03-08 11:31	46592              c:\windows\System32\pngfilt.dll
    + 2008-12-04 07:28 . 2008-12-04 07:28	24344              c:\windows\System32\PhysXDevice.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	92704              c:\windows\System32\nvmctray.dll
    - 2008-03-24 17:52 . 2008-09-17 22:55	92704              c:\windows\System32\nvmctray.dll
    - 2006-11-02 07:33 . 2006-11-02 07:33	48128              c:\windows\System32\mshtmler.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	48128              c:\windows\System32\mshtmler.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	66560              c:\windows\System32\mshtmled.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	45568              c:\windows\System32\mshta.exe
    - 2008-01-21 02:23 . 2008-01-21 02:23	45568              c:\windows\System32\mshta.exe
    + 2009-06-06 11:39 . 2009-03-08 11:31	13312              c:\windows\System32\msfeedssync.exe
    + 2009-06-06 11:39 . 2009-03-08 11:31	55296              c:\windows\System32\msfeedsbs.dll
    + 2009-06-11 14:23 . 2009-05-09 05:50	64512              c:\windows\System32\migration\WininetPlugin.dll
    - 2008-04-17 04:15 . 2008-02-22 05:01	64512              c:\windows\System32\migration\WininetPlugin.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	43008              c:\windows\System32\licmgr10.dll
    + 2009-06-11 14:23 . 2009-05-09 05:35	25600              c:\windows\System32\jsproxy.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	94720              c:\windows\System32\inseng.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	34816              c:\windows\System32\imgutil.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	55808              c:\windows\System32\iernonce.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	59904              c:\windows\System32\icardie.dll
    + 2009-06-13 17:32 . 2009-06-13 17:32	18192              c:\windows\System32\Grand Theft Auto IV Screenshot dir\saver2.dll
    + 2009-06-13 17:32 . 2009-06-13 17:32	34304              c:\windows\System32\Grand Theft Auto IV Screenshot dir\saver1.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	92704              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvmctray.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	45056              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvmccsrs.dll
    + 2009-03-20 18:28 . 2009-06-11 14:19	28520              c:\windows\System32\drivers\ssmdrv.sys
    + 2009-06-06 11:39 . 2009-03-08 11:33	18944              c:\windows\System32\corpol.dll
    - 2008-11-28 14:29 . 2009-06-03 13:51	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-11-28 14:29 . 2009-06-14 10:23	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-06-03 13:51	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-11-28 14:29 . 2009-06-14 10:23	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelTraditionalChinese.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelTraditionalChinese.dll
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelSwedish.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelSwedish.dll
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelSpanish.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelSpanish.dll
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelSimplifiedChinese.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelSimplifiedChinese.dll
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelPortugese.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelPortugese.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelKorean.dll
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelKorean.dll
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelJapanese.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelJapanese.dll
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelGerman.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelGerman.dll
    + 2008-10-07 07:13 . 2008-10-07 07:13	58648              c:\windows\System32\AgCPanelFrench.dll
    - 2008-06-11 08:02 . 2008-06-11 08:02	58648              c:\windows\System32\AgCPanelFrench.dll
    + 2009-06-14 10:08 . 2009-06-14 10:08	78562              c:\windows\System32\Adobe\Shockwave 11\uninstaller.exe
    - 2008-12-22 18:42 . 2008-11-24 13:07	58736              c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
    + 2009-04-29 10:17 . 2009-04-29 10:17	58736              c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
    - 2008-12-22 18:42 . 2008-11-24 13:34	94208              c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
    + 2009-04-28 10:23 . 2009-04-28 10:23	94208              c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
    + 2009-04-29 10:17 . 2009-04-29 10:17	52288              c:\windows\System32\Adobe\Shockwave 11\gtapi.dll
    - 2008-12-22 18:42 . 2008-11-24 13:07	52288              c:\windows\System32\Adobe\Shockwave 11\gtapi.dll
    - 2008-01-21 02:23 . 2008-01-21 02:23	72704              c:\windows\System32\admparse.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	72704              c:\windows\System32\admparse.dll
    + 2009-06-06 12:32 . 2009-06-12 18:02	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-06-06 12:32 . 2009-06-12 18:02	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-06-06 12:32 . 2009-06-12 18:02	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-06-02 15:41 . 2009-06-02 15:41	49936              c:\windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe
    + 2009-06-06 11:41 . 2009-06-06 11:41	49936              c:\windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe
    + 2009-06-11 21:07 . 2009-06-11 21:07	35600              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2009-06-02 15:41 . 2009-06-02 15:41	35600              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2008-03-12 12:00 . 2009-06-11 21:08	25214              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\MSWorks.exe
    - 2008-03-12 12:00 . 2008-03-12 12:00	25214              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\MSWorks.exe
    + 2007-06-20 21:04 . 2007-06-20 21:04	13152              c:\windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7\9.7.621\F990_worksup.dll
    + 2009-04-03 16:01 . 2009-04-03 16:01	71504              c:\windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.6425\XL12CNVP.DLL
    + 2009-04-03 15:57 . 2009-04-03 15:57	21320              c:\windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.6425\WRD12EXE.EXE
    + 2006-10-26 20:13 . 2006-10-26 20:13	72472              c:\windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.4518\XL12CNVP.DLL
    - 2006-11-02 10:25 . 2009-03-15 20:31	86016              c:\windows\inf\infstor.dat
    + 2006-11-02 10:25 . 2009-06-04 11:20	86016              c:\windows\inf\infstor.dat
    + 2006-11-02 10:25 . 2009-06-04 11:20	51200              c:\windows\inf\infpub.dat
    - 2006-11-02 10:25 . 2009-05-23 12:42	51200              c:\windows\inf\infpub.dat
    + 2009-06-06 11:39 . 2009-03-08 11:35	2048              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
    + 2008-01-21 02:25 . 2008-01-21 02:25	6656              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18254_none_33f7ddc1da1f1d8a\McrMgr.dll
    - 2008-12-22 18:42 . 2008-11-24 13:35	9216              c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
    + 2009-04-28 10:26 . 2009-04-28 10:26	9216              c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
    + 2009-06-14 10:06 . 2009-06-14 10:06	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-06-03 09:30 . 2009-06-03 09:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-06-14 10:06 . 2009-06-14 10:06	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-06-03 09:30 . 2009-06-03 09:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-06-03 08:58 . 2009-04-11 06:28	182784              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\xmllite.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	218624              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	744448              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcore.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	357888              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	116736              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smipi.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	139264              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\SmiInstaller.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	705536              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smiengine.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	126464              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\rescinst.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	265728              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\repdrvfs.dll
    + 2009-06-03 08:58 . 2009-04-11 06:27	119296              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe
    + 2009-06-03 08:58 . 2009-04-11 06:27	130560              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\PkgMgr.exe
    + 2009-06-03 08:58 . 2009-04-11 06:28	146432              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\OEMHelpIns.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	305152              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	102400              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofinstall.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	189440              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofd.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	222720              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\locdrv.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	100352              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\helpcins.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	614912              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	265728              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\esscli.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	247808              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\drvstore.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	100352              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	258048              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\dpx.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	243712              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CntrtextInstaller.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	271360              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmitrust.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	119808              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiadapter.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	535040              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsCore.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	199168              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apss.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	222208              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apircl.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	420352              c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	726528              c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
    + 2009-06-11 14:23 . 2009-04-23 12:24	784896              c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.22120_none_b65513a45b6873a4\rpcrt4.dll
    + 2009-06-11 14:23 . 2009-04-23 12:15	784896              c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.18024_none_b5cf780142473936\rpcrt4.dll
    + 2009-06-11 14:23 . 2009-04-23 12:39	784896              c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22417_none_b48073ae5e33b3f0\rpcrt4.dll
    + 2009-06-11 14:23 . 2009-04-23 12:43	784896              c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18247_none_b3d66539452e6ad2\rpcrt4.dll
    + 2009-06-11 14:23 . 2009-04-23 12:33	788992              c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.21045_none_b2779aec61277a3f\rpcrt4.dll
    + 2009-06-11 14:23 . 2009-04-23 13:01	788992              c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471\rpcrt4.dll
    + 2009-06-11 14:23 . 2009-04-23 12:22	623616              c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.22120_none_3275d288a9023d20\localspl.dll
    + 2009-06-11 14:23 . 2009-04-23 12:14	623616              c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.18024_none_31f036e58fe102b2\localspl.dll
    + 2009-06-11 14:23 . 2009-04-23 12:39	636928              c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.22417_none_30a13292abcd7d6c\localspl.dll
    + 2009-06-11 14:23 . 2009-04-23 12:42	636928              c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18247_none_2ff7241d92c8344e\localspl.dll
    + 2009-06-11 14:23 . 2009-04-23 12:29	697856              c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.21045_none_2e9859d0aec143bb\localspl.dll
    + 2009-06-11 14:23 . 2009-04-23 12:56	696832              c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.16850_none_2dff138595b00ded\localspl.dll
    + 2009-06-06 11:39 . 2009-03-08 11:22	156160              c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
    + 2009-06-06 11:39 . 2009-03-08 11:35	121344              c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	256000              c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
    + 2009-06-11 14:23 . 2009-05-12 22:35	164352              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieui.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	164352              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieui.dll
    + 2009-06-06 11:39 . 2009-03-08 11:22	164352              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	105984              c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	208384              c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
    + 2009-06-06 11:39 . 2009-03-08 11:33	759296              c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	109056              c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
    + 2009-06-11 14:23 . 2009-05-12 20:35	173056              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\ie4uinit.exe
    + 2009-06-11 14:23 . 2009-05-09 03:36	173056              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\ie4uinit.exe
    + 2009-06-06 11:39 . 2009-03-08 11:32	173056              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
    + 2009-06-11 14:23 . 2009-05-12 22:48	129536              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\sqmapi.dll
    + 2009-06-11 14:23 . 2009-05-09 05:48	129536              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\sqmapi.dll
    + 2009-06-06 11:39 . 2009-03-08 21:09	140128              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	193536              c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	109568              c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
    + 2009-06-06 11:39 . 2009-01-08 01:20	355832              c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
    + 2009-06-06 11:39 . 2009-01-08 01:20	265720              c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	236544              c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	109568              c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
    + 2009-06-06 11:39 . 2009-03-08 11:35	233984              c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
    + 2009-06-06 11:39 . 2009-03-08 11:35	118272              c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
    + 2009-06-06 11:39 . 2009-03-08 11:35	521216              c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
    + 2009-06-06 11:39 . 2009-03-08 21:09	638816              c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
    + 2009-06-06 11:39 . 2009-03-08 11:33	132608              c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
    + 2009-06-06 11:39 . 2009-03-08 11:35	144384              c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
    + 2009-06-06 11:39 . 2009-03-08 11:32	169472              c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
    + 2009-06-11 14:23 . 2009-05-12 22:35	197632              c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22874_none_2ab8403ac959093f\IEShims.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	197632              c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18783_none_2a22d339b0446c0f\IEShims.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	196096              c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
    + 2009-06-11 14:23 . 2009-05-12 22:35	246272              c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22874_none_7359f4a479b0a2d1\ieproxy.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	246272              c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18783_none_72c487a3609c05a1\ieproxy.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	246784              c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	115712              c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
    + 2009-06-07 10:10 . 2009-05-09 13:09	102912              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22873_none_84199871600b10ee\iecompat.dll
    + 2009-06-06 11:41 . 2009-04-25 12:39	102400              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22867_none_842869855fff5a59\iecompat.dll
    + 2009-06-07 10:10 . 2009-05-09 03:37	102912              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18783_none_83852bba46f58d15\iecompat.dll
    + 2009-06-06 11:41 . 2009-04-25 03:31	102400              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18777_none_8393fcce46e9d680\iecompat.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	125952              c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
    + 2009-06-06 11:39 . 2009-03-08 11:33	103936              c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
    + 2009-06-06 11:39 . 2009-03-08 11:33	107520              c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
    + 2009-06-06 11:39 . 2009-03-08 11:32	594432              c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	216064              c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	348160              c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
    + 2009-06-06 11:39 . 2009-03-08 11:35	742912              c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	183808              c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
    + 2009-06-06 11:39 . 2009-03-08 11:11	445952              c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	163840              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	229376              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	125952              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
    + 2009-06-11 14:23 . 2009-05-12 22:34	385536              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22874_none_577b7cbe869d3919\iedkcs32.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	385536              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18783_none_56e60fbd6d889be9\iedkcs32.dll
    + 2009-06-06 11:39 . 2009-03-08 21:09	391536              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
    + 2009-06-11 14:23 . 2009-05-12 22:49	915456              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
    + 2009-06-11 14:23 . 2009-05-09 05:50	915456              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	914944              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	611840              c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	107008              c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
    + 2009-06-06 11:39 . 2009-03-08 11:32	128512              c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	208384              c:\windows\System32\WinFXDocObj.exe
    - 2008-01-21 02:23 . 2008-01-21 02:23	208384              c:\windows\System32\WinFXDocObj.exe
    + 2009-06-06 11:39 . 2009-03-08 11:34	236544              c:\windows\System32\webcheck.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	420352              c:\windows\System32\vbscript.dll
    - 2008-01-21 02:24 . 2008-01-21 02:24	105984              c:\windows\System32\url.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	105984              c:\windows\System32\url.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	107008              c:\windows\System32\SetIEInstalledDate.exe
    + 2009-06-06 11:39 . 2009-03-08 11:33	103936              c:\windows\System32\SetDepNx.exe
    + 2009-06-06 11:39 . 2009-03-08 11:33	107520              c:\windows\System32\RegisterIEPKEYs.exe
    + 2008-11-26 06:55 . 2008-11-26 06:55	288024              c:\windows\System32\PhysXCplUI.exe
    + 2008-11-25 06:38 . 2008-11-25 06:38	288024              c:\windows\System32\PhysXCompatCplUI.exe
    + 2006-11-02 10:33 . 2009-06-14 10:13	586980              c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-06-03 09:56	586980              c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-06-03 09:56	101052              c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2009-06-14 10:13	101052              c:\windows\System32\perfc009.dat
    + 2009-06-06 11:39 . 2009-03-08 11:33	109568              c:\windows\System32\PDMSetup.exe
    + 2009-06-06 11:39 . 2009-03-08 11:34	109568              c:\windows\System32\occache.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	211488              c:\windows\System32\nvvsvc.exe
    + 2009-04-30 22:07 . 2009-04-30 22:07	768544              c:\windows\System32\nvsvc.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	143360              c:\windows\System32\nvshext.dll
    - 2008-09-17 22:55 . 2008-09-17 22:55	465440              c:\windows\System32\nvmccssr.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	465440              c:\windows\System32\nvmccssr.dll
    - 2008-09-17 22:55 . 2008-09-17 22:55	195104              c:\windows\System32\nvmccss.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	195104              c:\windows\System32\nvmccss.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	611840              c:\windows\System32\mstime.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	193536              c:\windows\System32\msrating.dll
    + 2009-06-06 11:39 . 2009-03-08 11:22	156160              c:\windows\System32\msls31.dll
    - 2008-01-21 02:24 . 2008-01-21 02:24	156160              c:\windows\System32\msls31.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	594432              c:\windows\System32\msfeeds.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	726528              c:\windows\System32\jscript.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	169472              c:\windows\System32\iexpress.exe
    + 2009-06-06 11:39 . 2009-03-08 11:33	132608              c:\windows\System32\ieUnatt.exe
    + 2009-06-11 14:23 . 2009-05-09 05:34	164352              c:\windows\System32\ieui.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	109056              c:\windows\System32\iesysprep.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	183808              c:\windows\System32\iepeers.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	385536              c:\windows\System32\iedkcs32.dll
    + 2009-06-06 11:39 . 2009-03-08 11:11	445952              c:\windows\System32\ieapfltr.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	163840              c:\windows\System32\ieakui.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	229376              c:\windows\System32\ieaksie.dll
    + 2009-06-06 11:39 . 2009-03-08 11:33	125952              c:\windows\System32\ieakeng.dll
    + 2009-06-11 14:23 . 2009-05-09 03:36	173056              c:\windows\System32\ie4uinit.exe
    + 2006-11-02 12:47 . 2009-06-12 17:59	333296              c:\windows\System32\FNTCACHE.DAT
    - 2006-11-02 12:47 . 2009-05-24 17:02	333296              c:\windows\System32\FNTCACHE.DAT
    + 2009-06-06 11:39 . 2009-03-08 11:31	216064              c:\windows\System32\dxtrans.dll
    + 2009-06-06 11:39 . 2009-03-08 11:31	348160              c:\windows\System32\dxtmsft.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	207392              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvvsvc.exe
    + 2009-03-27 22:03 . 2009-03-27 22:03	453152              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvudisp.exe
    + 2009-03-27 22:03 . 2009-03-27 22:03	958464              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvsvcr.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	641568              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvsvc.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	465440              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvmccssr.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	195104              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvmccss.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	236064              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvmccs.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	401408              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvcuvid.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	801312              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvcplui.exe
    + 2009-03-27 22:03 . 2009-03-27 22:03	139264              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvcod.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	667648              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvapi.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	795104              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\dpinst.exe
    + 2009-04-30 20:02 . 2009-04-30 20:02	457248              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvudisp.exe
    + 2009-04-30 20:02 . 2009-04-30 20:02	663552              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvcuvid.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	143360              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvcod.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	983552              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvapi.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	795104              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\dpinst.exe
    + 2009-06-06 12:31 . 2009-06-12 18:17	245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-06-06 11:39 . 2009-03-08 11:32	128512              c:\windows\System32\advpack.dll
    + 2009-04-28 10:24 . 2009-04-28 10:24	114688              c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
    - 2008-12-22 18:42 . 2008-11-24 13:34	114688              c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
    + 2009-04-29 10:28 . 2009-04-29 10:28	468408              c:\windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe
    - 2008-12-22 18:42 . 2008-11-24 13:36	446464              c:\windows\System32\Adobe\Shockwave 11\Proj.dll
    + 2009-04-28 10:26 . 2009-04-28 10:26	446464              c:\windows\System32\Adobe\Shockwave 11\Proj.dll
    + 2009-04-28 10:24 . 2009-04-28 10:24	372736              c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
    + 2009-04-29 10:17 . 2009-04-29 10:17	716800              c:\windows\System32\Adobe\Shockwave 11\gi.dll
    + 2009-04-28 10:26 . 2009-04-28 10:26	614400              c:\windows\System32\Adobe\Shockwave 11\Control.dll
    - 2008-12-22 18:42 . 2008-11-24 13:43	202168              c:\windows\System32\Adobe\Director\SwDir.dll
    + 2009-04-29 10:29 . 2009-04-29 10:29	202168              c:\windows\System32\Adobe\Director\SwDir.dll
    + 2009-04-28 10:25 . 2009-04-28 10:25	131072              c:\windows\System32\Adobe\Director\np32dsw.dll
    + 2009-06-06 12:32 . 2009-06-12 18:02	245760              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2008-03-12 12:00 . 2009-06-11 21:08	693600              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\WksWP.exe
    - 2008-03-12 12:00 . 2008-03-12 12:00	693600              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\WksWP.exe
    - 2008-03-12 12:00 . 2008-03-12 12:00	947552              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\wksss.exe
    + 2008-03-12 12:00 . 2009-06-11 21:08	947552              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\wksss.exe
    + 2008-03-12 12:00 . 2009-06-11 21:08	709984              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\WksCal.exe
    - 2008-03-12 12:00 . 2008-03-12 12:00	709984              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\WksCal.exe
    + 2007-06-20 21:04 . 2007-06-20 21:04	161120              c:\windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7\9.7.621\F366_wkcvqr01.dll
    + 2007-06-21 21:48 . 2007-06-21 21:48	972128              c:\windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7\9.7.621\F365_wkcvqd01.dll
    + 2006-10-26 19:49 . 2006-10-26 19:49	509200              c:\windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.4518\WRD12CVR.DLL
    - 2006-11-02 10:25 . 2009-03-15 20:31	143360              c:\windows\inf\infstrng.dat
    + 2006-11-02 10:25 . 2009-06-04 11:20	143360              c:\windows\inf\infstrng.dat
    + 2009-06-11 14:23 . 2009-04-21 11:42	2034688              c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623\win32k.sys
    + 2009-06-11 14:23 . 2009-04-21 11:39	2034688              c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40\win32k.sys
    + 2009-06-11 14:23 . 2009-04-21 13:26	2034176              c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa\win32k.sys
    + 2009-06-11 14:23 . 2009-04-21 11:55	2033152              c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc\win32k.sys
    + 2009-06-11 14:23 . 2009-04-21 11:55	2030080              c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\win32k.sys
    + 2009-06-11 14:23 . 2009-04-21 12:04	2028032              c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0\win32k.sys
    + 2009-06-03 08:58 . 2009-04-11 06:28	1835520              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	2032640              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll
    + 2009-06-03 08:58 . 2009-04-11 06:28	1744384              c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll
    + 2009-06-01 10:54 . 2009-04-14 07:06	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22435_none_f2f64e4f84abbcec\OESpamFilter.dat
    + 2009-06-01 10:54 . 2009-04-14 07:06	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18259_none_f25b10ee6b9abd39\OESpamFilter.dat
    + 2009-06-01 10:54 . 2009-04-14 07:06	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21056_none_f0fb46578794b34f\OESpamFilter.dat
    + 2009-06-01 10:54 . 2009-04-14 07:06	2409776              c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16860_none_f060ffc26e84642a\OESpamFilter.dat
    + 2009-06-11 14:23 . 2009-05-12 22:35	1985024              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\iertutil.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	1985024              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\iertutil.dll
    + 2009-06-06 11:39 . 2009-03-08 11:32	1985024              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
    + 2009-06-11 14:23 . 2009-05-12 22:39	5936128              c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22874_none_f66e22e151498188\mshtml.dll
    + 2009-06-11 14:23 . 2009-05-09 05:38	5936128              c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18783_none_f5d8b5e03834e458\mshtml.dll
    + 2009-06-06 11:39 . 2009-03-08 11:41	5937152              c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
    + 2009-06-06 11:39 . 2009-02-07 04:07	3698584              c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
    + 2009-06-11 14:23 . 2009-05-12 22:48	1207808              c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22874_none_980e282105e9f1bf\urlmon.dll
    + 2009-06-11 14:23 . 2009-05-09 05:49	1207808              c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18783_none_9778bb1fecd5548f\urlmon.dll
    + 2009-06-06 11:39 . 2009-03-08 11:34	1206784              c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
    + 2009-06-11 14:23 . 2009-05-09 05:49	1207808              c:\windows\System32\urlmon.dll
    - 2006-11-02 10:22 . 2009-06-03 09:28	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 10:22 . 2009-06-14 10:13	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-04-30 22:07 . 2009-04-30 22:07	3615264              c:\windows\System32\nvwssr.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	3123744              c:\windows\System32\nvwss.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	4467232              c:\windows\System32\nvvitvsr.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	4045344              c:\windows\System32\nvvitvs.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	1097728              c:\windows\System32\nvsvcr.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	2861600              c:\windows\System32\nvmoblsr.dll
    - 2008-09-17 22:55 . 2008-09-17 22:55	2861600              c:\windows\System32\nvmoblsr.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	1288736              c:\windows\System32\nvmobls.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	4413984              c:\windows\System32\nvgamesr.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	3516960              c:\windows\System32\nvgames.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	5896736              c:\windows\System32\nvdispsr.dll
    + 2009-04-30 22:07 . 2009-04-30 22:07	4020768              c:\windows\System32\nvdisps.dll
    + 2009-06-11 14:23 . 2009-05-09 05:38	5936128              c:\windows\System32\mshtml.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	1985024              c:\windows\System32\iertutil.dll
    + 2009-06-06 11:39 . 2009-02-07 04:07	3698584              c:\windows\System32\ieapfltr.dat
    + 2009-03-27 22:03 . 2009-03-27 22:03	3033632              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvwssr.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	2751008              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvwss.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	2742784              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvwgf2um.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	4287008              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvvitvsr.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	3803680              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvvitvs.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	1347584              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvsvsr.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	1277952              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvsvs.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	9945088              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvoglv32.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	2861600              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvmoblsr.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	1280544              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvmobls.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	7738816              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvlddmkm.sys
    + 2009-03-27 22:03 . 2009-03-27 22:03	4287008              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvgamesr.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	3496480              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvgames.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	6593056              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvdispsr.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	4717088              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvdisps.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	6082560              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvd3dum.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	1560576              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvcuda.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	1108512              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvcpluir.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	3128320              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvwgf2um.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	9850016              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvlddmkm.sys
    + 2009-04-30 20:02 . 2009-04-30 20:02	7593472              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvd3dum.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	1314816              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvcuvenc.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	1704960              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvcuda.dll
    + 2009-04-28 10:00 . 2009-04-28 10:00	1011712              c:\windows\System32\Adobe\Shockwave 11\iml32.dll
    + 2009-04-29 10:17 . 2009-04-29 10:17	1145896              c:\windows\System32\Adobe\Shockwave 11\gt.exe
    - 2008-12-22 18:42 . 2008-11-24 13:07	1145896              c:\windows\System32\Adobe\Shockwave 11\gt.exe
    + 2009-04-28 10:04 . 2009-04-28 10:04	1798144              c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
    - 2008-12-22 18:42 . 2008-11-24 13:16	1798144              c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
    - 2009-04-13 00:10 . 2009-06-03 09:28	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-04-13 00:10 . 2009-06-13 22:01	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2008-03-12 12:00 . 2009-06-11 21:08	1099104              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\WksSb.exe
    - 2008-03-12 12:00 . 2008-03-12 12:00	1099104              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\WksSb.exe
    - 2008-03-12 12:00 . 2008-03-12 12:00	1242464              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\wksdb.exe
    + 2008-03-12 12:00 . 2009-06-11 21:08	1242464              c:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\wksdb.exe
    + 2009-02-05 09:36 . 2009-02-05 09:36	1640800              c:\windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6425\OGL.DLL
    + 2009-04-03 16:21 . 2009-04-03 16:21	8543096              c:\windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6425\OARTCONV.DLL
    + 2009-04-03 15:57 . 2009-04-03 15:57	4671320              c:\windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.6425\WRD12CNV.DLL
    + 2009-06-14 10:49 . 2009-06-14 10:49	6295552              c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
    + 2009-06-11 14:23 . 2009-05-12 22:35	11064832              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieframe.dll
    + 2009-06-11 14:23 . 2009-05-09 05:34	11064832              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieframe.dll
    + 2009-06-06 11:39 . 2009-03-08 11:39	11063808              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
    + 2009-06-03 16:30 . 2009-06-14 10:13	60623656              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
    + 2009-04-30 22:07 . 2009-04-30 22:07	13781536              c:\windows\System32\nvcpl.dll
    + 2006-11-02 10:24 . 2009-06-01 16:51	23635392              c:\windows\System32\mrt.exe
    + 2009-06-11 14:23 . 2009-05-09 05:34	11064832              c:\windows\System32\ieframe.dll
    + 2009-03-27 22:03 . 2009-03-27 22:03	13687328              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_df3f64cf\nvcpl.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	10366976              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\nvoglv32.dll
    + 2009-04-30 20:02 . 2009-04-30 20:02	38177933              c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_28b154da\NvCplSetupInt.exe
    + 2009-04-03 16:46 . 2009-04-03 16:46	17314688              c:\windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6425\MSO.DLL
    + 2009-04-03 16:01 . 2009-04-03 16:01	15108448              c:\windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.6425\XL12CNV.EXE
    .
    -- Snapshot auf jetziges Datum zurückgesetzt --
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Any Wallpaper"="c:\program files\AnyUtils\Any Wallpaper\AnyWallpaper.exe" [2008-07-26 122880]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-29 516440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ACCControl.lnk - c:\program files\Universal DVB Receiver\Wizard\AccControl.exe [2008-9-19 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2646394D-E733-439C-83C9-B7CC01B2E1E9}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "UDP Query User{58313528-5373-4943-9A40-0C00310E6112}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "{B41CAFB6-E1EF-422B-B654-506B53E2D099}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{F7B11F93-0C92-4984-817A-CAF83B975F6F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B3E6F6F7-5174-4805-B79E-71DDCD488C14}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{00CD27A8-0340-440F-B89E-6B0EE16C5374}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{3D182488-23A3-45AE-90A1-395FDE232D27}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{F9B9690D-3578-4747-B65E-68835FDF16E7}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{5D1B62F9-0BDE-4955-B392-B8C891CDF752}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{63C2C407-8B8E-4C48-8B52-39E404E8851D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{2B6859F0-CF8B-427B-AD85-DE59B19CAC24}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{FA215510-D03A-405B-BE10-ED052C6B4D5D}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{140D9DF7-23D4-4A64-941F-8471849736A9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{8C58747E-079E-4209-9A47-A341C0BB8F09}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0B4A0B8F-4B88-4B3F-BE26-E390F8B99844}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{26FFC045-E122-4B2B-9A7D-67B421E72580}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{8308432D-4AB3-4AF9-A6AD-0F06CAD4979E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{0D3F5237-D24A-42B7-AC9C-83415EDC6D59}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{DB988C9A-95CC-44EF-997C-3B444D72A89B}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{22B2092C-FE36-4B03-A3A9-074682694CFA}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{E3EBD3B8-231F-4A2B-B7B0-43532C4FF21A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{98408E1B-1AFA-4A9A-85B2-F0AF46B1130E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{5A0C4BD1-6620-4A42-88FC-EC7297C576FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E9B9E188-9C80-4A2A-8E89-FBC096651446}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{4A5B2C63-15D4-4ED0-A316-87B99EB7A29F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A909D77B-C137-4DBA-AAE4-9EE78BC5163F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{218954EB-C383-4AA7-AA02-18D6BF830CD1}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{CECEE2DD-0A59-41DE-BE30-F5FB9B7B65A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{23E1BAC1-04AD-48CE-BBEF-7713D99B2A36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{85DD9BC7-867C-4EB8-9FC1-C0C44447D1AD}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{CCB99321-D246-4CD0-ABC1-460E1FB8AA31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{22AC0706-6B49-4C77-9D94-AAAF5BFAA379}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{FBE9CF26-246A-493E-B8D8-97C31DB1972C}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "TCP Query User{741F3CC3-294E-4C25-9EA1-A4AF5B8A7048}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
    "UDP Query User{820ED1AB-217A-46D3-9555-5186C14002FF}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 18:21 64160]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 08:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 20:28 108289]
    R2 EasyHideIP;EasyHideIP;c:\program files\Easy-Hide-IP\services\EasyHideIp.exe [09.04.2009 19:03 45056]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 22:56 52592]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07.01.2009 15:17 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 09:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 09:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 08:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 09:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 08:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 08:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 08:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 22:56 10096]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 20:46 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 953168]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 18:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
    S3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 14:40 88704]
    S3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 17:30 486912]
    S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 17:30 7680]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 20:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhalt des "geplante Tasks" Ordners
    
    2009-06-14 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2009-06-14 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2009-06-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=13166&l=dis
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - 
    
    ---- FIREFOX Richtlinien ----
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-14 12:55
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:dd,43,73,96,0e,8f,22,ba,bc,6c,e3,d6,af,d7,a7,91,71,13,31,04,1b,
       6a,80,ec,6b,8f,d3,a1,be,61,85,b1,07,25,86,e6,dd,8f,03,c6,c4,50,c0,6c,f2,92,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    Zeit der Fertigstellung: 2009-06-14 12:57
    ComboFix-quarantined-files.txt  2009-06-14 10:57
    ComboFix2.txt  2009-06-03 16:20
    ComboFix3.txt  2009-06-01 18:27
    ComboFix4.txt  2009-06-01 10:27
    
    Vor Suchlauf: 14 Verzeichnis(se), 103.335.731.200 Bytes frei
    Nach Suchlauf: 14 Verzeichnis(se), 103.345.254.400 Bytes frei
    
    674	--- E O F ---	2009-06-14 10:13
    ComboFix 09-06-28.06 - Edem 29.06.2009 17:26.5 - NTFSx86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.2300 [GMT 2:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    
    ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\program files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}
    c:\program files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}\install.rdf
    c:\windows\icon.ico
    
    .
    (((((((((((((((((((((((   Dateien erstellt von 2009-05-28 bis 2009-06-29  ))))))))))))))))))))))))))))))
    .
    
    2009-06-29 15:32 . 2009-06-29 15:32	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2009-06-29 15:32 . 2009-06-29 15:32	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-06-18 19:45 . 2009-06-18 19:45	--------	d-----w-	c:\users\Edem\AppData\Local\Stardock
    2009-06-18 17:49 . 2009-06-18 17:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Stardock
    2009-06-18 17:48 . 2009-06-18 19:37	--------	d-----w-	c:\program files\Common Files\Stardock
    2009-06-18 17:48 . 2009-06-18 19:45	--------	d-----w-	c:\program files\Stardock
    2009-06-16 16:32 . 2009-06-16 20:53	--------	d-----w-	c:\users\Edem\AppData\Local\SecondLife
    2009-06-16 16:32 . 2009-06-16 16:34	--------	d-----w-	c:\users\Edem\AppData\Roaming\SecondLife
    2009-06-16 16:31 . 2009-06-16 16:32	--------	d-----w-	c:\program files\SecondLife
    2009-06-14 10:16 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
    2009-06-14 10:16 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
    2009-06-13 17:32 . 2009-06-13 17:32	--------	d-----w-	c:\windows\system32\Grand Theft Auto IV Screenshot dir
    2009-06-13 17:32 . 2009-06-13 17:32	520192	----a-w-	c:\windows\system32\Grand Theft Auto IV Screenshot.scr
    2009-06-06 11:48 . 2009-06-16 15:35	--------	d-----w-	c:\program files\ProgDVB
    2009-06-03 18:33 . 2009-06-03 18:33	--------	d-----w-	c:\users\Edem\AppData\Local\AnyUtils
    2009-06-03 18:33 . 2009-06-16 15:30	--------	d-----w-	c:\program files\AnyUtils
    2009-06-03 09:12 . 2009-06-03 09:12	--------	d-----w-	c:\program files\CCleaner
    2009-06-02 15:35 . 2009-06-02 15:35	--------	d-----w-	c:\windows\Sun
    2009-06-01 11:05 . 2009-06-03 11:00	--------	d-----w-	c:\program files\Activision
    2009-05-31 19:01 . 2009-05-31 19:01	--------	d-----w-	C:\rsit
    16508-12-01 17:49 . 2009-06-04 11:03	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-29 14:40 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2009-06-29 14:40 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2009-06-25 21:01 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2009-06-18 19:46 . 2006-11-02 07:26	16496640	----a-w-	c:\windows\system32\imageres.dll
    2009-06-18 19:45 . 2009-04-18 22:17	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-06-18 17:04 . 2009-04-09 17:03	--------	d-----w-	c:\program files\Easy-Hide-IP
    2009-06-17 20:23 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2009-06-17 20:23 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2009-06-14 12:30 . 2008-11-30 11:59	--------	d-----w-	c:\program files\EA Games
    2009-06-11 21:08 . 2008-03-12 11:59	--------	d-----w-	c:\program files\Microsoft Works
    2009-06-06 10:47 . 2008-11-29 11:13	1626	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2009-06-04 11:22 . 2009-03-15 20:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
    2009-06-04 11:22 . 2009-03-15 20:31	--------	d-----w-	c:\program files\AGEIA Technologies
    2009-06-03 09:34 . 2009-04-09 15:02	--------	d-----w-	c:\program files\Hide My IP 2009
    2009-06-03 09:34 . 2009-03-20 16:04	--------	d-----w-	c:\program files\FolderAccess
    2009-06-03 09:33 . 2009-02-27 17:14	--------	d-----w-	c:\program files\Ashampoo
    2009-06-02 18:56 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2009-06-02 18:56 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2009-06-02 15:37 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2009-05-31 11:06 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2009-05-29 16:22 . 2009-02-27 17:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\Ashampoo
    2009-05-29 15:28 . 2009-05-29 15:28	680	----a-w-	c:\users\Edem\AppData\Local\d3d9caps.dat
    2009-05-18 13:41 . 2009-05-07 15:53	--------	d-----w-	c:\program files\Live-Player
    2009-05-14 16:00 . 2009-05-14 16:00	--------	d-----w-	c:\program files\Alwil Software
    2009-05-12 18:30 . 2009-05-12 18:30	--------	d-----w-	c:\program files\Serials World
    2009-05-09 05:50 . 2009-06-11 14:23	915456	----a-w-	c:\windows\system32\wininet.dll
    2009-05-09 05:34 . 2009-06-11 14:23	71680	----a-w-	c:\windows\system32\iesetup.dll
    2009-05-07 15:53 . 2009-05-07 15:53	--------	d-----w-	c:\users\Edem\AppData\Roaming\live-player
    2009-05-06 16:49 . 2009-05-06 16:41	--------	d-----w-	c:\users\Edem\AppData\Roaming\DeepBurner
    2009-05-06 16:41 . 2009-05-06 16:41	--------	d-----w-	c:\program files\Astonsoft
    2009-05-05 20:12 . 2008-11-28 20:27	--------	d-----w-	c:\program files\Java
    2009-05-01 21:02 . 2009-05-01 21:02	823296	----a-w-	c:\windows\system32\divx_xx0c.dll
    2009-05-01 21:02 . 2009-05-01 21:02	823296	----a-w-	c:\windows\system32\divx_xx07.dll
    2009-05-01 21:02 . 2009-05-01 21:02	815104	----a-w-	c:\windows\system32\divx_xx0a.dll
    2009-05-01 21:02 . 2009-05-01 21:02	811008	----a-w-	c:\windows\system32\divx_xx16.dll
    2009-05-01 21:02 . 2009-05-01 21:02	802816	----a-w-	c:\windows\system32\divx_xx11.dll
    2009-05-01 21:02 . 2009-05-01 21:02	685056	----a-w-	c:\windows\system32\DivX.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1505824	----a-w-	c:\windows\system32\nvcpluir.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1194528	----a-w-	c:\windows\system32\nvcplui.exe
    2009-04-30 22:08 . 2009-04-30 22:08	1358368	----a-w-	c:\windows\system32\nvsvsr.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1292832	----a-w-	c:\windows\system32\nvsvs.dll
    2009-04-30 20:02 . 2009-04-30 20:02	9850016	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
    2009-04-30 20:02 . 2009-04-30 20:02	663552	----a-w-	c:\windows\system32\nvcuvid.dll
    2009-04-30 20:02 . 2009-04-30 20:02	457248	----a-w-	c:\windows\system32\nvudisp.exe
    2009-04-30 20:02 . 2009-04-30 20:02	4224	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
    2009-04-30 20:02 . 2009-04-30 20:02	3128320	----a-w-	c:\windows\system32\nvwgf2um.dll
    2009-04-30 20:02 . 2009-04-30 20:02	1704960	----a-w-	c:\windows\system32\nvcuda.dll
    2009-04-30 20:02 . 2009-04-30 20:02	143360	----a-w-	c:\windows\system32\nvcod146.dll
    2009-04-30 20:02 . 2009-04-30 20:02	143360	----a-w-	c:\windows\system32\nvcod.dll
    2009-04-30 20:02 . 2009-04-30 20:02	1314816	----a-w-	c:\windows\system32\nvcuvenc.dll
    2009-04-30 20:02 . 2009-04-30 20:02	10366976	----a-w-	c:\windows\system32\nvoglv32.dll
    2009-04-30 20:02 . 2008-03-24 17:52	983552	----a-w-	c:\windows\system32\nvapi.dll
    2009-04-30 20:02 . 2008-03-24 17:52	7593472	----a-w-	c:\windows\system32\nvd3dum.dll
    2009-04-29 16:21 . 2009-04-29 16:28	15688	----a-w-	c:\windows\system32\lsdelete.exe
    2009-04-29 16:20 . 2009-04-29 16:21	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
    2009-04-27 11:19 . 2009-03-20 18:28	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
    2009-04-27 11:19 . 2009-03-20 18:28	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
    2009-04-26 22:42 . 2008-03-12 10:52	457248	----a-w-	c:\windows\system32\nvuninst.exe
    2009-04-23 12:43 . 2009-06-11 14:23	784896	----a-w-	c:\windows\system32\rpcrt4.dll
    2009-04-23 12:42 . 2009-06-11 14:23	636928	----a-w-	c:\windows\system32\localspl.dll
    2009-04-21 22:20 . 2009-04-21 22:20	14311680	----a-w-	c:\windows\system32\xlive.dll
    2009-04-21 22:20 . 2009-04-21 22:20	13642496	----a-w-	c:\windows\system32\xlivefnt.dll
    2009-04-21 11:55 . 2009-06-11 14:23	2033152	----a-w-	c:\windows\system32\win32k.sys
    2009-04-12 17:54 . 2009-04-18 22:18	954368	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-04-12 17:54 . 2009-04-18 22:18	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-04-12 17:54 . 2009-04-18 22:18	71652	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
    2009-04-12 17:54 . 2009-04-18 22:18	4534272	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-04-12 17:54 . 2009-04-18 22:18	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-04-12 17:54 . 2009-04-18 22:18	131868	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
    2009-04-12 17:54 . 2009-04-18 22:18	1161626	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
    2009-04-12 17:54 . 2009-04-18 22:18	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-04-03 10:39 . 2009-04-03 10:39	70936	----a-w-	c:\windows\system32\PhysXLoader.dll
    2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
    2004-06-01 15:22 . 2004-06-01 15:22	122880	--sha-w-	c:\windows\System32\ppfsys.exe
    .
    
    (((((((((((((((((((((((((((((   SnapShot_2009-06-14_10.55.56   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-06-14 10:16 . 2009-04-30 12:00	18944              c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.21051_none_372af3e22ffed0a6\ehtrace.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	18944              c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16856_none_36a6806716dc7c4d\ehtrace.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	21504              c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.21051_none_2e4be1e29e60eb10\ehdebug.dll
    + 2009-06-14 10:16 . 2009-04-30 12:41	21504              c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16856_none_2dc76e67853e96b7\ehdebug.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	77824              c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.21051_none_fc39e70a22fc10d2\ehiExtens.dll
    + 2009-06-14 10:16 . 2009-04-30 12:55	77824              c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16856_none_fbb5738f09d9bc79\ehiExtens.dll
    + 2008-01-21 01:58 . 2009-06-29 14:37	60790              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-06-29 14:37	91508              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-11-28 14:58 . 2009-06-29 14:37	15174              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4005247752-3487466502-3436956655-1001_UserData.bin
    + 2008-02-01 11:53 . 2008-02-01 11:53	42672              c:\windows\System32\wbsys.dll
    + 2008-02-01 11:55 . 2009-03-24 09:40	57904              c:\windows\System32\wbload.dll
    + 2008-11-28 14:29 . 2009-06-29 14:36	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-06-14 10:23	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-06-14 10:23	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-11-28 14:29 . 2009-06-29 14:36	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-02-17 13:07 . 2008-12-05 04:29	18944              c:\windows\ehome\ehtrace.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	18944              c:\windows\ehome\ehtrace.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	68608              c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\6bbccbe0a8c11852deb983171cdd6b90\loadmxf.ni.exe
    + 2009-06-16 17:52 . 2009-06-16 17:52	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\7d1b0bddb8c7679cca83f3003e95ce6f\ehExtCOM.ni.dll
    + 2009-06-14 10:16 . 2009-04-30 12:17	6656              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22423_none_34a0ebecf3254d51\McrMgr.dll
    + 2009-06-14 10:16 . 2009-04-30 12:02	6656              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.21051_none_3298132af61913a0\McrMgr.dll
    + 2009-06-14 10:16 . 2009-04-30 12:44	6656              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16856_none_32139fafdcf6bf47\McrMgr.dll
    - 2009-06-14 10:06 . 2009-06-14 10:06	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-06-29 14:34 . 2009-06-29 14:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-06-14 10:06 . 2009-06-14 10:06	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-06-29 14:34 . 2009-06-29 14:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-06-14 10:16 . 2009-04-30 12:19	293376              c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22423_none_dc743bad703abfa3\psisdecd.dll
    + 2009-06-14 10:16 . 2009-04-30 12:37	293376              c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18254_none_dbcb2d8257348fdc\psisdecd.dll
    + 2009-06-14 10:16 . 2009-04-30 12:06	292352              c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.21051_none_da6b62eb732e85f2\psisdecd.dll
    + 2009-06-14 10:16 . 2009-04-30 12:52	292352              c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16856_none_d9e6ef705a0c3199\psisdecd.dll
    + 2009-06-14 10:16 . 2009-04-30 12:19	428544              c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22423_none_e0ef19f3a791bbf8\EncDec.dll
    + 2009-06-14 10:16 . 2009-04-30 12:37	428544              c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18254_none_e0460bc88e8b8c31\EncDec.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	428032              c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.21051_none_dee64131aa858247\EncDec.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	428032              c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16856_none_de61cdb691632dee\EncDec.dll
    + 2009-06-24 18:08 . 2009-05-30 13:15	102912              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22883_none_840ec88560132cdf\iecompat.dll
    + 2009-06-24 18:08 . 2009-06-02 03:27	102912              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18793_none_837a5bce46fda906\iecompat.dll
    + 2009-06-14 10:16 . 2009-04-30 10:34	253952              c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22423_none_4bdfc1ce6de6cf39\ehvid.exe
    + 2009-06-14 10:16 . 2009-04-30 10:28	253952              c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.18254_none_4b36b3a354e09f72\ehvid.exe
    + 2009-06-14 10:16 . 2009-04-30 10:19	253952              c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.21051_none_49d6e90c70da9588\ehvid.exe
    + 2009-06-14 10:16 . 2009-04-30 10:42	253952              c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16856_none_4952759157b8412f\ehvid.exe
    + 2009-06-14 10:16 . 2009-04-30 12:16	522240              c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22423_none_cf3b1fcee292dd5c\ehui.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	522240              c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18254_none_ce9211a3c98cad95\ehui.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	521728              c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.21051_none_cd32470ce586a3ab\ehui.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	517632              c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16856_none_ccadd391cc644f52\ehui.dll
    + 2009-06-14 10:16 . 2009-04-30 12:16	105472              c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22423_none_273f9b1b7b253f90\ehPresenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	105472              c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18254_none_26968cf0621f0fc9\ehPresenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	105472              c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.21051_none_2536c2597e1905df\ehPresenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:41	105472              c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16856_none_24b24ede64f6b186\ehPresenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:01	278528              c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.22126_none_3019d864cf578034\ehPlayer.dll
    + 2009-06-14 10:16 . 2009-04-30 11:47	278528              c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.18030_none_2f7f69f1b6476451\ehPlayer.dll
    + 2009-06-14 10:16 . 2009-04-30 12:16	278528              c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.22423_none_2e30659ed233df0b\ehPlayer.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	278528              c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.18254_none_2d875773b92daf44\ehPlayer.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	278528              c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.21051_none_2c278cdcd527a55a\ehPlayer.dll
    + 2009-06-14 10:16 . 2009-04-30 12:16	373248              c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22423_none_2fb2ddfc834d299c\ehglid.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	373248              c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18254_none_2f09cfd16a46f9d5\ehglid.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	372736              c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.21051_none_2daa053a8640efeb\ehglid.dll
    + 2009-06-14 10:16 . 2009-04-30 12:41	372224              c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16856_none_2d2591bf6d1e9b92\ehglid.dll
    + 2009-06-14 10:16 . 2009-04-30 11:47	173056              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22423_none_34a0ebecf3254d51\McrMgr.exe
    + 2009-06-14 10:16 . 2009-04-30 12:00	173056              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18254_none_33f7ddc1da1f1d8a\McrMgr.exe
    + 2009-06-14 10:16 . 2009-04-30 11:31	173056              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.21051_none_3298132af61913a0\McrMgr.exe
    + 2009-06-14 10:16 . 2009-04-30 12:09	173056              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16856_none_32139fafdcf6bf47\McrMgr.exe
    + 2009-06-14 10:16 . 2009-04-30 12:16	254464              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22423_none_152e7b96b8dde8f3\ehReplay.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	254464              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18254_none_14856d6b9fd7b92c\ehReplay.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	254464              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.21051_none_1325a2d4bbd1af42\ehReplay.dll
    + 2009-06-14 10:16 . 2009-04-30 12:41	252416              c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16856_none_12a12f59a2af5ae9\ehReplay.dll
    + 2009-06-14 10:16 . 2009-04-30 12:19	180224              c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22423_none_ce9aa784e2f278f7\cbva.dll
    + 2009-06-14 10:16 . 2009-04-30 12:37	180224              c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18254_none_cdf19959c9ec4930\cbva.dll
    + 2009-06-14 10:16 . 2009-04-30 11:59	180224              c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.21051_none_cc91cec2e5e63f46\cbva.dll
    + 2009-06-14 10:16 . 2009-04-30 12:40	180224              c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16856_none_cc0d5b47ccc3eaed\cbva.dll
    + 2009-06-14 10:16 . 2009-04-30 12:06	212992              c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.22126_none_27de1592e29b9884\Microsoft.MediaCenter.dll
    + 2009-06-14 10:16 . 2009-04-30 11:54	212992              c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.18030_none_2743a71fc98b7ca1\Microsoft.MediaCenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:21	212992              c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.22423_none_25f4a2cce577f75b\Microsoft.MediaCenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	212992              c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.18254_none_254b94a1cc71c794\Microsoft.MediaCenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	225280              c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.21051_none_23ebca0ae86bbdaa\Microsoft.MediaCenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:56	225280              c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16856_none_2367568fcf496951\Microsoft.MediaCenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:06	188416              c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6002.22126_none_c7f9169954229812\mcstore.dll
    + 2009-06-14 10:16 . 2009-04-30 11:54	188416              c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6002.18030_none_c75ea8263b127c2f\mcstore.dll
    + 2009-06-14 10:16 . 2009-04-30 12:21	188416              c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6001.22423_none_c60fa3d356fef6e9\mcstore.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	188416              c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6001.18254_none_c56695a83df8c722\mcstore.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	212992              c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6000.21051_none_c406cb1159f2bd38\mcstore.dll
    + 2009-06-14 10:16 . 2009-04-30 12:55	212992              c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6000.16856_none_c382579640d068df\mcstore.dll
    + 2009-06-14 10:16 . 2009-04-30 12:06	532480              c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6002.22126_none_8d41cc615e8201b1\ehRecObj.dll
    + 2009-06-14 10:16 . 2009-04-30 11:54	532480              c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6002.18030_none_8ca75dee4571e5ce\ehRecObj.dll
    + 2009-06-14 10:16 . 2009-04-30 12:21	532480              c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6001.22423_none_8b58599b615e6088\ehRecObj.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	532480              c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6001.18254_none_8aaf4b70485830c1\ehRecObj.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	532480              c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6000.21051_none_894f80d9645226d7\ehRecObj.dll
    + 2009-06-14 10:16 . 2009-04-30 12:55	532480              c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6000.16856_none_88cb0d5e4b2fd27e\ehRecObj.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	135168              c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.21051_none_bd56e025daf6b2dd\ehexthost.exe
    + 2009-06-14 10:16 . 2009-04-30 12:55	135168              c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16856_none_bcd26caac1d45e84\ehexthost.exe
    + 2009-06-14 10:16 . 2009-04-30 12:06	839680              c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6002.22126_none_de03aef7e5372a6c\ehepg.dll
    + 2009-06-14 10:16 . 2009-04-30 11:54	839680              c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6002.18030_none_dd694084cc270e89\ehepg.dll
    + 2009-06-14 10:16 . 2009-04-30 12:21	839680              c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6001.22423_none_dc1a3c31e8138943\ehepg.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	839680              c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6001.18254_none_db712e06cf0d597c\ehepg.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	876544              c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.21051_none_da11636feb074f92\ehepg.dll
    + 2009-06-14 10:16 . 2009-04-30 12:55	876544              c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16856_none_d98ceff4d1e4fb39\ehepg.dll
    + 2008-06-20 17:31 . 2008-06-20 17:31	118960              c:\windows\ThemeMgrInstall.exe
    + 2009-02-12 15:28 . 2009-06-27 17:21	245930              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2006-11-02 10:33 . 2009-06-29 14:40	586980              c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-06-14 10:13	586980              c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-06-29 14:40	101052              c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-06-14 10:13	101052              c:\windows\System32\perfc009.dat
    + 2008-02-01 18:55 . 2008-02-01 18:55	102400              c:\windows\sdczip.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	212992              c:\windows\ehome\Microsoft.MediaCenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	188416              c:\windows\ehome\mcstore.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	173056              c:\windows\ehome\McrMgr.exe
    - 2009-02-17 13:07 . 2008-12-05 04:32	173056              c:\windows\ehome\McrMgr.exe
    - 2009-02-17 13:07 . 2008-12-05 04:31	253952              c:\windows\ehome\ehvid.exe
    + 2009-06-14 10:16 . 2009-04-30 10:28	253952              c:\windows\ehome\ehvid.exe
    + 2009-06-14 10:16 . 2009-04-30 12:33	522240              c:\windows\ehome\ehui.dll
    - 2009-02-17 13:07 . 2008-12-05 04:32	522240              c:\windows\ehome\ehui.dll
    - 2009-02-17 13:07 . 2008-12-05 04:32	254464              c:\windows\ehome\ehReplay.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	254464              c:\windows\ehome\ehReplay.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	532480              c:\windows\ehome\ehRecObj.dll
    - 2009-02-17 13:07 . 2008-12-05 04:32	105472              c:\windows\ehome\ehPresenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	105472              c:\windows\ehome\ehPresenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	278528              c:\windows\ehome\ehPlayer.dll
    - 2009-02-17 13:07 . 2008-12-05 04:32	373248              c:\windows\ehome\ehglid.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	373248              c:\windows\ehome\ehglid.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	839680              c:\windows\ehome\ehepg.dll
    + 2009-06-14 10:16 . 2009-04-30 12:37	180224              c:\windows\ehome\cbva.dll
    - 2009-02-17 13:07 . 2008-12-05 04:32	180224              c:\windows\ehome\cbva.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	593408              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\3d56b094afac4af1a70139db5def0ca9\Microsoft.MediaCenter.ni.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	227840              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\36fab2e0f1676d5775b3d4c12969e530\Microsoft.MediaCenter.Shell.ni.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	659968              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\0e75a29f2e01cde09b8eb1c42721087b\Microsoft.MediaCenter.Sports.ni.dll
    + 2009-06-16 17:52 . 2009-06-16 17:52	253440              c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\c5bfca92e2f22bd8e04e4254527e0229\mcupdate.ni.exe
    + 2009-06-16 17:51 . 2009-06-16 17:51	218624              c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\9391dc4bd2491c74bc8a6da979272635\mcstoredb.ni.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	638464              c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\174620556f019421c86abf116fa24327\mcstore.ni.dll
    + 2009-06-16 17:52 . 2009-06-16 17:52	242688              c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\b4132a41c31eb5d16392ad0e75449669\ehExtHost.ni.exe
    + 2009-06-16 17:51 . 2009-06-16 17:51	305152              c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\b6157220ec28c470c1539fb2afb361ef\ehepgdat.ni.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	212992              c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	188416              c:\windows\assembly\GAC_MSIL\mcstore\6.0.6000.0__31bf3856ad364e35\mcstore.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	532480              c:\windows\assembly\GAC_MSIL\ehRecObj\6.0.6000.0__31bf3856ad364e35\ehRecObj.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	839680              c:\windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
    + 2009-06-14 10:16 . 2009-04-30 12:02	1244672              c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.21051_none_3d9893fe7ba30b35\mcmde.dll
    + 2009-06-14 10:16 . 2009-04-30 12:44	1244672              c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16856_none_3d1420836280b6dc\mcmde.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	1498112              c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.21051_none_3a793943475c584d\ehuihlp.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	1497088              c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16856_none_39f4c5c82e3a03f4\ehuihlp.dll
    + 2009-06-14 10:16 . 2009-04-30 12:17	1384960              c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.22423_none_3685ee5032972d7f\Mcx2Filter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:34	1384960              c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18254_none_35dce0251990fdb8\Mcx2Filter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:03	1384960              c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.21051_none_347d158e358af3ce\Mcx2Filter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:44	1384960              c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16856_none_33f8a2131c689f75\Mcx2Filter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:06	1970176              c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.22126_none_3582bc9f6d832c6e\Microsoft.MediaCenter.UI.dll
    + 2009-06-14 10:16 . 2009-04-30 11:54	1970176              c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.18030_none_34e84e2c5473108b\Microsoft.MediaCenter.UI.dll
    + 2009-06-14 10:16 . 2009-04-30 12:21	1970176              c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22423_none_339949d9705f8b45\Microsoft.MediaCenter.UI.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	1970176              c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18254_none_32f03bae57595b7e\Microsoft.MediaCenter.UI.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	2363392              c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.21051_none_3190711773535194\Microsoft.MediaCenter.UI.dll
    + 2009-06-14 10:16 . 2009-04-30 12:56	2355200              c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16856_none_310bfd9c5a30fd3b\Microsoft.MediaCenter.UI.dll
    + 2009-06-14 10:16 . 2009-04-30 12:06	1249280              c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.22126_none_52f46defac2f2f54\Microsoft.MediaCenter.Shell.dll
    + 2009-06-14 10:16 . 2009-04-30 11:54	1249280              c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.18030_none_5259ff7c931f1371\Microsoft.MediaCenter.Shell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:21	1249280              c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.22423_none_510afb29af0b8e2b\Microsoft.MediaCenter.Shell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	1253376              c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.18254_none_5061ecfe96055e64\Microsoft.MediaCenter.Shell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	1282048              c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.21051_none_4f022267b1ff547a\Microsoft.MediaCenter.Shell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:56	1208320              c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16856_none_4e7daeec98dd0021\Microsoft.MediaCenter.Shell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:06	4059136              c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6002.22126_none_8df6ca3857eab8be\ehshell.dll
    + 2009-06-14 10:16 . 2009-04-30 11:54	4059136              c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6002.18030_none_8d5c5bc53eda9cdb\ehshell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:21	4059136              c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22423_none_8c0d57725ac71795\ehshell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	4059136              c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18254_none_8b64494741c0e7ce\ehshell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:09	4395008              c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.21051_none_8a047eb05dbadde4\ehshell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:55	4382720              c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16856_none_89800b354498898b\ehshell.dll
    + 2006-11-02 10:22 . 2009-06-24 20:47	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2006-11-02 10:22 . 2009-06-14 10:13	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-06-22 20:13 . 2009-06-28 21:56	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-04-13 00:10 . 2009-06-13 22:01	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-06-14 10:16 . 2009-04-30 12:42	1970176              c:\windows\ehome\Microsoft.MediaCenter.UI.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	1253376              c:\windows\ehome\Microsoft.MediaCenter.Shell.dll
    - 2009-02-17 13:07 . 2008-12-05 04:32	1384960              c:\windows\ehome\Mcx2Filter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:34	1384960              c:\windows\ehome\Mcx2Filter.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	4059136              c:\windows\ehome\ehshell.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	5486080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\d5e452117b21f6714bfc7a3144fc5826\Microsoft.MediaCenter.UI.ni.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	1732608              c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\1ac4e294520e6824cff9493c2b0452c9\ehRecObj.ni.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	2130432              c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\41115207c13d5fb481121b2cb48bf3a0\ehepg.ni.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	1970176              c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	1253376              c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	4059136              c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
    - 2006-11-02 07:26 . 2006-11-02 09:39	15821312              c:\windows\winsxs\x86_microsoft-windows-imageres_31bf3856ad364e35_6.0.6000.16386_none_da86e136fafaf563\imageres.dll
    + 2009-06-18 17:49 . 2009-06-20 08:34	15821312              c:\windows\winsxs\x86_microsoft-windows-imageres_31bf3856ad364e35_6.0.6000.16386_none_da86e136fafaf563\imageres.dll
    + 2009-06-14 10:16 . 2009-04-30 12:02	10111488              c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.22126_none_546c7a3e66c6e86b\ehres.dll
    + 2009-06-14 10:16 . 2009-04-30 11:47	10111488              c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.18030_none_53d20bcb4db6cc88\ehres.dll
    + 2009-06-14 10:16 . 2009-04-30 12:16	10111488              c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.22423_none_5283077869a34742\ehres.dll
    + 2009-06-14 10:16 . 2009-04-30 12:33	10111488              c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.18254_none_51d9f94d509d177b\ehres.dll
    + 2009-06-14 10:16 . 2009-04-30 12:00	10111488              c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.21051_none_507a2eb66c970d91\ehres.dll
    + 2009-06-14 10:16 . 2009-04-30 12:42	10101760              c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16856_none_4ff5bb3b5374b938\ehres.dll
    + 2009-06-03 16:30 . 2009-06-24 18:08	60632903              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
    + 2009-06-14 10:16 . 2009-04-30 12:33	10111488              c:\windows\ehome\ehres.dll
    + 2009-06-16 17:51 . 2009-06-16 17:51	11586560              c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\3efdf57ae00baf242bebc486003ea83a\ehshell.ni.dll
    .
    -- Snapshot auf jetziges Datum zurückgesetzt --
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-29 516440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    c:\users\Edem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-6-18 728576]
    
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ACCControl.lnk - c:\program files\Universal DVB Receiver\Wizard\AccControl.exe [2008-9-19 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2646394D-E733-439C-83C9-B7CC01B2E1E9}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "UDP Query User{58313528-5373-4943-9A40-0C00310E6112}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "{B41CAFB6-E1EF-422B-B654-506B53E2D099}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{F7B11F93-0C92-4984-817A-CAF83B975F6F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B3E6F6F7-5174-4805-B79E-71DDCD488C14}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{00CD27A8-0340-440F-B89E-6B0EE16C5374}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{3D182488-23A3-45AE-90A1-395FDE232D27}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{F9B9690D-3578-4747-B65E-68835FDF16E7}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{5D1B62F9-0BDE-4955-B392-B8C891CDF752}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{63C2C407-8B8E-4C48-8B52-39E404E8851D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{2B6859F0-CF8B-427B-AD85-DE59B19CAC24}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{FA215510-D03A-405B-BE10-ED052C6B4D5D}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{140D9DF7-23D4-4A64-941F-8471849736A9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{8C58747E-079E-4209-9A47-A341C0BB8F09}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0B4A0B8F-4B88-4B3F-BE26-E390F8B99844}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{26FFC045-E122-4B2B-9A7D-67B421E72580}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{8308432D-4AB3-4AF9-A6AD-0F06CAD4979E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{0D3F5237-D24A-42B7-AC9C-83415EDC6D59}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{DB988C9A-95CC-44EF-997C-3B444D72A89B}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{22B2092C-FE36-4B03-A3A9-074682694CFA}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{E3EBD3B8-231F-4A2B-B7B0-43532C4FF21A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{98408E1B-1AFA-4A9A-85B2-F0AF46B1130E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{5A0C4BD1-6620-4A42-88FC-EC7297C576FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E9B9E188-9C80-4A2A-8E89-FBC096651446}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{4A5B2C63-15D4-4ED0-A316-87B99EB7A29F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A909D77B-C137-4DBA-AAE4-9EE78BC5163F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{218954EB-C383-4AA7-AA02-18D6BF830CD1}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{CECEE2DD-0A59-41DE-BE30-F5FB9B7B65A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{23E1BAC1-04AD-48CE-BBEF-7713D99B2A36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{85DD9BC7-867C-4EB8-9FC1-C0C44447D1AD}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{CCB99321-D246-4CD0-ABC1-460E1FB8AA31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{22AC0706-6B49-4C77-9D94-AAAF5BFAA379}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{FBE9CF26-246A-493E-B8D8-97C31DB1972C}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "TCP Query User{741F3CC3-294E-4C25-9EA1-A4AF5B8A7048}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
    "UDP Query User{820ED1AB-217A-46D3-9555-5186C14002FF}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
    "TCP Query User{38DC76E4-4EF4-4132-B73E-3C4EE179B43C}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
    "UDP Query User{624FEFF5-6B43-4F8D-8FA9-1E306D166C7A}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 18:21 64160]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 08:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 20:28 108289]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 22:56 52592]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07.01.2009 15:17 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 09:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 09:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 08:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 09:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 08:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 08:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 08:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 22:56 10096]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 20:46 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 953168]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 18:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
    S3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 14:40 88704]
    S3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 17:30 486912]
    S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 17:30 7680]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 20:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhalt des "geplante Tasks" Ordners
    
    2009-06-29 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2009-06-29 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2009-06-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=13166&l=dis
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-29 17:32
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:57,5e,75,b1,9e,fb,36,2f,9c,b4,7f,8b,c9,d0,13,f7,82,19,46,21,fd,
       d5,27,a1,3b,8f,1f,f5,66,5b,cc,a7,84,d3,15,b3,e2,48,ed,06,f5,bb,ff,4e,eb,e7,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    Zeit der Fertigstellung: 2009-06-29 17:34
    ComboFix-quarantined-files.txt  2009-06-29 15:34
    ComboFix2.txt  2009-06-14 10:57
    ComboFix3.txt  2009-06-03 16:20
    ComboFix4.txt  2009-06-01 18:27
    ComboFix5.txt  2009-06-29 15:24
    
    Vor Suchlauf: 14 Verzeichnis(se), 106.545.459.200 Bytes frei
    Nach Suchlauf: 14 Verzeichnis(se), 105.981.865.984 Bytes frei
    
    496	--- E O F ---	2009-06-29 14:42
    ComboFix 09-07-01.04 - Edem 02.07.2009 20:12.6 - NTFSx86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.2078 [GMT 2:00]
    ausgeführt von:: c:\users\Edem\Downloads\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    
    ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\windows\Installer\2b0f7f.msi
    
    .
    (((((((((((((((((((((((   Dateien erstellt von 2009-06-02 bis 2009-07-02  ))))))))))))))))))))))))))))))
    .
    
    2009-07-02 18:17 . 2009-07-02 18:17	--------	d-----w-	c:\users\Edem\AppData\Local\temp
    2009-07-02 18:17 . 2009-07-02 18:17	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-07-01 15:47 . 2009-06-29 13:28	106496	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
    2009-07-01 15:47 . 2009-06-29 13:28	106496	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\npcoolirisplugin.dll
    2009-07-01 15:47 . 2009-06-29 13:28	103424	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-07-01 15:47 . 2009-06-29 13:28	937984	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-07-01 15:47 . 2009-06-29 13:28	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-07-01 15:46 . 2009-06-29 13:28	4734976	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-07-01 15:46 . 2009-06-29 13:28	344064	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-06-29 17:15 . 2009-06-29 17:15	1878984	----a-w-	c:\users\Edem\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-06-18 19:45 . 2009-06-18 19:45	--------	d-----w-	c:\users\Edem\AppData\Local\Stardock
    2009-06-18 17:49 . 2009-06-18 17:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Stardock
    2009-06-18 17:48 . 2009-06-18 19:37	--------	d-----w-	c:\program files\Common Files\Stardock
    2009-06-18 17:48 . 2009-06-18 19:45	--------	d-----w-	c:\program files\Stardock
    2009-06-16 16:32 . 2009-06-16 20:53	--------	d-----w-	c:\users\Edem\AppData\Local\SecondLife
    2009-06-16 16:32 . 2009-06-16 16:34	--------	d-----w-	c:\users\Edem\AppData\Roaming\SecondLife
    2009-06-16 16:31 . 2009-06-16 16:32	--------	d-----w-	c:\program files\SecondLife
    2009-06-14 10:16 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
    2009-06-14 10:16 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
    2009-06-13 17:32 . 2009-06-13 17:32	--------	d-----w-	c:\windows\system32\Grand Theft Auto IV Screenshot dir
    2009-06-13 17:32 . 2009-06-13 17:32	520192	----a-w-	c:\windows\system32\Grand Theft Auto IV Screenshot.scr
    2009-06-06 11:48 . 2009-06-16 15:35	--------	d-----w-	c:\program files\ProgDVB
    2009-06-03 18:33 . 2009-06-03 18:33	--------	d-----w-	c:\users\Edem\AppData\Local\AnyUtils
    2009-06-03 18:33 . 2009-06-16 15:30	--------	d-----w-	c:\program files\AnyUtils
    2009-06-03 09:12 . 2009-06-03 09:12	--------	d-----w-	c:\program files\CCleaner
    16508-12-01 17:49 . 2009-06-04 11:03	--------	d-----w-	c:\windows\nvtmpinst
    
    .
    ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-02 18:15 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
    2009-07-02 18:14 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
    2009-07-01 15:46 . 2009-03-20 16:21	--------	d-----w-	c:\program files\Password Protect Folders
    2009-07-01 15:43 . 2009-03-15 19:43	--------	d-----w-	c:\program files\Watchmen The End is Nigh
    2009-06-29 17:15 . 2009-04-18 22:17	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-06-25 21:01 . 2008-11-28 15:57	--------	d-----w-	c:\users\Edem\AppData\Roaming\uTorrent
    2009-06-18 19:46 . 2006-11-02 07:26	16496640	----a-w-	c:\windows\system32\imageres.dll
    2009-06-18 17:04 . 2009-04-09 17:03	--------	d-----w-	c:\program files\Easy-Hide-IP
    2009-06-17 20:23 . 2008-11-28 16:52	--------	d-----w-	c:\program files\DivX
    2009-06-17 20:23 . 2009-04-09 14:52	--------	d-----w-	c:\program files\Common Files\DivX Shared
    2009-06-14 12:30 . 2008-11-30 11:59	--------	d-----w-	c:\program files\EA Games
    2009-06-11 21:08 . 2008-03-12 11:59	--------	d-----w-	c:\program files\Microsoft Works
    2009-06-06 10:47 . 2008-11-29 11:13	1626	----a-w-	c:\users\Edem\AppData\Roaming\wklnhst.dat
    2009-06-04 11:22 . 2009-03-15 20:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
    2009-06-04 11:22 . 2009-03-15 20:31	--------	d-----w-	c:\program files\AGEIA Technologies
    2009-06-03 11:00 . 2009-06-01 11:05	--------	d-----w-	c:\program files\Activision
    2009-06-03 09:34 . 2009-04-09 15:02	--------	d-----w-	c:\program files\Hide My IP 2009
    2009-06-03 09:34 . 2009-03-20 16:04	--------	d-----w-	c:\program files\FolderAccess
    2009-06-03 09:33 . 2009-02-27 17:14	--------	d-----w-	c:\program files\Ashampoo
    2009-06-02 18:56 . 2008-11-30 12:13	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
    2009-06-02 18:56 . 2008-11-30 12:13	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
    2009-06-02 15:37 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
    2009-05-31 11:06 . 2009-02-22 18:45	--------	d-----w-	c:\program files\Google
    2009-05-29 16:22 . 2009-02-27 17:18	--------	d-----w-	c:\users\Edem\AppData\Roaming\Ashampoo
    2009-05-29 15:28 . 2009-05-29 15:28	680	----a-w-	c:\users\Edem\AppData\Local\d3d9caps.dat
    2009-05-18 13:41 . 2009-05-07 15:53	--------	d-----w-	c:\program files\Live-Player
    2009-05-14 16:00 . 2009-05-14 16:00	--------	d-----w-	c:\program files\Alwil Software
    2009-05-12 18:30 . 2009-05-12 18:30	--------	d-----w-	c:\program files\Serials World
    2009-05-09 05:50 . 2009-06-11 14:23	915456	----a-w-	c:\windows\system32\wininet.dll
    2009-05-09 05:34 . 2009-06-11 14:23	71680	----a-w-	c:\windows\system32\iesetup.dll
    2009-05-07 15:53 . 2009-05-07 15:53	--------	d-----w-	c:\users\Edem\AppData\Roaming\live-player
    2009-05-06 16:49 . 2009-05-06 16:41	--------	d-----w-	c:\users\Edem\AppData\Roaming\DeepBurner
    2009-05-06 16:41 . 2009-05-06 16:41	--------	d-----w-	c:\program files\Astonsoft
    2009-05-05 20:12 . 2008-11-28 20:27	--------	d-----w-	c:\program files\Java
    2009-05-01 21:02 . 2009-05-01 21:02	823296	----a-w-	c:\windows\system32\divx_xx0c.dll
    2009-05-01 21:02 . 2009-05-01 21:02	823296	----a-w-	c:\windows\system32\divx_xx07.dll
    2009-05-01 21:02 . 2009-05-01 21:02	815104	----a-w-	c:\windows\system32\divx_xx0a.dll
    2009-05-01 21:02 . 2009-05-01 21:02	811008	----a-w-	c:\windows\system32\divx_xx16.dll
    2009-05-01 21:02 . 2009-05-01 21:02	802816	----a-w-	c:\windows\system32\divx_xx11.dll
    2009-05-01 21:02 . 2009-05-01 21:02	685056	----a-w-	c:\windows\system32\DivX.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1505824	----a-w-	c:\windows\system32\nvcpluir.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1194528	----a-w-	c:\windows\system32\nvcplui.exe
    2009-04-30 22:08 . 2009-04-30 22:08	1358368	----a-w-	c:\windows\system32\nvsvsr.dll
    2009-04-30 22:08 . 2009-04-30 22:08	1292832	----a-w-	c:\windows\system32\nvsvs.dll
    2009-04-30 20:02 . 2009-04-30 20:02	9850016	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
    2009-04-30 20:02 . 2009-04-30 20:02	663552	----a-w-	c:\windows\system32\nvcuvid.dll
    2009-04-30 20:02 . 2009-04-30 20:02	457248	----a-w-	c:\windows\system32\nvudisp.exe
    2009-04-30 20:02 . 2009-04-30 20:02	3128320	----a-w-	c:\windows\system32\nvwgf2um.dll
    2009-04-30 20:02 . 2009-04-30 20:02	1704960	----a-w-	c:\windows\system32\nvcuda.dll
    2009-04-30 20:02 . 2009-04-30 20:02	143360	----a-w-	c:\windows\system32\nvcod146.dll
    2009-04-30 20:02 . 2009-04-30 20:02	143360	----a-w-	c:\windows\system32\nvcod.dll
    2009-04-30 20:02 . 2009-04-30 20:02	1314816	----a-w-	c:\windows\system32\nvcuvenc.dll
    2009-04-30 20:02 . 2009-04-30 20:02	10366976	----a-w-	c:\windows\system32\nvoglv32.dll
    2009-04-30 20:02 . 2008-03-24 17:52	983552	----a-w-	c:\windows\system32\nvapi.dll
    2009-04-30 20:02 . 2008-03-24 17:52	7593472	----a-w-	c:\windows\system32\nvd3dum.dll
    2009-04-29 16:21 . 2009-04-29 16:28	15688	----a-w-	c:\windows\system32\lsdelete.exe
    2009-04-29 16:20 . 2009-04-29 16:21	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
    2009-04-27 11:19 . 2009-03-20 18:28	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
    2009-04-27 11:19 . 2009-03-20 18:28	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
    2009-04-26 22:42 . 2008-03-12 10:52	457248	----a-w-	c:\windows\system32\nvuninst.exe
    2009-04-23 12:43 . 2009-06-11 14:23	784896	----a-w-	c:\windows\system32\rpcrt4.dll
    2009-04-23 12:42 . 2009-06-11 14:23	636928	----a-w-	c:\windows\system32\localspl.dll
    2009-04-21 22:20 . 2009-04-21 22:20	14311680	----a-w-	c:\windows\system32\xlive.dll
    2009-04-21 22:20 . 2009-04-21 22:20	13642496	----a-w-	c:\windows\system32\xlivefnt.dll
    2009-04-21 11:55 . 2009-06-11 14:23	2033152	----a-w-	c:\windows\system32\win32k.sys
    2009-04-12 17:54 . 2009-04-18 22:18	4534272	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
    2009-04-12 17:54 . 2009-04-18 22:18	65536	----a-w-	c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
    2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    
    (((((((((((((((((((((((((((((   SnapShot_2009-06-29_15.32.48   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-07-02 18:10	61030              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2006-11-02 13:05 . 2009-06-29 14:37	91508              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-07-02 18:10	91508              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-11-28 14:58 . 2009-07-02 18:10	15190              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4005247752-3487466502-3436956655-1001_UserData.bin
    - 2008-11-28 17:13 . 2008-11-28 17:13	84661              c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
    + 2008-11-28 17:13 . 2009-06-29 17:15	84661              c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
    + 2008-11-28 14:29 . 2009-07-02 16:05	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-28 14:29 . 2009-06-29 14:36	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-11-28 14:29 . 2009-07-02 16:05	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-11-28 14:29 . 2009-06-29 14:36	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-24 17:24 . 2009-02-24 17:24	64512              c:\windows\Installer\7747d5.msi
    + 2009-07-01 15:21 . 2009-07-01 15:21	22528              c:\windows\Installer\64609.msi
    + 2008-12-26 12:32 . 2008-12-26 12:32	32256              c:\windows\Installer\58542a2.msi
    + 2008-12-31 23:26 . 2008-12-31 23:26	22016              c:\windows\Installer\270c86b.msi
    + 2008-12-31 23:13 . 2008-12-31 23:13	41472              c:\windows\Installer\270c7e2.msi
    + 2008-03-12 14:33 . 2008-03-12 14:33	55296              c:\windows\Installer\1769fb.msi
    + 2009-03-26 12:13 . 2009-03-26 12:13	23040              c:\windows\Installer\126181e.msi
    + 2009-03-26 12:12 . 2009-03-26 12:12	25088              c:\windows\Installer\1261810.msi
    + 2009-03-26 12:12 . 2009-03-26 12:12	28160              c:\windows\Installer\12617fa.msi
    + 2009-03-26 12:12 . 2009-03-26 12:12	59904              c:\windows\Installer\12617e8.msi
    - 2009-06-29 14:34 . 2009-06-29 14:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-07-02 18:08 . 2009-07-02 18:08	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-06-29 14:34 . 2009-06-29 14:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-02 18:08 . 2009-07-02 18:08	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-07-02 18:15	586980              c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-06-29 14:40	586980              c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-06-29 14:40	101052              c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2009-07-02 18:15	101052              c:\windows\System32\perfc009.dat
    + 2009-02-03 02:15 . 2009-02-03 02:15	240544              c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2009-07-02 17:41 . 2009-07-02 17:41	652800              c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
    + 2008-07-31 02:24 . 2008-07-31 02:24	442880              c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\vs_setup.msi
    + 2008-03-12 12:01 . 2008-03-12 12:01	355840              c:\windows\Installer\b5d94.msi
    + 2008-03-12 12:00 . 2008-03-12 12:00	360448              c:\windows\Installer\b5d8e.msi
    + 2008-03-12 11:47 . 2008-03-12 11:47	891904              c:\windows\Installer\b5d40.msi
    + 2009-06-02 15:41 . 2009-06-02 15:41	177664              c:\windows\Installer\ad3e5.msi
    + 2009-02-24 17:15 . 2009-02-24 17:15	637440              c:\windows\Installer\7747cf.msi
    + 2009-01-14 13:53 . 2009-01-14 13:53	818688              c:\windows\Installer\738ce2.msi
    + 2009-06-18 17:48 . 2009-06-18 17:48	272896              c:\windows\Installer\6ee08a.msi
    + 2008-03-12 13:30 . 2008-03-12 13:30	582656              c:\windows\Installer\695d39.msi
    + 2008-12-13 07:58 . 2008-12-13 07:58	754688              c:\windows\Installer\61346.msp
    + 2009-03-20 09:48 . 2009-03-20 09:48	183808              c:\windows\Installer\5fb7c8.msp
    + 2009-03-20 18:18 . 2009-03-20 18:18	228352              c:\windows\Installer\58ff8.msi
    + 2008-12-26 12:33 . 2008-12-26 12:33	106496              c:\windows\Installer\5854395.msi
    + 2008-11-28 15:29 . 2008-11-28 15:29	432640              c:\windows\Installer\4b4bc.msi
    + 2009-04-09 14:52 . 2009-04-09 14:52	152576              c:\windows\Installer\4a6f70.msi
    + 2009-03-06 13:56 . 2009-03-06 13:56	140288              c:\windows\Installer\48ba3.msi
    + 2008-03-12 11:33 . 2008-03-12 11:33	486912              c:\windows\Installer\46ebd.msi
    + 2009-06-04 10:17 . 2009-06-04 10:17	846336              c:\windows\Installer\3686c5.msi
    + 2008-12-20 21:15 . 2008-12-20 21:15	836096              c:\windows\Installer\25cd9ee.msi
    + 2008-11-28 20:27 . 2008-11-28 20:27	561664              c:\windows\Installer\1da80.msi
    + 2009-04-29 16:19 . 2009-04-29 16:19	569856              c:\windows\Installer\1af294.msi
    + 2008-03-12 11:18 . 2008-03-12 11:18	865792              c:\windows\Installer\19fb6.msi
    + 2008-03-12 11:18 . 2008-03-12 11:18	261632              c:\windows\Installer\19fb5.msi
    + 2008-03-12 11:18 . 2008-03-12 11:18	687616              c:\windows\Installer\19fb4.msi
    + 2008-03-12 11:17 . 2008-03-12 11:17	887808              c:\windows\Installer\19fae.msi
    + 2008-03-12 11:17 . 2008-03-12 11:17	646656              c:\windows\Installer\19fa3.msi
    + 2008-03-12 11:04 . 2008-03-12 11:04	331264              c:\windows\Installer\19f2e.msi
    + 2009-02-12 10:58 . 2009-02-12 10:58	549888              c:\windows\Installer\17addf4.msp
    + 2007-09-18 21:10 . 2007-09-18 21:10	712704              c:\windows\Installer\176a6c.msp
    + 2008-03-12 14:36 . 2008-03-12 14:36	431104              c:\windows\Installer\176a52.msi
    + 2008-03-12 14:29 . 2008-03-12 14:29	431104              c:\windows\Installer\1768c2.msi
    + 2009-01-13 16:12 . 2009-01-13 16:12	874496              c:\windows\Installer\14f67d.msi
    + 2009-03-31 16:25 . 2009-03-31 16:25	213504              c:\windows\Installer\14104e3.msi
    + 2009-03-31 16:24 . 2009-03-31 16:24	969728              c:\windows\Installer\14104dd.msi
    + 2008-12-14 16:17 . 2008-12-14 16:17	438784              c:\windows\Installer\13e01b0.msi
    + 2008-12-14 16:10 . 2008-12-14 16:10	648192              c:\windows\Installer\137fa4a.msi
    + 2009-03-26 12:17 . 2009-03-26 12:17	570880              c:\windows\Installer\126193f.msi
    + 2009-03-26 12:17 . 2009-03-26 12:17	178688              c:\windows\Installer\12618ed.msi
    + 2009-03-26 12:17 . 2009-03-26 12:17	727040              c:\windows\Installer\12618a2.msi
    + 2009-03-26 12:16 . 2009-03-26 12:16	483328              c:\windows\Installer\126189c.msi
    + 2009-03-26 12:16 . 2009-03-26 12:16	781824              c:\windows\Installer\126188f.msi
    + 2009-03-26 12:15 . 2009-03-26 12:15	484864              c:\windows\Installer\1261858.msi
    + 2009-03-26 12:13 . 2009-03-26 12:13	863232              c:\windows\Installer\1261842.msi
    + 2009-03-26 12:13 . 2009-03-26 12:13	431616              c:\windows\Installer\1261817.msi
    + 2009-03-26 12:12 . 2009-03-26 12:12	202752              c:\windows\Installer\12617f4.msi
    + 2009-03-26 12:12 . 2009-03-26 12:12	152576              c:\windows\Installer\12617ee.msi
    + 2009-03-26 12:12 . 2009-03-26 12:12	107008              c:\windows\Installer\12617e2.msi
    + 2009-03-26 12:12 . 2009-03-26 12:12	301056              c:\windows\Installer\12617dc.msi
    + 2009-02-03 02:15 . 2009-02-03 02:15	3771296              c:\windows\System32\Macromed\Flash\NPSWF32.dll
    - 2009-06-22 20:13 . 2009-06-28 21:56	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-06-22 20:13 . 2009-07-02 18:05	4720568              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2008-10-20 09:18 . 2008-10-20 09:18	6474240              c:\windows\Installer\cdd05b.msp
    + 2009-06-04 11:21 . 2009-06-04 11:21	1500160              c:\windows\Installer\cd3e3.msi
    + 2008-03-12 12:00 . 2008-03-12 12:00	8390144              c:\windows\Installer\b5d88.msi
    + 2009-04-24 10:31 . 2009-04-24 10:31	1425920              c:\windows\Installer\ad3cb.msp
    + 2009-04-24 10:38 . 2009-04-24 10:38	1229312              c:\windows\Installer\ad3c0.msp
    + 2009-02-24 17:15 . 2009-02-24 17:15	1091584              c:\windows\Installer\7747c9.msi
    + 2009-05-31 11:07 . 2009-05-31 11:07	1401344              c:\windows\Installer\6f80b.msi
    + 2008-12-26 12:33 . 2008-12-26 12:33	1759744              c:\windows\Installer\585438f.msi
    + 2009-01-15 02:35 . 2009-01-15 02:35	4830720              c:\windows\Installer\49993.msp
    + 2009-03-21 10:27 . 2009-03-21 10:27	3965440              c:\windows\Installer\36c828.msi
    + 2008-12-31 23:37 . 2008-12-31 23:37	3900416              c:\windows\Installer\270c8f2.msi
    + 2008-12-31 23:26 . 2008-12-31 23:26	3514368              c:\windows\Installer\270c85f.msi
    + 2008-11-28 15:35 . 2008-11-28 15:35	8894464              c:\windows\Installer\23119.msi
    + 2008-12-11 17:08 . 2008-12-11 17:08	6695936              c:\windows\Installer\2129b2.msi
    + 2008-12-30 23:19 . 2008-12-30 23:19	3518464              c:\windows\Installer\1efd476.msi
    + 2008-03-12 11:20 . 2008-03-12 11:20	5853696              c:\windows\Installer\19fc5.msi
    + 2008-03-12 11:17 . 2008-03-12 11:17	1059840              c:\windows\Installer\19fb2.msi
    + 2008-03-12 11:17 . 2008-03-12 11:17	1061888              c:\windows\Installer\19fb0.msi
    + 2008-03-12 11:17 . 2008-03-12 11:17	1062912              c:\windows\Installer\19fa4.msi
    + 2008-03-12 11:17 . 2008-03-12 11:17	1021440              c:\windows\Installer\19fa2.msi
    + 2008-03-12 11:05 . 2008-03-12 11:05	1058816              c:\windows\Installer\19f33.msi
    + 2008-06-19 17:28 . 2008-06-19 17:28	1573376              c:\windows\Installer\18f6a.msp
    + 2008-10-05 03:12 . 2008-10-05 03:12	4784128              c:\windows\Installer\18f08.msp
    + 2008-04-18 13:56 . 2008-04-18 13:56	6215680              c:\windows\Installer\18e4c.msp
    + 2009-05-04 05:46 . 2009-05-04 05:46	8299008              c:\windows\Installer\17adde1.msp
    + 2009-04-24 10:30 . 2009-04-24 10:30	2583552              c:\windows\Installer\17addd7.msp
    + 2008-01-08 20:53 . 2008-01-08 20:53	1298944              c:\windows\Installer\176a02.msp
    + 2008-10-20 09:22 . 2008-10-20 09:22	11758592              c:\windows\Installer\cdd099.msp
    + 2009-04-04 05:33 . 2009-04-04 05:33	37043200              c:\windows\Installer\5a8462.msp
    + 2009-04-04 05:33 . 2009-04-04 05:33	38433280              c:\windows\Installer\5a8459.msp
    + 2009-02-25 17:07 . 2009-02-25 17:07	11646464              c:\windows\Installer\4fcc2.msp
    + 2008-08-11 10:51 . 2008-08-11 10:51	15916544              c:\windows\Installer\3a365.msp
    + 2008-03-12 11:17 . 2008-03-12 11:17	19956736              c:\windows\Installer\19fa1.msi
    + 2008-08-11 10:49 . 2008-08-11 10:49	22457344              c:\windows\Installer\18f52.msp
    + 2008-07-29 22:20 . 2008-07-29 22:20	11767296              c:\windows\Installer\18f39.msp
    + 2008-09-24 11:05 . 2008-09-24 11:05	16381440              c:\windows\Installer\18f19.msp
    + 2008-02-25 14:07 . 2008-02-25 14:07	11772416              c:\windows\Installer\176a3a.msp
    + 2007-10-14 22:36 . 2007-10-14 22:36	26649600              c:\windows\Installer\1768e2.msp
    + 2007-10-14 23:00 . 2007-10-14 23:00	26614784              c:\windows\Installer\1768d5.msp
    + 2008-11-28 15:34 . 2008-11-29 11:22	10550272              c:\windows\Downloaded Installations\{73EA2661-A9E9-4EE5-812B-67B3FE680AB5}\Multimedia Card Reader.msi
    .
    -- Snapshot auf jetziges Datum zurückgesetzt --
    .
    ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-29 516440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    
    c:\users\Edem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-6-18 728576]
    
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ACCControl.lnk - c:\program files\Universal DVB Receiver\Wizard\AccControl.exe [2008-9-19 323584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
    2008-06-13 20:39	45184	----a-w-	c:\windows\System32\fsp_lmwl.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    "CollaborationHost"=c:\windows\system32\p2phost.exe -s
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2646394D-E733-439C-83C9-B7CC01B2E1E9}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "UDP Query User{58313528-5373-4943-9A40-0C00310E6112}c:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:c:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent
    "{B41CAFB6-E1EF-422B-B654-506B53E2D099}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{F7B11F93-0C92-4984-817A-CAF83B975F6F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B3E6F6F7-5174-4805-B79E-71DDCD488C14}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{00CD27A8-0340-440F-B89E-6B0EE16C5374}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{3D182488-23A3-45AE-90A1-395FDE232D27}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{F9B9690D-3578-4747-B65E-68835FDF16E7}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{5D1B62F9-0BDE-4955-B392-B8C891CDF752}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{63C2C407-8B8E-4C48-8B52-39E404E8851D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{2B6859F0-CF8B-427B-AD85-DE59B19CAC24}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{FA215510-D03A-405B-BE10-ED052C6B4D5D}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{140D9DF7-23D4-4A64-941F-8471849736A9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{8C58747E-079E-4209-9A47-A341C0BB8F09}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0B4A0B8F-4B88-4B3F-BE26-E390F8B99844}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{26FFC045-E122-4B2B-9A7D-67B421E72580}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{8308432D-4AB3-4AF9-A6AD-0F06CAD4979E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{0D3F5237-D24A-42B7-AC9C-83415EDC6D59}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
    "{DB988C9A-95CC-44EF-997C-3B444D72A89B}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{22B2092C-FE36-4B03-A3A9-074682694CFA}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
    "{E3EBD3B8-231F-4A2B-B7B0-43532C4FF21A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{98408E1B-1AFA-4A9A-85B2-F0AF46B1130E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
    "{5A0C4BD1-6620-4A42-88FC-EC7297C576FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E9B9E188-9C80-4A2A-8E89-FBC096651446}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{4A5B2C63-15D4-4ED0-A316-87B99EB7A29F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A909D77B-C137-4DBA-AAE4-9EE78BC5163F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{218954EB-C383-4AA7-AA02-18D6BF830CD1}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{CECEE2DD-0A59-41DE-BE30-F5FB9B7B65A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{23E1BAC1-04AD-48CE-BBEF-7713D99B2A36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{85DD9BC7-867C-4EB8-9FC1-C0C44447D1AD}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{CCB99321-D246-4CD0-ABC1-460E1FB8AA31}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{22AC0706-6B49-4C77-9D94-AAAF5BFAA379}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{FBE9CF26-246A-493E-B8D8-97C31DB1972C}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "TCP Query User{741F3CC3-294E-4C25-9EA1-A4AF5B8A7048}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
    "UDP Query User{820ED1AB-217A-46D3-9555-5186C14002FF}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
    "TCP Query User{38DC76E4-4EF4-4132-B73E-3C4EE179B43C}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
    "UDP Query User{624FEFF5-6B43-4F8D-8FA9-1E306D166C7A}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
    
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29.04.2009 18:21 64160]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\System32\drivers\hcw88aud.sys [19.09.2008 08:56 12928]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.03.2009 20:28 108289]
    R2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [06.01.2009 22:56 52592]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07.01.2009 15:17 603904]
    R2 UniversalBDASvc;Universal BDA Receiver Service;c:\program files\Universal DVB Receiver\Service\bdamapsv.exe [19.09.2008 09:07 212992]
    R3 bdamapt;Universal DVB (BDA);c:\windows\System32\drivers\bdamap.sys [19.09.2008 09:07 14464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\System32\drivers\hcw88bda.sys [19.09.2008 08:56 182400]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\System32\drivers\hcw88tse.sys [19.09.2008 09:01 320256]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\System32\drivers\hcw88tun.sys [19.09.2008 08:55 74624]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\System32\drivers\hcw88vid.sys [19.09.2008 08:55 394880]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\System32\drivers\hcw88bar.sys [19.09.2008 08:55 17280]
    R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [06.01.2009 22:56 10096]
    S2 gupdate1c9951de375afd7;Google Update Service (gupdate1c9951de375afd7);c:\program files\Google\Update\GoogleUpdate.exe [22.02.2009 20:46 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 953168]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.03.2009 18:24 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
    S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
    S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
    S3 phaudlwr;Philips Audio Filter;c:\windows\System32\drivers\phaudlwr.sys [30.11.2008 14:40 88704]
    S3 SPC530;Philips SPC530NC PC Camera;c:\windows\System32\drivers\SPC530.sys [28.11.2008 17:30 486912]
    S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\System32\drivers\SPC530m.sys [28.11.2008 17:30 7680]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [28.11.2008 20:00 18487]
    S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
    S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhalt des "geplante Tasks" Ordners
    
    2009-07-02 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
    
    2009-07-02 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:40]
    
    2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:46]
    
    2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{3CD0A4A5-93E5-4284-A684-07C85D3289C3}.job
    - c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.ask.com/?o=13166&l=dis
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\users\Edem\AppData\Roaming\Mozilla\Firefox\Profiles\4pm4tmcf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npnul32.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Edem\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    
    ---- FIREFOX Richtlinien ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-02 20:17
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Scanne versteckte Prozesse... 
    
    Scanne versteckte Autostarteinträge... 
    
    Scanne versteckte Dateien... 
    
    
    c:\windows\TEMP\TMP000000595B42BC7578C3807C 524288 bytes executable
    
    Scan erfolgreich abgeschlossen
    versteckte Dateien: 1
    
    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    
    [HKEY_USERS\S-1-5-21-4005247752-3487466502-3436956655-1001\Software\SecuROM\License information*]
    "datasecu"=hex:a1,7a,ca,23,03,79,38,cb,31,c5,1f,14,d6,82,a3,9d,c7,d9,2c,9c,f7,
       78,47,41,b7,9a,b8,0a,26,09,8b,d9,80,be,4e,02,7c,7a,99,42,7c,8e,69,90,49,d5,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    Zeit der Fertigstellung: 2009-07-02 20:18
    ComboFix-quarantined-files.txt  2009-07-02 18:18
    ComboFix2.txt  2009-06-29 15:34
    ComboFix3.txt  2009-06-14 10:57
    ComboFix4.txt  2009-06-03 16:20
    ComboFix5.txt  2009-07-02 18:11
    
    Vor Suchlauf: 14 Verzeichnis(se), 92.667.572.224 Bytes frei
    Nach Suchlauf: 14 Verzeichnis(se), 92.732.170.240 Bytes frei
    
    467	--- E O F ---	2009-07-02 17:34
    Geändert von edman (14.02.2010 um 16:14 Uhr)

  10. #10
    Forenbenutzer
    Registriert seit
    12.02.2010
    Ort
    Köln
    Beiträge
    38

    AW: Bildschirm wird beim Spielen schwarz

    ComboFix-quarantined-files.txt:

    Code:
    2010-02-14 14:24:12 . 2010-02-14 14:24:12              270 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Notify-fsp_lmwl.reg.dat
    2010-02-14 14:24:06 . 2010-02-14 14:24:06              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
    2009-06-01 18:21:54 . 2009-06-01 18:21:54                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
    2009-06-01 10:26:53 . 2009-06-01 10:26:53              562 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-procexp90.Sys.reg.dat
    2009-06-01 10:26:45 . 2009-06-01 10:26:45              143 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ssqgw.reg.dat
    2009-06-01 10:25:35 . 2010-02-14 14:08:31            4,137 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2009-06-01 10:09:44 . 2009-06-01 10:09:44            1,846 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_ovfsthxtjrroqtq.reg.dat
    2009-06-01 10:05:51 . 2010-02-14 13:46:22            1,079 ----a-w-  C:\Qoobox\Quarantine\catchme.log
    2009-05-21 11:42:27 . 2009-05-21 11:42:36           20,480 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\lmn_setup.exe.vir
    2009-05-21 10:47:43 . 2009-05-29 16:00:04            1,300 ----a-w-  C:\Qoobox\Quarantine\C\Users\Edem\AppData\Local\ssqgw_navps.dat.vir
    2009-05-21 10:47:43 . 2009-05-29 15:35:57          321,462 ----a-w-  C:\Qoobox\Quarantine\C\Users\Edem\AppData\Local\ssqgw_nav.dat.vir
    2009-05-21 10:47:43 . 2009-05-29 15:59:53            3,188 ----a-w-  C:\Qoobox\Quarantine\C\Users\Edem\AppData\Local\ssqgw.dat.vir
    2009-05-07 15:53:14 . 2009-05-29 15:30:33               87 ----a-w-  C:\Qoobox\Quarantine\C\Users\Edem\AppData\Local\ksgwm.bat.vir
    2009-05-05 17:56:44 . 2009-05-18 13:24:57               46 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\p2hhr.bat.vir
    2009-04-30 19:08:38 . 2009-04-30 21:08:47              531 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\lmppcsetup.exe.vir
    2009-04-28 19:21:28 . 2009-04-28 19:21:28            6,003 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}\chrome\content\overlay.xul.vir
    2009-04-28 19:21:28 . 2009-04-28 19:21:28              120 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}\chrome.manifest.vir
    2009-04-28 19:21:28 . 2009-04-28 19:21:28              770 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{0A05A07E-5C7B-4BA7-B937-256FD910AC94}\install.rdf.vir
    2009-04-28 14:18:24 . 2009-04-28 14:18:24            1,400 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\ahtn.htm.vir
    2009-04-28 14:18:23 . 2009-04-28 14:18:23            4,785 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\warning.gif.vir
    2009-04-28 14:18:09 . 2009-04-28 14:18:09                1 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\uniq.tll.vir
    2009-04-23 17:13:46 . 2009-05-15 20:38:24               43 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\ovfsthxdcieeclh.dat.vir
    2009-04-23 16:57:37 . 2009-06-01 10:08:04        2,104,787 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\ovfsthxpbkpoonv.dat.vir
    2009-03-11 03:00:45 . 2009-03-11 03:00:45       14,812,160 ----a-w-  C:\Qoobox\Quarantine\C\Windows\Installer\2b0f7f.msi.vir
    2008-11-30 12:51:09 . 2008-11-30 12:51:09                0 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\drivers\Msft_Kernel_phaudlwr_01005.Wdf.vir
    2008-11-26 05:23:38 . 2008-11-26 05:23:38                0 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf.vir
    2008-02-01 18:55:17 . 2008-02-01 18:55:17          135,041 ----a-w-  C:\Qoobox\Quarantine\C\Windows\icon.ico.vir

    tut mir leid für dieses abgehackte aber ich hatte probleme beim hochladen...greetz, edman

Seite 1 von 8 123 ... LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 2
    Letzter Beitrag: 08.10.2008, 20:56
  2. Antworten: 1
    Letzter Beitrag: 25.04.2008, 17:07
  3. Bildschirm immer mal wiedr kurz schwarz
    Von NFL im Forum Archiv
    Antworten: 0
    Letzter Beitrag: 28.07.2007, 16:23
  4. Bildschirm wird schwarz - Virus?
    Von NewYorkchick im Forum Archiv
    Antworten: 11
    Letzter Beitrag: 14.06.2007, 21:23
  5. Bildschirm bleibt schwarz.. :(
    Von jewlian im Forum Archiv
    Antworten: 9
    Letzter Beitrag: 19.02.2006, 01:46

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •