windows verschuesselungs trojaner

kriwo · 19.05.2012, 18:41

Hallo,

Habe mich leider auch mit dem Windows Verschluesselungs Trojaner infzyiert....
Es war mir nicht moeglich war Malwarebytes Anti-Malware aus dem abgesicherten Modus heraus zu starten daher habe ich mich an diese Anleitung (Windows - Verschlüsselungs Trojaner trojan.matsnu.1) gehalten um OTL von einer CD zu starten.

Ich poste nun das Logfile in der Hoffnung das es ein Licht am Ende des Tunnels gibt....

Vielen Dank das es euch gibt

Kriwo

kira · 20.05.2012, 07:06

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest:

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTLPE

Starte die OTLPE
Kopiere folgendes Skript (unverändert inkl. :OTL, also - nach dem "Code", alles was in der Codebox steht - - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!)
:

Code:

ATTFilter

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849855
IE - HKU\Administrator_ON_C\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit0.dll (Conduit Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0]  File not found
O4 - HKU\Administrator_ON_C..\Run: [1C89E66E] C:\WINDOWS\system32\303165771C89E66EF8F5.exe (The Code::Blocks Team)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\303165771C89E66EF8F5.exe) - C:\WINDOWS\system32\303165771C89E66EF8F5.exe (The Code::Blocks Team)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
[2012/05/17 04:14:14 | 000,034,477 | -H-- | C] (The Code::Blocks Team) -- C:\WINDOWS\System32\303165771C89E66EF8F5.exe
[2012/05/17 04:45:48 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/17 04:14:14 | 000,034,477 | -H-- | M] (The Code::Blocks Team) -- C:\WINDOWS\System32\303165771C89E66EF8F5.exe
[2012/05/17 04:08:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:Files
C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\303165771C89E66EF8F5.exe 
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Qyqikx
C:\WINDOWS\System32\winsh325
C:\WINDOWS\System32\winsh324
C:\WINDOWS\System32\winsh323
C:\WINDOWS\System32\winsh322
C:\WINDOWS\System32\winsh321
C:\WINDOWS\System32\winsh320
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Run Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst?
wenn ja, so geht es weiter:

3.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

4.
Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben
Wenn alles gut geht, kannst Du dann am PC weiter machen

5.
Die Entschlüsselung von daten:
1.
kannst auch das Tool verwenden/ausprobieren:-> *klick*
2.
Die verschlüsselten Dateien mit DecryptHelper von Matthias zu entschlüsseln. (Java wird benötigt)
Wiederherstellung der verschlüsselten Dateien (Rechnung.exe, Realtecdriver.exe Schadsoftware)
3.
-> Trustezeb.A Decryptor
4.
-> ScareUncrypt von BitFox
Zur Info :-> http://www.youtube.com/watch?v=OQyqS...2&feature=plcp

6.
Systemscan mit OTL - nicht mehr das OTLPE starten!

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

7.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

kriwo · 21.05.2012, 20:55

Hallo Kira,

erst mal viele Dank für deine Hilfe

also folgendes ist erledigt:

Fix durchgeführt, Neustart wurde nicht verlangt.

Code:

ATTFilter

========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
C:\Programme\BittorrentBar_DE\prxtbBit0.dll moved successfully.
HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\1C89E66E deleted successfully.
C:\WINDOWS\system32\303165771C89E66EF8F5.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\303165771C89E66EF8F5.exe deleted successfully.
File C:\WINDOWS\system32\303165771C89E66EF8F5.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
File C:\WINDOWS\System32\303165771C89E66EF8F5.exe not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File C:\WINDOWS\System32\303165771C89E66EF8F5.exe not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== FILES ==========
C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe moved successfully.
File\Folder C:\WINDOWS\system32\303165771C89E66EF8F5.exe not found.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Qyqikx folder moved successfully.
C:\WINDOWS\System32\winsh325 moved successfully.
C:\WINDOWS\System32\winsh324 moved successfully.
C:\WINDOWS\System32\winsh323 moved successfully.
C:\WINDOWS\System32\winsh322 moved successfully.
C:\WINDOWS\System32\winsh321 moved successfully.
C:\WINDOWS\System32\winsh320 moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 107645065 bytes
->Temporary Internet Files folder emptied: 156206811 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 420527442 bytes
->Google Chrome cache emptied: 278469727 bytes
->Flash cache emptied: 6622 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1966706 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 4339591 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152567775 bytes
 
Total Files Cleaned = 1,072.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05202012_184915

arbeiten im normalen Modus war wieder möglich!!
Habe Malwarebytes Anti-Malware geladen und einen kompletten Scan durchgeführt

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.20.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: TESTER [Administrator]

Schutz: Aktiviert

20.05.2012 17:18:58
mbam-log-2012-05-20 (17-18-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410626
Laufzeit: 2 Stunde(n), 14 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\is1293846689\IWantThis_ADL_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\B5APPZ\0002\Patch.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\B5APPZ\0012\Patch.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\B5APPZ\0016\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\B5APPZ\0061\CrackSearcher.exe (PUP.CrackSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Downloads\ADLSoft_UnCompressor_v2.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

woher weis ich welches die verschlüsselten Datein sind???
konnte also Punkt 5 nicht abarbeiten.
Systemscan mit OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.05.2012 20:57:58 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = E:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1023,29 Mb Total Physical Memory | 378,79 Mb Available Physical Memory | 37,02% Memory free
1,64 Gb Paging File | 0,96 Gb Available in Paging File | 58,71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 8,65 Gb Free Space | 29,54% Space Free | Partition Type: NTFS
Drive E: | 204,46 Gb Total Space | 69,02 Gb Free Space | 33,76% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,32 Gb Free Space | 70,89% Space Free | Partition Type: FAT
 
Computer Name: TESTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.21 20:56:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2012.05.09 05:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2012.05.08 18:43:01 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:43:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:43:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:43:01 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- e:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.14 20:42:14 | 000,918,880 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012.03.14 20:41:58 | 000,982,880 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2011.12.19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.03.10 23:18:20 | 000,970,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.25 03:06:46 | 002,559,488 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004.09.24 06:44:36 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004.09.24 04:27:18 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002.12.06 17:07:48 | 000,617,984 | ---- | M] () -- C:\Program Files\ASUS\Probe\AsusProb.exe
PRC - [2001.08.09 03:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.14 19:17:36 | 000,169,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\f00a45464b25cfc9c5c5e8fb5f4c65b8\Inkjet.Automation.ni.dll
MOD - [2012.05.14 19:17:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\aa9e5b16e62fd9074582fac9b222ccad\Inkjet.DeviceSettings.ni.dll
MOD - [2012.05.14 19:17:23 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
MOD - [2012.05.14 19:17:10 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 19:16:58 | 000,105,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\549e9236099ca3eac9c3f10099019459\Inkjet.Diagnostics.ni.dll
MOD - [2012.05.14 19:16:57 | 000,237,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\a867deed9e531e58a95d0e22c8c3b382\Inkjet.Localization.ni.dll
MOD - [2012.05.14 19:16:55 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\528120d87a5bbe3d0709d97017fb3217\Inkjet.Utilities.ni.dll
MOD - [2012.05.14 19:16:52 | 000,824,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\dacff62b95a3c6a4c4792e7743787777\Inkjet.Hardware.ni.dll
MOD - [2012.05.14 19:16:51 | 000,080,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\8a113d17ac02d8e4285ea1db21a3f286\Inkjet.Configuration.ni.dll
MOD - [2012.05.14 19:16:50 | 000,180,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\683ccae865dd1941a8ec53c781a01bdc\Inkjet.Statistics.ni.dll
MOD - [2012.05.14 19:16:44 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.14 19:16:17 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.11 20:41:28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.11 20:41:17 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012.05.11 20:40:50 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012.05.11 20:38:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.11 20:38:01 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Programme\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll
MOD - [2012.05.09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Programme\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012.05.09 05:03:36 | 000,553,456 | ---- | M] () -- C:\Programme\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
MOD - [2012.05.09 05:03:35 | 000,117,744 | ---- | M] () -- C:\Programme\Google\Chrome\Application\19.0.1084.46\libegl.dll
MOD - [2012.05.09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Programme\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012.05.09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012.05.09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Programme\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2012.05.08 18:43:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.03.14 20:42:14 | 000,918,880 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012.03.14 20:41:58 | 000,982,880 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.28 20:54:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.08.28 20:54:10 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2011.08.28 20:54:09 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011.08.28 20:54:09 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.11.17 21:04:42 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3427.27902__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2009.11.17 21:04:42 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3427.27906__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2009.11.17 21:04:41 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3427.27820__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.11.17 21:04:41 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3427.27890__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.11.17 21:04:41 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3427.27802__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:41 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3427.27821__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.11.17 21:04:41 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3427.27872__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:41 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3427.27810__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3427.27853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3427.27815__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.11.17 21:04:41 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3427.27844__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3427.27810__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:41 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3427.27902__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2009.11.17 21:04:41 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3427.27902__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2009.11.17 21:04:40 | 000,348,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3427.27858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3427.27859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.11.17 21:04:40 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3427.27820__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:40 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3427.27858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3427.27892__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3427.27820__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:39 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3427.27901__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:39 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3427.27900__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:38 | 000,782,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3427.27847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:38 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3427.27811__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:38 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3427.27866__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.11.17 21:04:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3427.27821__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3427.27851__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3427.27846__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3427.27851__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:37 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3427.27822__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:37 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3427.27845__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:37 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.11.17 21:04:37 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3427.27845__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3427.27825__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3427.27846__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3427.27852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.11.17 21:04:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3400.34777__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.11.17 21:04:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3400.34756__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.11.17 21:04:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3400.34767__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.11.17 21:04:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3400.34762__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.11.17 21:04:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3400.34792__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009.11.17 21:04:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3400.34791__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.11.17 21:04:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3400.34775__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.11.17 21:04:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3400.34791__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.11.17 21:04:36 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.11.17 21:04:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3400.34760__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.11.17 21:04:35 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3400.34770__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.11.17 21:04:35 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.11.17 21:04:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3400.34788__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.11.17 21:04:35 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3400.34755__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.11.17 21:04:35 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3400.34807__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.11.17 21:04:35 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3400.34768__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.11.17 21:04:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009.11.17 21:04:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3400.34770__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.11.17 21:04:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3400.34764__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.11.17 21:04:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3400.34779__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009.11.17 21:04:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3400.34774__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.11.17 21:04:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.11.17 21:04:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3400.34789__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.11.17 21:04:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.11.17 21:04:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3400.34767__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.11.17 21:04:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3400.34779__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.11.17 21:04:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3400.34783__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3400.34792__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3400.34782__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3400.34780__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3400.34773__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3400.34779__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.11.17 21:04:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.11.17 21:04:33 | 000,602,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3427.27914__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009.11.17 21:04:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.11.17 21:04:33 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3427.27896__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.11.17 21:04:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3400.34782__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.11.17 21:04:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3400.34776__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.11.17 21:04:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3400.34766__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009.11.17 21:04:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3400.34775__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.11.17 21:04:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3400.34767__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.11.17 21:04:33 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.11.17 21:04:33 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.11.17 21:04:33 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3427.27797__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.11.17 21:04:32 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3427.27880__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.11.17 21:04:32 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3427.27815__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.11.17 21:04:32 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3427.27885__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.11.17 21:04:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3427.27884__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.11.17 21:04:32 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3427.27801__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.11.17 21:04:32 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3427.27800__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.11.17 21:04:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3400.34776__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.11.17 21:04:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3400.34762__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.11.17 21:04:32 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3400.34764__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.11.17 21:04:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3400.34776__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.11.17 21:04:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3400.34775__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.11.17 21:04:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3400.34774__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.11.17 21:04:31 | 001,208,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3427.27806__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.11.17 21:04:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3427.27799__90ba9c70f846762e\APM.Server.dll
MOD - [2009.11.17 21:04:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3427.27798__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.11.17 21:04:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3400.34772__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.11.17 21:04:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.11.17 21:04:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3400.34783__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.11.17 21:04:31 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3427.27885__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2006.10.23 01:21:28 | 000,917,504 | ---- | M] () -- E:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
MOD - [2004.11.18 15:38:08 | 000,537,600 | ---- | M] () -- C:\Program Files\ASUS\Probe\COLM7578.DLL
MOD - [2004.11.08 11:29:08 | 000,057,344 | ---- | M] () -- C:\Program Files\ASUS\Probe\AsmiEHFA.dll
MOD - [2004.09.17 16:59:24 | 000,084,992 | ---- | M] () -- C:\Program Files\ASUS\Probe\coDmi.dll
MOD - [2002.12.06 17:07:48 | 000,617,984 | ---- | M] () -- C:\Program Files\ASUS\Probe\AsusProb.exe
MOD - [2001.09.10 12:28:26 | 000,090,624 | ---- | M] () -- C:\Program Files\ASUS\Probe\CODISK.DLL
MOD - [1999.04.27 21:15:44 | 000,016,896 | ---- | M] () -- C:\Program Files\ASUS\Probe\COLMICO.DLL
MOD - [1998.11.20 03:57:24 | 000,018,944 | ---- | M] () -- C:\Program Files\ASUS\Probe\DISKICO.DLL
MOD - [1998.02.09 04:00:00 | 000,187,392 | ---- | M] () -- C:\WINDOWS\system\BCBSMP35.BPL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- E:\java\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.05.14 19:28:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 18:43:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 18:43:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 21:39:09 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- e:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.14 20:42:14 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011.12.19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2009.12.15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.11.08 20:26:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.08.15 00:41:22 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- e:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007.03.20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2002.12.31 14:00:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.08.09 03:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.08 18:43:02 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:43:02 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.28 19:41:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.08.28 19:41:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.05.25 06:21:44 | 006,554,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- e:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2004.09.25 03:14:40 | 002,276,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004.03.17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [1997.04.22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={FE058F27-9DFF-40D7-8B11-69846CCD4026}&mid=8a808028fe4447d18c8ad1589eaf3534-df24ae1ba9e5a16f324208854a92b2c2f07f9d21&lang=en&ds=tg025&pr=sa&d=2011-08-16 21:24:39&v=8.0.0.33&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\java\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: E:\sony\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: E:\java\lib\deploy\jqs\ff [2012.05.17 10:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\10.2.0.3\ [2012.03.14 20:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.02 21:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.15 11:41:48 | 000,000,000 | ---D | M]
 
[2009.11.17 21:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.05.08 18:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\76hii139.default\extensions
[2010.05.25 22:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\76hii139.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.22 12:14:49 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\76hii139.default\extensions\piclens@cooliris.com
[2011.08.16 10:07:48 | 000,000,935 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\76hii139.default\searchplugins\conduit.xml
[2012.02.20 15:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.17 10:34:35 | 000,000,000 | ---D | M] (No name found) -- E:\JAVA\LIB\DEPLOY\JQS\FF
[2012.05.02 21:39:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.05.02 21:39:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.14 20:41:54 | 000,003,768 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.05.02 21:39:02 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.05.02 21:39:02 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.02 21:39:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.02 21:39:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.02 21:39:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = E:\sony\npmediago.dll
CHR - Extension: Brushed = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
 
O1 HOSTS File: ([2002.12.31 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\java\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\java\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] e:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Programme\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] e:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = E:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8 - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259405182109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26E96B3-B385-4115-8084-862ADA913CBA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.27 14:38:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.21 00:49:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.20 17:15:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.05.20 17:15:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.05.20 17:15:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.05.20 17:15:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.14 19:28:02 | 004,126,880 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012.05.14 19:08:56 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.02 21:39:16 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012.05.02 21:39:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012.04.26 19:00:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.21 20:28:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.21 19:39:53 | 000,002,189 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2012.05.21 19:39:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.21 19:30:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.20 17:15:45 | 000,000,636 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.20 17:13:25 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.05.20 02:41:44 | 000,015,017 | ---- | M] () -- C:\OTL.zip
[2012.05.14 19:28:21 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.14 19:28:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.05.14 19:28:03 | 004,126,880 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012.05.14 19:05:48 | 001,482,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.11 20:37:20 | 000,452,398 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.11 20:37:20 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.11 20:37:20 | 000,081,356 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.11 20:37:20 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.11 20:33:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.05.09 11:07:11 | 000,002,424 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ZbThumbnail.info
[2012.05.08 18:43:02 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.05.08 18:43:02 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.04.22 17:38:42 | 000,000,497 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Hausausbau.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.20 17:15:45 | 000,000,636 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.20 02:41:44 | 000,015,017 | ---- | C] () -- C:\OTL.zip
[2012.05.14 19:08:58 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.22 17:38:44 | 000,000,497 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Hausausbau.lnk
[2012.02.16 13:28:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.01.04 23:01:47 | 000,037,916 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.09.22 22:25:39 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
 
========== LOP Check ==========
 
[2009.10.27 14:50:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avant Browser
[2011.08.16 21:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVG Secure Search
[2011.08.25 21:06:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Azureus
[2011.08.31 20:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BitTorrent
[2009.11.16 22:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blitware
[2009.11.15 16:03:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Bump Technologies, Inc
[2011.08.29 21:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2010.09.22 22:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataCast
[2011.03.26 14:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kalypso Media
[2010.04.12 23:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MoveFab
[2011.08.16 21:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenCandy
[2011.08.16 21:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ProtectDISC
[2011.08.28 19:10:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2011.12.18 14:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Temp
[2010.06.25 20:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Vso
[2012.03.14 20:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2012.01.29 20:31:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare
[2011.08.16 21:24:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.07.13 22:51:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2010.07.25 17:26:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.07.13 22:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB
[2010.07.20 17:45:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk
[2010.04.01 20:43:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.01.17 21:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.11.22 20:46:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009.11.16 22:22:57 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 21.05.2012 20:57:58 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = E:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1023,29 Mb Total Physical Memory | 378,79 Mb Available Physical Memory | 37,02% Memory free
1,64 Gb Paging File | 0,96 Gb Available in Paging File | 58,71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 8,65 Gb Free Space | 29,54% Space Free | Partition Type: NTFS
Drive E: | 204,46 Gb Total Space | 69,02 Gb Free Space | 33,76% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,32 Gb Free Space | 70,89% Space Free | Partition Type: FAT
 
Computer Name: TESTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bertelsmann Fotowelt] -- "E:\Programme\Bertelsmann Fotowelt\Bertelsmann Fotowelt\Bertelsmann Fotowelt.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "E:\Programme\Bertelsmann Fotowelt\Bertelsmann Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Programme\Dragon Age\bin_ship\daorigins.exe" = E:\Programme\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
"E:\Programme\Dragon Age\DAOriginsLauncher.exe" = E:\Programme\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins-Launcher -- (BioWare)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"E:\Programme\Mass Effect\Binaries\MassEffect.exe" = E:\Programme\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"E:\Programme\Mass Effect\MassEffectLauncher.exe" = E:\Programme\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"E:\Programme\Azureus\Azureus.exe" = E:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"E:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\RpcAgentSrv.exe" = E:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"E:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\RpcSandraSrv.exe" = E:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"E:\Programme\BitTorrent\BitTorrent.exe" = E:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Programme\Winamp\winamp.exe" = E:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"E:\Programme\Dragon Age\bin_ship\daorigins.exe" = E:\Programme\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01EDE11B-EB21-2701-FF66-AADA744E182B}" = ccc-core-static
"{024715BE-F78D-41F9-901D-49BA6B544BA2}" = CCC Help Turkish
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{053BE69E-4EFE-3621-3613-30080CD26070}" = Catalyst Control Center Graphics Previews Common
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0AB4AFD4-476A-3E44-9416-6112708379AE}" = CCC Help Thai
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{14E8D0B1-FB60-A872-73E9-F52C87513F57}" = Catalyst Control Center Graphics Full New
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DA75811-6C2C-ABFA-7DBF-9B9EDAA005E3}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207EB480-FA5B-B609-F9CD-5F63F243D629}" = ccc-utility
"{262F9FEE-D77E-38B5-61DE-66F5EC7EE03A}" = CCC Help Russian
"{267206F7-2E69-B677-05D6-55EBBB5E4371}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{32477761-57AE-4D26-A493-9AA1658B6615}" = ATI AVIVO Codecs
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel(R) PROSafe for Wired Connections
"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel(R) PROSafe for Wired Connections
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{44335D10-4726-48EC-5648-3EF042A1B6D8}" = CCC Help Dutch
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{49507D91-E5D7-1775-1120-41C70E8B90A5}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4BDDFD80-871F-1C7D-2C3E-C26F9DBF9AFF}" = CCC Help Portuguese
"{4CECCA9F-E57A-4A9A-EB17-8748BA14CACE}" = CCC Help Hungarian
"{5257E54B-FD62-5880-250F-8E0B78389B56}" = Catalyst Control Center Graphics Light
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56AEF944-DC3C-6666-1E7A-8ED7C5DFBCF4}" = CCC Help Danish
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{590F4980-1C17-EF89-E0C8-1D5866385DD5}" = CCC Help English
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ECA5B22-4073-8A6D-2E7E-8F4C39FC4309}" = Catalyst Control Center InstallProxy
"{64649281-4B5D-4425-A0F7-E79F6756FFC8}" = Tweak UI
"{68A6B421-C509-86D8-D272-0EDCC32EE7FC}" = Catalyst Control Center Graphics Full Existing
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6E715460-12AB-5099-C134-8286198B8484}" = CCC Help Norwegian
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7234061E-3D70-2682-F47B-75A5D2F83685}" = Catalyst Control Center
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EAA4E86-5F00-C12A-89F7-0B6E500BF335}" = CCC Help English
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B1AA2E-6FAC-CDAD-4993-45BD23B6ED8A}" = CCC Help Czech
"{93973C6B-F862-4C16-84D1-7B675D650103}" = CANON iMAGE GATEWAY Task
"{93FCF917-B49C-E998-F2C8-B907FEBDA5C9}" = CCC Help Korean
"{94F55336-14AB-9449-7C40-6326C08F793E}" = ccc-core-preinstall
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6CE82F8-3B48-7995-6910-4895C75C02A5}" = CCC Help Finnish
"{A873F7D0-83E1-2E1D-DEAF-D6D8FF8A75F6}" = CCC Help Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B203EC06-151B-36D7-EBD5-E1FD49398C3E}" = CCC Help German
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B7FB9063-8386-6DA7-883A-57C8E00495FC}" = CCC Help Swedish
"{B91263B8-012B-928A-AA69-ABCC271A33BD}" = Catalyst Control Center Graphics Previews Common
"{B99F2C0C-244A-4A41-1CF8-878FAEA1E7E3}" = CCC Help Japanese
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE4F388F-E7B6-43E8-8856-6B74AC375A87}" = Media Go
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (G)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP4c
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6114354-6063-A72B-F6DB-9920CC8347E6}" = Catalyst Control Center HydraVision Full
"{C67ED8BC-1A34-19F8-5C0F-EB1CCAD54865}" = Catalyst Control Center Core Implementation
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D4B082E3-4026-C93A-9693-6DB10BCE9190}" = CCC Help Polish
"{D7739941-59D4-F971-A68B-0318CFBE02D6}" = ccc-utility
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CD42A1-DACD-B720-EE07-90171647A1D2}" = CCC Help Italian
"{F66714D7-5775-50C6-AC24-9FF334BC01A6}" = Catalyst Control Center Localization All
"{F86B8D60-D28D-E501-9F7A-B2DEF3BA1687}" = CCC Help Chinese Traditional
"{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF6FD920-4041-6DC0-F8E9-E39F601C0A87}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS Probe V2.23.06" = ASUS Probe V2.23.06
"AvantBrowser" = Avant Browser (remove only)
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Azureus" = Azureus
"Bertelsmann Fotowelt" = Bertelsmann Fotowelt
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber
"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{93973C6B-F862-4C16-84D1-7B675D650103}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX
"IsoBuster_is1" = IsoBuster 1.6
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.27 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"PROSetDX" = Intel(R) PRO Netzwerkverbindungs-Software v9.2.4.9
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"TightVNC_is1" = TightVNC 1.2.9
"Totalcmd" = Total Commander (Remove or Repair)
"Update Engine" = Sony Ericsson Update Engine
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.7.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2012 04:37:53 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.100:5353   16 100.0.168.192.in-addr.arpa.
 PTR tester-2.local.
 
Error - 17.05.2012 04:37:53 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   14 100.0.168.192.in-addr.arpa.
 PTR tester.local.
 
Error - 19.05.2012 18:59:48 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.100:5353   16 100.0.168.192.in-addr.arpa.
 PTR tester-2.local.
 
Error - 19.05.2012 18:59:48 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   14 100.0.168.192.in-addr.arpa.
 PTR tester.local.
 
Error - 20.05.2012 13:08:24 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.100:5353   16 100.0.168.192.in-addr.arpa.
 PTR tester-2.local.
 
Error - 20.05.2012 13:08:24 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   14 100.0.168.192.in-addr.arpa.
 PTR tester.local.
 
Error - 20.05.2012 13:38:22 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.100:5353   16 100.0.168.192.in-addr.arpa.
 PTR tester-2.local.
 
Error - 20.05.2012 13:38:22 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   14 100.0.168.192.in-addr.arpa.
 PTR tester.local.
 
Error - 21.05.2012 13:30:37 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.100:5353   16 100.0.168.192.in-addr.arpa.
 PTR tester-2.local.
 
Error - 21.05.2012 13:30:37 | Computer Name = TESTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   14 100.0.168.192.in-addr.arpa.
 PTR tester.local.
 
[ System Events ]
Error - 20.05.2012 13:38:12 | Computer Name = TESTER | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplat
 0, Funktion 1.    Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 20.05.2012 13:38:12 | Computer Name = TESTER | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 20.05.2012 13:38:12 | Computer Name = TESTER | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplat
 0, Funktion 1.    Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 20.05.2012 13:38:25 | Computer Name = TESTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 20.05.2012 13:38:34 | Computer Name = TESTER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCIIde
 
Error - 20.05.2012 13:38:43 | Computer Name = TESTER | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplat
 0, Funktion 1.    Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 21.05.2012 13:30:29 | Computer Name = TESTER | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplat
 0, Funktion 1.    Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 21.05.2012 13:30:29 | Computer Name = TESTER | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplat
 0, Funktion 1.    Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 21.05.2012 13:30:40 | Computer Name = TESTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 21.05.2012 13:30:56 | Computer Name = TESTER | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplat
 0, Funktion 1.    Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >

--- --- ---

kriwo · 21.05.2012, 20:56

Sorry hat nicht alles in eine Antwort gepasst....

und nun noch die CCleaner Textdatei

Code:

ATTFilter

Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	21.05.2012		11.2.202.235
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	21.05.2012		11.2.202.235
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	15.04.2012	122,6MB	10.1.3
Apple Application Support	Apple Inc.	18.12.2011	62,9MB	2.1.6
Apple Mobile Device Support	Apple Inc.	20.11.2011	24,1MB	4.0.0.97
Apple Software Update	Apple Inc.	16.08.2011	2,38MB	2.1.3.127
ASUS Probe V2.23.06		21.05.2012		
ATI AVIVO Codecs	ATI Technologies Inc.	17.11.2009	2,20MB	10.5.0.40515
ATI Catalyst Control Center				2.009.0520.1630
ATI Catalyst Install Manager	ATI Technologies, Inc.	05.07.2011	16,6MB	3.0.829.0
Avant Browser (remove only)		21.05.2012		
AVG Security Toolbar	AVG Technologies	20.05.2012		10.2.0.3
Avira Free Antivirus	Avira	21.05.2012		12.0.0.1125
Azureus		21.05.2012		2.5.0.4
Bertelsmann Fotowelt		21.05.2012		
BitTorrent		21.05.2012		7.2.1
BittorrentBar_DE Toolbar	BittorrentBar_DE	21.05.2012		
Bonjour	Apple Inc.	12.10.2011	0,73MB	3.0.0.10
Canon Camera Support Core Library	Canon	12.11.2009		7.3.0.4
Canon Camera Window DC_DV 5 for ZoomBrowser EX	Canon	12.11.2009		5.4.4
Canon Camera Window DSLR 5 for ZoomBrowser EX	Canon	12.11.2009		5.3.1
Canon Camera Window MC 5 for ZoomBrowser EX	Canon	12.11.2009		5.4.3
Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber	Canon	12.11.2009		5.6
CANON iMAGE GATEWAY Task for ZoomBrowser EX	Canon	12.11.2009		1.0.0.23
Canon Internet Library for ZoomBrowser EX	Canon Inc.	12.11.2009		1.4.0
Canon PhotoRecord	Cisra	12.11.2009	80,5MB	02.02.03002
Canon RAW Image Task for ZoomBrowser EX	Canon	12.11.2009		2.2
Canon ScanGear Toolbox 3.0		21.05.2012		
Canon Utilities Digital Photo Professional 2.0	Canon	12.11.2009		2.0
Canon Utilities EOS Capture 1.5	Canon	12.11.2009		1.5
Canon Utilities PhotoStitch 3.1	Canon	12.11.2009		3.1.16
Canon ZoomBrowser EX (G)	Canon	12.11.2009	33,1MB	5.05.0000
CCleaner	Piriform	21.05.2012		3.18
Compatibility Pack für 2007 Office System	Microsoft Corporation	12.05.2011	65,0MB	12.0.6021.5000
ContentSAFER for Wizmax				
Dragon Age: Origins	Electronic Arts, Inc.	21.05.2012		1.04
Driver Whiz	Driver Whiz	13.07.2010	6,81MB	8.0.1
DVDFab 7.0.3.0 (26/03/2010)	Fengtao Software Inc.	25.06.2010		
EPSON-Drucker-Software		20.05.2012		
Google Chrome	Google Inc.	10.01.2010		19.0.1084.46
Google Earth	Google	25.11.2011	92,8MB	6.1.0.5001
High Definition Audio Driver Package - KB835221	Microsoft Corporation	20.05.2012		20040219.000000
HydraVision	ATI Technologies Inc.	15.11.2009	5,14MB	4.0.2.0
Intel(R) Graphics Media Accelerator Driver		21.05.2012		
Intel(R) PRO Netzwerkverbindungs-Software v9.2.4.9		21.05.2012		
IsoBuster 1.6	Smart Projects	21.05.2012		1.6
iTunes	Apple Inc.	18.12.2011	169,6MB	10.5.2.11
Java(TM) 6 Update 29	Oracle	16.08.2011	91,1MB	6.0.290
K-Lite Codec Pack 2.27 Full		20.05.2012		2.27
KODAK All-in-One Software	Eastman Kodak Company	20.05.2012		7.3.8.20
Macromedia FreeHand MX	Macromedia	21.05.2012		11
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	20.05.2012		1.61.0.1400
Mass Effect	Electronic Arts, Inc.	21.05.2012		1.00
Media Go	Sony	28.08.2011	72,4MB	1.8.121
Microsoft .NET Framework 2.0 Language Pack - DEU	Microsoft Corporation	28.08.2011		
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	11.05.2012	780MB	2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	11.05.2012	257MB	3.2.30729
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	11.05.2012		
Microsoft Baseline Security Analyzer 1.2.1	Microsoft Corporation	27.10.2009	3,71MB	1.2.4013.0
Microsoft Compression Client Pack 1.0 for Windows XP	Microsoft Corporation	22.09.2010		1
Microsoft Office Professional Edition 2003	Microsoft Corporation	27.10.2009	450MB	11.0.6361.0
Microsoft User-Mode Driver Framework Feature Pack 1.0	Microsoft Corporation	22.09.2010		
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	28.08.2011	4,64MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	25.07.2010	5,24MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	04.05.2011	9,65MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	16.11.2009	10,3MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	26.03.2011	10,2MB	9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	06.11.2011	11,1MB	10.0.40219
MobileMe Control Panel	Apple Inc.	16.08.2011	12,0MB	3.1.6.0
Mozilla Firefox 12.0 (x86 de)	Mozilla	21.05.2012		12.0
Mozilla Maintenance Service	Mozilla	21.05.2012		12.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	09.10.2010	1,42MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	09.10.2010	2,77MB	4.20.9876.0
MSXML 6 Service Pack 2 (KB973686)	Microsoft Corporation	30.11.2009	1,40MB	6.20.2003.0
Nero 6 Ultra Edition		21.05.2012		
NVIDIA PhysX	NVIDIA Corporation	29.01.2012	121,6MB	9.09.0203
PlayStation(R)Network Downloader	Sony Computer Entertainment Inc.	28.08.2011	9,26MB	2.06.00741
PlayStation(R)Store	Sony Computer Entertainment Inc.	28.08.2011	5,45MB	4.3.3.12540
QuickTime	Apple Inc.	16.12.2010	73,7MB	7.69.80.9
Realtek High Definition Audio Driver		21.05.2012		
Safari	Apple Inc.	11.03.2011	41,3MB	5.33.20.27
SiSoftware Sandra Lite 2011.SP4c	SiSoftware	16.08.2011		17.77.2011.10
SIW version 2011.07.07	Topala Software Solutions	16.08.2011		2011.07.07
Sony Ericsson PC Companion 2.02.002	Sony Ericsson	10.12.2011		2.02.002
Sony Ericsson Update Engine	Sony Ericsson Mobile Communications AB	21.05.2012		2.11.7.13
Spybot - Search & Destroy 1.3	Safer Networking Limited	21.05.2012		1.3
TightVNC 1.2.9	Constantin Kaplinsky	21.05.2012		1.2.9
Total Commander (Remove or Repair)		21.05.2012		
Tweak UI	Microsoft Corporation	27.10.2009	0,42MB	2.10.0000
VideoLAN VLC media player 0.7.2	VideoLAN Team	21.05.2012		0.7.2
VirtualCloneDrive	Elaborate Bytes	21.05.2012		
Winamp Erkennungs-Plug-in	Nullsoft, Inc	25.08.2011		1.0.0.1
Windows Internet Explorer 8	Microsoft Corporation	06.12.2009		20090308.140743
Windows Media Format 11 runtime		21.05.2012		
Windows Media Player 11		21.05.2012		
Windows XP Service Pack 3	Microsoft Corporation	13.12.2009		20080414.031514
WinRAR Archivierer		21.05.2012

Soweit so gut... der Rechner und meine Datein sind fürs erste mal erreichbar...

Nochmals Dank für deine Hilfe, werde aber wohl das System neu aufsetzen um ganz sicher zu sein ??? oder was meinst du???
Aber vorher noch rasch die Familienfotos gesichert...

Viele Grüße kriwo

kira · 21.05.2012, 21:26

Zitat:

Zitat von kriwo

...werde aber wohl das System neu aufsetzen um ganz sicher zu sein ??? oder was meinst du???

Mußt Du sogar da dein System durch gecrackte Software kompromittiert:-> *klick* - Technische Kompromittierung

- Nämlich das Installieren von "nicht legal erworbene Software" ist eine ziemlich sichere Methode, ein Rechner zu infizieren

- Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um:

Code:

ATTFilter

C:\Programme\B5APPZ\0002\Patch.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\B5APPZ\0012\Patch.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\B5APPZ\0016\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\B5APPZ\0061\CrackSearcher.exe (PUP.CrackSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Denn die die angebotenen Programme und Dateien enthalten schädliche Inhalte - äußerst gefährlicher Malware wie z.b Backdoors und Rootkits
** Du solltest in so einem Fall mal dein Konsummuster überdenken

Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne Malware bzw gerackte Software -> Empfehle ich Dir NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
-> Ich möchte dich darauf hinweisen, dass wir bei Verwendung von Keygens & Cracks keine Beihilfe leisten wollen! :-> Forumregel:- Cracks, Keygens und andere illegale Software

Zitat:

Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.

windows verschuesselungs trojaner

Log-Analyse und Auswertung: windows verschuesselungs trojaner