Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.06.2012, 13:13   #1
Numitor
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Avira spuckt mir folgende Funde aus:

Typ: Datei
Quelle: C:\Windows\SysWOW64\d3dybse3i.dll
Status: Infiziert
Quarantäne-Objekt: 4a3d8f14.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.42
Virendefinitionsdatei: 7.11.27.144
Meldung: TR/ATRAPS.Gen
Datum/Uhrzeit: 13.04.2012, 15:50

Typ: Datei
Quelle: C:\Windows\SysWOW64\nsp4gkpf.dll
Status: Infiziert
Quarantäne-Objekt: 55b81a4c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.80
Virendefinitionsdatei: 7.11.32.116
Meldung: TR/PSW.Kykymber.ceig
Datum/Uhrzeit: 11.06.2012, 11:29

Den ersten habe ich damals leider ignoriert.
Probleme sind noch keine aufgetreten, fühle mich aber langsam nicht mehr sicher wegen Onlinebanking, Paypal etc. Nutze AVIRA, Ad-Aware und gelegentlich MBAM. Zudem Mozilla mit Noscript und den Windows Defender.


MBAM sagt folgendes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernhard :: BERNHARD-PC [Administrator]

11.06.2012 11:48:13
mbam-log-2012-06-11 (11-48-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 482349
Laufzeit: 1 Stunde(n), 18 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Bernhard\Downloads\SoftonicDownloader_fuer_speedupmypc.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
OTL das:

Code:
ATTFilter
OTL logfile created on: 11.06.2012 13:48:37 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Bernhard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 42,14% Memory free
9,99 Gb Paging File | 7,59 Gb Available in Paging File | 75,95% Paging File free
Paging file location(s): C:\pagefile.sys 6139 6139 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,45 Gb Total Space | 31,08 Gb Free Space | 26,69% Space Free | Partition Type: NTFS
Drive D: | 329,78 Gb Total Space | 153,38 Gb Free Space | 46,51% Space Free | Partition Type: NTFS
 
Computer Name: BERNHARD-PC | User Name: Bernhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.11 13:39:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bernhard\Desktop\OTL.exe
PRC - [2012.06.06 10:57:26 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.25 19:14:40 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012.05.25 19:14:39 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012.05.08 18:36:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:36:44 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2012.05.08 18:36:44 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:36:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.16 14:27:24 | 000,025,464 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012.04.09 16:15:44 | 000,968,328 | ---- | M] (e-academy Inc.) -- C:\Users\Bernhard\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.27 16:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.09.26 22:04:35 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011.01.24 02:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011.01.24 02:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.08.31 21:13:29 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.02.05 19:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.02.04 23:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.06 10:57:26 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.17 10:52:51 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.26 22:04:35 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.01.24 02:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011.01.24 02:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010.04.05 12:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
MOD - [2010.04.05 12:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010.04.05 12:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
MOD - [2010.04.05 12:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
MOD - [2010.04.05 12:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
MOD - [2010.04.01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
MOD - [2010.04.01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.06.23 13:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
MOD - [2009.06.23 13:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009.06.23 13:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
MOD - [2009.05.27 14:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009.04.28 09:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009.04.07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009.03.10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009.03.02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.06.02 16:59:51 | 000,354,304 | ---- | M] (Parental Solutions Inc.) [Auto | Running] -- C:\Windows\SysNative\poua7stgo.dll -- (Dnscache)
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.04.14 22:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010.04.14 22:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.05.04 16:47:36 | 000,809,984 | ---- | M] (OptionNV) [Disabled | Stopped] -- C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe -- (GtDetectSc)
SRV:64bit: - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2012.06.06 10:57:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.25 19:14:39 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.05.17 10:52:51 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 18:36:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:36:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.25 23:31:21 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.12 17:07:51 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.04.14 22:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.04.14 22:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.12.04 15:45:06 | 000,111,904 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe -- (NWHelper)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.11 09:05:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.08 18:36:46 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 18:36:46 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.23 08:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.11.05 16:46:43 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.10.27 03:25:42 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.09 08:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.08.31 12:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.08.07 11:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010.06.19 16:49:14 | 000,012,800 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010.04.19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010.04.13 12:15:03 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.04 11:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.09 12:19:13 | 001,586,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.22 11:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.11.10 16:56:24 | 000,256,000 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2009.10.07 09:13:33 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 09:13:33 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.23 17:48:59 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 12:15:57 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.05.05 04:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.02.03 18:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2008.12.08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.08.03 06:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2012.01.14 22:45:05 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE459
IE - HKCU\..\SearchScopes\{8A1156F9-A62C-4069-8BBB-432ADD4BC21C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=2c8ec2c8-d2f1-4de8-bf5b-a0d292ec2703&apn_sauid=9D2FE97D-246E-4C1D-BC91-3CD45A996AFF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: trackmenot@mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.4
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.10
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.10 17:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 10:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.11 09:20:12 | 000,000,000 | ---D | M]
 
[2010.11.23 01:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Extensions
[2012.03.19 11:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions
[2012.01.01 18:54:40 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011.08.20 10:23:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.21 22:56:19 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.11.24 18:21:44 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\illimitux@illimitux.net
[2011.07.31 14:01:52 | 000,000,000 | ---D | M] (TrackMeNot) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\trackmenot@mrl.nyu.edu
[2012.02.18 07:57:00 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\zotero@chnm.gmu.edu
[2012.06.06 10:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\extensions
[2012.05.20 19:04:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.17 01:34:27 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\extensions\ich@maltegoetz.de
[2012.05.05 17:58:03 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\extensions\zotero@chnm.gmu.edu
[2011.09.10 01:19:30 | 000,002,394 | ---- | M] () -- C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\53xlmtrd.default\searchplugins\askcom.xml
[2012.01.14 01:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.22 20:53:07 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.10 17:41:28 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.24 14:03:51 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\BERNHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\53XLMTRD.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012.03.19 11:32:11 | 000,521,058 | ---- | M] () (No name found) -- C:\USERS\BERNHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\53XLMTRD.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.12.08 09:02:06 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\BERNHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\53XLMTRD.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011.12.09 12:10:52 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\BERNHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\53XLMTRD.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012.06.06 10:57:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.20 21:57:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 21:57:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.20 21:57:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.20 21:57:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.20 21:57:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.20 21:57:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\d3dybse3i.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89287100-6AAE-406B-A4D7-5C0DB236B402}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C80D883-BC3A-4E2A-9DD4-FFC52A9BB3FF}: DhcpNameServer = 10.74.83.22 193.254.160.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23ee7e75-07bc-11e1-be48-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{23ee7e75-07bc-11e1-be48-485b3998c3f1}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{23ee7ecc-07bc-11e1-be48-c17cf2eba36b}\Shell - "" = AutoRun
O33 - MountPoints2\{23ee7ecc-07bc-11e1-be48-c17cf2eba36b}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{23ee7ef9-07bc-11e1-be48-c17cf2eba36b}\Shell - "" = AutoRun
O33 - MountPoints2\{23ee7ef9-07bc-11e1-be48-c17cf2eba36b}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{2658433d-ac83-11e0-b7c2-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2658433d-ac83-11e0-b7c2-485b3998c3f1}\Shell\AutoRun\command - "" = G:\OriginInstaller.exe
O33 - MountPoints2\{275ecf27-c66b-11e0-9eee-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{275ecf27-c66b-11e0-9eee-485b3998c3f1}\Shell\AutoRun\command - "" = I:\BALDUR.EXE
O33 - MountPoints2\{3165ec13-090f-11e1-a6b5-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{3165ec13-090f-11e1-a6b5-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{71c62b7c-4dc8-11e1-9c2f-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{71c62b7c-4dc8-11e1-9c2f-485b3998c3f1}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{8ce174fe-087f-11e1-92b6-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{8ce174fe-087f-11e1-92b6-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{8ce175ac-087f-11e1-92b6-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{8ce175ac-087f-11e1-92b6-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{8ce175b7-087f-11e1-92b6-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{8ce175b7-087f-11e1-92b6-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{963db2a9-bf4d-11e0-bb48-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{963db2a9-bf4d-11e0-bb48-485b3998c3f1}\Shell\AutoRun\command - "" = F:\baldur.exe
O33 - MountPoints2\{ac7ffc79-0889-11e1-9c3d-485b3998c3f1}\Shell - "" = AutoRun
O33 - MountPoints2\{ac7ffc79-0889-11e1-9c3d-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 13:39:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bernhard\Desktop\OTL.exe
[2012.06.11 13:34:23 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Desktop\Music
[2012.06.11 13:16:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bernhard\Desktop\HiJackThis204.exe
[2012.06.11 12:56:02 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Downloads
[2012.06.11 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\e-academy Inc
[2012.06.11 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\e-academy Inc
[2012.06.04 20:47:43 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.06.02 16:59:51 | 000,354,304 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\SysNative\poua7stgo.dll
[2012.05.30 08:29:18 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2012.05.30 08:29:14 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2012.05.21 14:46:31 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Mp3tag
[2012.05.21 14:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2012.05.21 14:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2012.05.21 14:41:05 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Hulubulu
[2012.05.21 14:37:12 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.05.20 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\Any Video Converter
[2012.05.20 19:18:00 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\AnvSoft
[2012.05.20 19:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2012.05.20 19:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2012.05.20 19:04:34 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.05.20 16:03:51 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012.05.14 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\Diablo III
[2012.05.14 19:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.14 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.14 19:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.05.14 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.05.14 13:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 13:39:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bernhard\Desktop\OTL.exe
[2012.06.11 13:38:44 | 000,000,168 | ---- | M] () -- C:\Users\Bernhard\defogger_reenable
[2012.06.11 13:38:28 | 000,050,477 | ---- | M] () -- C:\Users\Bernhard\Desktop\Defogger.exe
[2012.06.11 13:17:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bernhard\Desktop\HiJackThis204.exe
[2012.06.11 12:56:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 12:54:17 | 000,003,161 | ---- | M] () -- C:\Users\Bernhard\Desktop\Secure Download Manager.lnk
[2012.06.11 12:52:12 | 000,718,336 | ---- | M] () -- C:\Users\Bernhard\Desktop\SDM_DE.msi
[2012.06.11 12:43:16 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 12:43:16 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 01:31:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012.06.11 01:30:06 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.11 01:29:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 01:29:27 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 15:02:26 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.06.09 12:53:54 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.06.09 12:53:54 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.06.07 22:51:30 | 000,015,637 | ---- | M] () -- C:\Users\Bernhard\.recently-used.xbel
[2012.06.04 20:47:43 | 000,000,516 | ---- | M] () -- C:\Users\Bernhard\Desktop\Fraps.lnk
[2012.06.02 16:59:51 | 000,354,304 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\poua7stgo.dll
[2012.05.30 08:29:18 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2012.05.30 08:29:14 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2012.05.26 13:56:29 | 000,007,607 | ---- | M] () -- C:\Users\Bernhard\AppData\Local\Resmon.ResmonCfg
[2012.05.21 14:46:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.05.20 19:17:41 | 000,001,238 | ---- | M] () -- C:\Users\Bernhard\Desktop\Any Video Converter.lnk
[2012.05.17 20:06:15 | 000,001,493 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.05.14 23:12:43 | 000,612,043 | ---- | M] () -- C:\Users\Bernhard\Documents\14-05-2012 23;12;43.PDF
[2012.05.14 19:47:13 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.14 16:36:43 | 000,609,361 | ---- | M] () -- C:\Users\Bernhard\Documents\14-05-2012 16;36;43.PDF
[2012.05.14 12:27:40 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.14 12:27:40 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.14 12:27:40 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.14 12:27:40 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.14 12:27:40 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.12 15:18:49 | 000,412,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.11 13:38:44 | 000,000,168 | ---- | C] () -- C:\Users\Bernhard\defogger_reenable
[2012.06.11 13:37:59 | 000,050,477 | ---- | C] () -- C:\Users\Bernhard\Desktop\Defogger.exe
[2012.06.11 12:54:17 | 000,003,161 | ---- | C] () -- C:\Users\Bernhard\Desktop\Secure Download Manager.lnk
[2012.06.11 12:51:53 | 000,718,336 | ---- | C] () -- C:\Users\Bernhard\Desktop\SDM_DE.msi
[2012.06.11 01:30:06 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.07 22:51:30 | 000,015,637 | ---- | C] () -- C:\Users\Bernhard\.recently-used.xbel
[2012.06.04 20:47:43 | 000,000,516 | ---- | C] () -- C:\Users\Bernhard\Desktop\Fraps.lnk
[2012.05.26 13:56:29 | 000,007,607 | ---- | C] () -- C:\Users\Bernhard\AppData\Local\Resmon.ResmonCfg
[2012.05.21 14:46:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.05.20 19:17:41 | 000,001,238 | ---- | C] () -- C:\Users\Bernhard\Desktop\Any Video Converter.lnk
[2012.05.17 10:52:55 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.14 23:12:43 | 000,612,043 | ---- | C] () -- C:\Users\Bernhard\Documents\14-05-2012 23;12;43.PDF
[2012.05.14 19:19:24 | 000,001,209 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.14 16:36:43 | 000,609,361 | ---- | C] () -- C:\Users\Bernhard\Documents\14-05-2012 16;36;43.PDF
[2012.05.09 14:29:30 | 000,001,867 | ---- | C] () -- C:\Windows\lightworks.ini
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.04 22:56:45 | 000,005,632 | ---- | C] () -- C:\Users\Bernhard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.11.21 22:50:03 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011.11.21 22:50:02 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011.11.21 22:50:02 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011.11.21 22:50:02 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011.11.21 22:50:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011.11.21 22:50:01 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011.11.21 22:50:01 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011.11.21 22:50:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011.11.21 22:50:01 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011.11.21 22:50:01 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011.11.21 22:50:01 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011.11.21 22:50:01 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011.11.21 22:50:00 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011.11.21 22:50:00 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011.11.21 22:50:00 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011.11.21 22:49:59 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011.11.21 22:49:59 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011.11.21 22:49:59 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011.11.21 22:49:59 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011.11.21 22:49:59 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011.11.21 22:49:59 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011.11.21 22:48:49 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011.11.21 22:48:49 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011.11.17 19:39:46 | 000,000,600 | ---- | C] () -- C:\Users\Bernhard\AppData\Local\PUTTY.RND
[2011.11.07 12:40:03 | 000,000,421 | ---- | C] () -- C:\Users\Bernhard\AppData\Roaming\sqlite3Explorer.xml
[2011.11.06 18:11:11 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.24 13:13:21 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI
[2011.08.15 22:52:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.07.11 18:45:08 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll
[2011.04.21 12:33:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.21 12:33:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010.08.31 21:12:48 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.08.31 21:04:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.31 20:45:52 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.05.20 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\AnvSoft
[2011.12.04 22:07:07 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\avidemux
[2012.05.11 09:07:22 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\DAEMON Tools Lite
[2011.07.15 01:51:02 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Dropbox
[2012.05.20 19:04:49 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\DVDVideoSoft
[2011.11.30 22:43:40 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.11 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\e-academy Inc
[2011.10.24 23:45:36 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Epson
[2012.01.21 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\FileZilla
[2010.11.29 23:13:07 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\FVZilla
[2012.06.07 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\gtk-2.0
[2012.05.21 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Hulubulu
[2010.12.07 20:04:33 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\LolClient
[2012.05.21 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Mp3tag
[2011.11.10 18:30:14 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Notepad++
[2012.01.01 19:06:33 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Samsung
[2012.05.11 09:30:40 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Systweak
[2011.11.05 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Telefónica
[2012.01.29 00:06:11 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\The Creative Assembly
[2012.01.27 21:25:21 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Ubisoft
[2012.05.11 09:22:10 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Uniblue
[2011.11.07 21:35:36 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Webocton - Scriptly
[2010.11.26 14:47:58 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\WindSolutions
[2010.11.26 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Xilisoft
[2012.06.11 01:30:06 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.06.10 15:02:26 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012.05.11 09:51:44 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2012.05.11 09:51:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.11 01:31:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 876 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

< End of report >
         
HijackThis dies:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:53, on 11.06.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Bernhard\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Bernhard\Desktop\OTL.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Bernhard\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\d3dybse3i.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
O23 - Service: lxec_device -   - C:\Windows\system32\lxeccoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Novatel Wireless Device Helper  (NWHelper) - Novatel Wireless Inc. - C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12757 bytes
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 11.06.2012 13:48:37 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Bernhard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 42,14% Memory free
9,99 Gb Paging File | 7,59 Gb Available in Paging File | 75,95% Paging File free
Paging file location(s): C:\pagefile.sys 6139 6139 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,45 Gb Total Space | 31,08 Gb Free Space | 26,69% Space Free | Partition Type: NTFS
Drive D: | 329,78 Gb Total Space | 153,38 Gb Free Space | 46,51% Space Free | Partition Type: NTFS
 
Computer Name: BERNHARD-PC | User Name: Bernhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Free Video Zilla\FVZilla.exe" = C:\Program Files (x86)\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- ()
"C:\Program Files (x86)\Free Video Zilla\FVZilla.exe" = C:\Program Files (x86)\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8DBEE5-BE7D-428C-952E-12ED1DA0BB28}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{1CF47160-D805-4208-A57A-A3CA0EE7F2F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1E0E8E86-A63E-437A-9972-F3CDD7641590}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{210E0FAE-D644-43ED-AEF7-B05DA1E0B672}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{2AC0E576-36AF-4FEB-87A1-315BFAECFB91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{330B7387-A7DC-4641-A14C-34E5165BAC81}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{368B3674-E689-4BBF-870C-6DBB2FBAA666}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3981A4F0-0E6D-4C58-B893-955B18E6A5B1}" = lport=6974 | protocol=17 | dir=in | name=league of legends launcher | 
"{3F557EAC-FF22-44A2-9F8F-FE5768500067}" = lport=137 | protocol=17 | dir=in | app=system | 
"{40D6B55D-8B0E-4444-9346-4CA7D791E2AF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{414AB295-4610-4B6F-882C-FD893F765FDD}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{51DEDAD9-55EB-4816-BD35-064DE12DFC82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56406035-E465-49B5-9A51-4AE9C40F82D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{569BF1FD-ED0A-4955-8E6E-75A35095EC2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DFDE7D4-3160-4C04-90EE-F60E045B5766}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6D7E2E50-0259-47C4-8B22-39AAA333A6E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75AA124E-9FC0-406C-8418-ABE01DBE4DAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{78E201A1-963A-4E1C-8317-E1F2744EC77E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81B95D49-DDA6-417A-94CE-1611F0FC17F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{82803733-2002-48F5-834B-952C1A348B76}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{94DB8552-7C2F-4E5E-82D9-54F5B50E2D20}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{95CA8D92-0288-4FE9-9B03-8AA18AF41C67}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{97444878-94D7-42B4-BA5A-507980435ABD}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{9AD80BE5-6929-4F36-8B6A-0A7B5156E86A}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{AA45A428-13FF-4EC7-A616-0CF85A25F94D}" = lport=6974 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF3096CC-48F9-43D8-8E4B-196EE0906877}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B110BECA-96C1-4EFA-9E44-EA9768884C62}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{BDF4B6B7-4EFC-42EE-96CE-CAF15CC4FF26}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C0178B87-13D2-4816-8DA4-DB8D9BA17619}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{CC0A0779-3BE1-4E07-BFEA-8841FAB251FC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D6CB9A9E-4DBD-49F0-BDB0-D05080D6D10D}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{D7875D61-3106-4192-8386-630ABB96E06A}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{E34F25E8-91BD-4526-A257-1E266C0442BF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E5D46309-B35D-467C-A03E-13F5D6B78AFF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E802DB63-5B1D-459D-A258-98B0B07F144A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EFD07297-297C-4135-A954-CE76272131A3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F05E0E4B-F1EE-42B8-AC99-36D16CB595C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{F07C0D13-D528-4157-8A25-180271C45EB7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F7F8D96F-E1CB-4F8E-8465-345A346C92FF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F9869D62-7C98-4D69-B477-8DA8A99B5A5A}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068B314D-05B1-4EE0-836C-9E6E79C01969}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0CFFB919-EC07-4D4C-ADE1-FC2DE4E148B3}" = protocol=17 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe | 
"{0F9FAA1E-4DF2-4EB1-BF79-9FB50B863C9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{109011D6-43DB-4C34-97AA-A251A395044B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{191E46F1-0557-4DB3-AC00-E14F082C043E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{19D0AE5D-D3B9-4205-A590-B9BA36659E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{1EDA03A2-6180-406E-B577-9239C490CC99}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{1FCB7B3E-76F8-4568-B48C-BFC84A9DBBA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20443C25-EDCF-41DC-982B-7A2EFBFACB45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22B52D49-B8CF-417E-A526-D78E224C891F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2329B52F-CC74-4FE3-9C9F-33BBDA95F8FA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{232D5B41-413E-4332-9375-15CA5D81EED1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{234A125A-29A9-448F-878C-69EBCB1ECCDE}" = protocol=6 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe | 
"{26911D87-DCFE-4922-BFAD-60F96B329397}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{2AA3FB05-3F10-4B33-810A-E56B0BA7E185}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{31604E84-2514-43A6-9CCE-1ABFECAD9303}" = protocol=6 | dir=in | app=c:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe | 
"{34A20449-1BFE-415C-826E-0D90FCFBEEBD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3BB8248A-3A44-47D3-A90F-6D912E3FF87E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{416D1303-C4FD-415A-9B24-FFCC041D3BFC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44DE2881-F2EA-4F98-9108-96961DB21CD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{473A18D2-2DC7-4D7D-BE63-BFFEE48FFA12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{47996145-AE7F-41C1-8B92-24355B31C30E}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{47DD9A14-3055-426B-944C-A2F6371D6096}" = protocol=6 | dir=out | app=system | 
"{48CA0683-234B-4DF3-AB53-48D7A62FDF70}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{48D76788-A9C9-4396-ADD8-40DFC0A40BC9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{4986DF78-AB2A-4881-8EBC-F117421A3806}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{4CC3A768-89A3-4E2E-9E37-C16DEF9B3F62}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{50CC6213-3C23-4A53-8E72-DCBCE000C51E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{51035C80-1126-4BF5-BFE2-3A0156A43DAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{536A941C-AC68-4286-8470-E817ECC7254A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{537ADD56-008B-4CA1-A59B-6D8771BA6612}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54EF4EDD-BD9D-4C6C-B18F-AD216CDAFC08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{55CAD36D-37C9-4C62-AFCA-6E56000A6BFA}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{576A8951-B2BA-4113-9946-146E9C441141}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{57716A17-9669-4613-B44D-4C983A207D6F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5892272B-EC5A-4048-8EDD-B6D76BFBFBF9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{5ADFCF35-F4D8-4CC2-81AC-F0F409354A8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5AE97971-88C2-47E8-95FD-061F568E8C53}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6171C1C7-01AD-4ED3-9BF3-E4758ABF6722}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{642D1D63-0C5F-4C63-901B-3D22491E7396}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{67E17C88-493C-4B93-8FE1-E76E7C1D1BB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6A61555E-F5D5-422C-B0E0-7344305EA75D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{767A4D45-472A-4B31-BC13-4900DFA7C259}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{7B46AA27-6A1B-4755-B550-A2CEC000A5D7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{899274AB-2578-4E87-9349-52B60584358A}" = protocol=17 | dir=in | app=c:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8A92448F-0C87-4F28-8F22-65838B19C28E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{8E1076F5-A980-47EC-A405-E4FBF3C03F8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8E33D352-851F-42E8-9F07-45AEB43E1BA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{98856EB5-B7F6-4215-A71D-AC96C3BF6F27}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{9A17FA2C-A425-4914-8CDE-CA2A2A869263}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9E5A72A6-49D4-4329-86BE-EBB3F7A0F2EB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{9FB8FE3F-0BD4-450A-B3BA-405159F032C8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A274AF93-CD28-4042-B362-2022EAE25186}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{A2F93524-1EA0-4D83-AE57-8045AB8033C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{A2FF5C8A-F89D-4BA2-BB46-7DC856C59C52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A499F9B5-D148-45A2-BE23-FDBE799F500E}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{A49A4BDE-8440-4E5F-8C1F-4AA699BE2B43}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{A54AD496-1555-405B-8811-E8F3871B4667}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{AA7BA9B4-6CD2-4608-B83B-68DF70061A97}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{AA9B916F-60A1-4FF9-9630-E176E6299408}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ABF28236-0D6E-4BF4-AD17-F7382A1EEDB4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{AEEBC91F-9EAF-41DD-BF98-7C93F654675D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{B3B80611-04D5-40E8-8031-BFC1075C5625}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{BA49D4B7-8DDB-43CB-B1B9-312773B7BA46}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{BF7E10F0-50F9-4042-9580-17A49EEFD727}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{BF826C44-9FB5-4EBE-9301-0C2B7319F3A0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C134DD7D-7E6B-42B6-B3CA-75601E997196}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{C664B585-A1B2-4F91-894C-A6B43B345546}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{C7B14A49-8C5F-4691-A18C-667774D7A0EE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CA3A4428-F354-4121-8D17-5BA3FD98974F}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{CCE75252-A425-4670-8E06-5ACB13EB91C1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{CE3E0102-3D54-4E6A-AD9D-03C9988A03C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE85B927-0630-4C9D-A33B-A271744599FD}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{D1CA8D7E-DA1C-4E26-9AB3-41E2C4A587C3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{D3138D20-8A1C-4326-ADE9-AC5384076516}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D4ADEE20-2D52-4F5D-A2B8-1910E9C5A94E}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{D7AE25E2-1FA5-4D6A-8F65-46D8CE35A0D5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D890D46C-D713-4765-9FCB-678D7C95B159}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{DA7C5C96-21AC-4C63-B85F-62C4D60798F6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{DC6AA798-5B77-4236-94D7-5B5D72E838AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DFF73A27-BD16-4E9E-83B4-F2C4BFDD30BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{E6D256A1-87CE-445C-A468-893747432855}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{ED2B15E6-211B-4FA3-9F5B-C9612C7E1AA7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{EF29F835-DCB2-4546-9577-63A7C0E41BB0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F2974E51-7E42-4E4C-B198-527454F00D18}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{F3F9438F-0984-44E3-8D5B-EE01F693018D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F742A887-0F89-407A-BB88-024E70CD9FF0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{F8F50270-BC99-433F-A072-5B95F6AC2E2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA58AE99-32D2-4EB1-A04C-E14205164F6A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{FB201EB3-13E7-43FA-BF34-BC4D93601D22}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{FF2FFB44-A4CD-40D7-9083-AB4E33C93E2E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"TCP Query User{11D53D8B-B999-44D8-A747-0613544D12CC}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{3051574A-1681-450B-A3B2-70C412DFDC75}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{3D46D0EC-14AC-4BBE-8004-84F525479A23}D:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"TCP Query User{60F494DD-DD0A-4E97-9DF8-F6C3A52EB4DE}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{764A2865-471E-45E8-9B2F-AABC45BA506A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{7F2E4B0A-3A13-4D94-B125-85B7463A2890}C:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C6610C35-13ED-4601-A6B6-0249BE4875F6}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe | 
"TCP Query User{CCBA72FD-CD45-48C3-93ED-47D9E6AAA3E0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{09056D0A-7DDB-4CD4-B658-B395AFF592D6}D:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"UDP Query User{2583C417-8C8B-4C77-8F65-C1A1CFDA131E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{25B1E485-7F00-4112-BD29-C6AD2042DDB0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{34779C59-0ABA-4B6B-B5EE-9AFD02804F41}C:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4F80081E-7EE1-4C61-8CE4-4F4CE1682304}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{5547C8B4-7A09-48A5-9E98-22271B1308A2}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{9F917DC5-0DF3-44F3-85CD-6690399B9523}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe | 
"UDP Query User{C294206D-F425-4A06-957E-54372116C000}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding
"{412FF2A0-2E34-436B-8A0A-9E4EF32E913E}" = Option WWAN Driver 5.0.32.0 Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5581B78C-609A-4AA0-BFAB-64A847C0A4E6}" = Outlook Sync Db 2010
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5DBC38C9-D776-3050-FD3E-F4B5E99CCDDC}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{63591AAA-97F0-24A8-3EBD-174B5E35D6BF}" = ccc-utility64
"{63FC1F01-1232-B654-0C07-E1CD91B760E0}" = AMD Media Foundation Decoders
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = Option WWAN Driver 5.0.32.0 Installer 
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"EPSON SX125 Series" = Druckerdeinstallation für EPSON SX125 Series
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"ZTE USB Driver" = ZTE USB Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02D0DF6E-BE8D-66B0-3C3F-ED0F395DF765}" = CCC Help Finnish
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1395B38D-5889-19E5-D02E-BD1A02BF373B}" = CCC Help Spanish
"{13D5F9B6-D70A-DCCA-A00D-E43839CDFA83}" = CCC Help Chinese Standard
"{1410D707-A9C3-2E70-9476-2427EC18134F}" = CCC Help Turkish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46AFD359-AAE9-2843-B7CE-10FB46C76E99}" = CCC Help German
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57D5FAFB-30E8-63EB-D4F7-07298597578F}" = AMD VISION Engine Control Center
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7322467B-FAD1-5529-C4EF-7EA4BC17C0A2}" = CCC Help Korean
"{74E4B282-F25A-53A1-BBA5-7A3EFB90FAF4}" = CCC Help Japanese
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AC115AA-27D2-4024-6E7D-D9FCD93D0487}" = CCC Help Portuguese
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91EDBF6E-2260-646A-4D80-CB0802132736}" = Catalyst Control Center Localization All
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{931AED36-CF8A-F34F-8C13-5C19010DF6C6}" = CCC Help French
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9E75789D-E176-A72B-DE9E-D2AE63FE601B}" = Catalyst Control Center Graphics Previews Common
"{9F711CB6-8E76-63DA-6ABA-C21B7C839CA5}" = CCC Help Russian
"{A0E52598-872B-9E9A-181F-1A80C6AA4493}" = CCC Help Italian
"{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFA7A60F-D018-AF0D-47E9-A13D0219E86A}" = CCC Help Thai
"{C3C35CB3-82B6-F36F-B39A-B2AFAA74F7D2}" = CCC Help Norwegian
"{C47C2F4D-4419-D823-C272-325FD9B92415}" = CCC Help Czech
"{C68C6E34-A103-F7BC-8682-C1C4190BAC1F}" = CCC Help Greek
"{D0251102-442C-6FE0-4FDC-2ACF2AD2A2A5}" = CCC Help English
"{D2A90CAF-AF34-C526-D4C7-AE4FF4547B66}" = CCC Help Polish
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E5C76964-F17B-7FCB-958F-1C067A2D217C}" = CCC Help Swedish
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7E76AEC-266C-C1A0-E39B-21AB97402CA1}" = CCC Help Chinese Traditional
"{E7F12C4C-9932-A039-4FAC-CAD1672EB633}" = CCC Help Hungarian
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{EBE9A607-31AB-696D-5220-5098B61AA9B2}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAF4DB9-943E-97E5-051C-DC6C4E7094C0}" = CCC Help Danish
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.3.8
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.3
"FormatFactory" = FormatFactory 2.70
"Fraps" = Fraps
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Video Zilla_is1" = Free Video Zilla
"Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader
"JDownloader" = JDownloader
"JPG2PDF_is1" = JPG2PDF 2.2
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"Notepad++" = Notepad++
"o2DE" = Mobile Connection Manager
"PokerStars.net" = PokerStars.net
"RealPlayer 12.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"Security Task Manager" = Security Task Manager 1.8d
"SpeedFan" = SpeedFan (remove only)
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 40390" = Risen 2 - Dark Waters
"SubtitleCreator" = SubtitleCreator
"VLC media player" = VLC media player 1.1.5
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2012 14:14:49 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 23.05.2012 14:30:54 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.05.2012 13:12:39 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 25.05.2012 14:04:41 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.05.2012 21:53:56 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 25.05.2012 22:39:57 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.05.2012 07:19:57 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 26.05.2012 11:53:58 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.05.2012 12:34:11 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.05.2012 14:27:03 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
[ System Events ]
Error - 11.06.2012 06:23:55 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:38 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:38 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:38 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:38 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:39 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:39 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:39 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:39 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.06.2012 07:28:48 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
Muss ich das System neu aufsetzen? Habe nämlich keine Windows CD vom Notebookhersteller bekommen und auch keinen Code aufkleben, nur die Garantie und die OS-Bezeichnung. Vor allem traue ich mich nicht, meine persönlichen Daten zu sichern, könnten ja kompromittiert sein.

Zu Kykymber finde ich nichts brauchbares in Google, nur etwa 6 Mrd Virenscanner, die sich mein Geld unter den Nagel reißen wollen.

Bin für jede Hilfe dankbar.

Alt 11.06.2012, 13:42   #2
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Ich muss dir leider sagen, dass das sehr holprig werden kann. Der Schädling, den du im April ignoriert hast, kann mehr als unangenehm werden und wie es aussieht, ist er nach wie vor aktiv.


Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 2: Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 11.06.2012, 15:35   #3
Numitor
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Schonmal danke für die schnelle Antwort.

aswMBR spuckt Folgendes aus:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 16:12:33
-----------------------------
16:12:33.794    OS Version: Windows x64 6.1.7601 Service Pack 1
16:12:33.794    Number of processors: 2 586 0x603
16:12:33.795    ComputerName: BERNHARD-PC  UserName: Bernhard
16:12:34.586    Initialize success
16:12:58.783    AVAST engine defs: 12061100
16:14:20.100    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
16:14:20.105    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
16:14:20.126    Disk 0 MBR read successfully
16:14:20.131    Disk 0 MBR scan
16:14:20.142    Disk 0 Windows 7 default MBR code
16:14:20.148    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    20002 MB offset 63
16:14:20.172    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119240 MB offset 40965750
16:14:20.179    Disk 0 Partition - 00     0F Extended LBA            337695 MB offset 285171712
16:14:20.208    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       337694 MB offset 285173760
16:14:20.235    Disk 0 scanning C:\Windows\system32\drivers
16:14:32.892    Service scanning
16:15:06.103    Modules scanning
16:15:06.125    Disk 0 trace - called modules:
16:15:06.514    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
16:15:06.528    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b01060]
16:15:06.536    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004a8eb80]
16:15:06.541    5 amdxata.sys[fffff880011537a8] -> nt!IofCallDriver -> \Device\00000071[0xfffffa8004a89060]
16:15:07.497    AVAST engine scan C:\Windows
16:15:10.686    AVAST engine scan C:\Windows\system32
16:18:55.543    AVAST engine scan C:\Windows\system32\drivers
16:19:13.545    AVAST engine scan C:\Users\Bernhard
16:25:08.563    AVAST engine scan C:\ProgramData
16:26:31.501    Disk 0 MBR has been saved successfully to "C:\Users\Bernhard\Desktop\MBR.dat"
16:26:31.510    The log file has been saved successfully to "C:\Users\Bernhard\Desktop\aswMBR.txt"
         
tdsskiller ist zu groß, deshalb im Anhang
__________________

Alt 11.06.2012, 15:47   #4
Numitor
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Parameter vergessen, tut mir leid

Alt 12.06.2012, 06:54   #5
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 12.06.2012, 08:47   #6
Numitor
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



So hier. Bin noch eine 3/4 Std da dann noch ab 18.00.


Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-11.05 - Bernhard 12.06.2012   8:48.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.2452 [GMT 2:00]
ausgeführt von:: c:\users\Bernhard\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\SPL1E32.tmp
c:\users\Bernhard\4.0
c:\users\Bernhard\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\users\Bernhard\Favorites\bookmarks-2012-03-22.json
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\muzapp.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))
.
.
2012-06-12 07:01 . 2012-06-12 07:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-11 10:54 . 2012-06-11 10:54	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\e-academy Inc
2012-06-11 10:54 . 2012-06-11 10:54	--------	d-----w-	c:\users\Bernhard\AppData\Local\e-academy Inc
2012-06-09 01:11 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-09 01:11 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-09 01:11 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-09 01:11 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-09 01:10 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-09 01:10 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-09 01:10 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-09 01:10 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-09 01:10 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-08 06:57 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDE86759-8501-4A73-BEFD-5A0B9E398C63}\mpengine.dll
2012-06-06 08:57 . 2012-06-06 08:57	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 08:57 . 2012-06-06 08:57	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-02 14:59 . 2012-06-02 14:59	354304	----a-w-	c:\windows\system32\poua7stgo.dll
2012-05-30 06:29 . 2012-05-30 06:29	71680	----a-w-	c:\windows\system32\frapsv64.dll
2012-05-30 06:29 . 2012-05-30 06:29	65536	----a-w-	c:\windows\SysWow64\frapsvid.dll
2012-05-29 07:37 . 2012-05-29 07:37	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-21 12:46 . 2012-05-21 12:59	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Mp3tag
2012-05-21 12:46 . 2012-05-21 12:46	--------	d-----w-	c:\program files (x86)\Mp3tag
2012-05-21 12:41 . 2012-05-21 12:41	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Hulubulu
2012-05-21 12:37 . 2012-05-21 12:37	--------	d-----w-	c:\windows\Downloaded Installations
2012-05-20 17:18 . 2012-05-20 17:18	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\AnvSoft
2012-05-20 17:17 . 2012-05-20 17:17	--------	d-----w-	c:\program files (x86)\AnvSoft
2012-05-20 17:04 . 2012-04-18 11:49	405176	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-20 14:03 . 2012-03-22 11:43	2557952	----a-w-	c:\windows\SysWow64\QtCore4.dll
2012-05-17 08:52 . 2012-05-17 08:52	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-14 17:19 . 2012-06-07 15:06	--------	d-----w-	c:\program files (x86)\Diablo III
2012-05-14 17:19 . 2012-05-14 17:47	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-05-14 17:19 . 2012-05-14 17:47	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-14 11:19 . 2012-05-14 11:19	--------	d-----w-	c:\programdata\Battle.net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 08:52 . 2011-09-07 11:17	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 07:50 . 2012-05-11 07:38	1668	----a-w-	c:\windows\system32\ASOROSet.bin
2012-05-11 07:05 . 2012-05-11 07:05	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-08 16:36 . 2012-03-24 11:59	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:36 . 2012-03-24 11:59	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-05-25 03:07	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-08-31 18:58	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-05-25 02:58	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-08-31 18:58	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-08-31 18:58	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-08-31 18:58	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-05-25 02:24	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2010-08-31 18:58	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-04-04 13:56 . 2012-04-14 15:17	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-11 07:11	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 07:11	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 07:11	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-11 07:11	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-11 07:10	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-11 07:10	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-26 3077528]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-31 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R4 GtDetectSc;GtDetectSc;c:\program files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [2009-05-04 809984]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 135664]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 135664]
R4 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-25 2152720]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [2009-12-04 111904]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-14 17152]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f84e55c-9b36-11e1-ab0c-485b3998c3f1}]
\shell\AutoRun\command - F:\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 08:52]
.
2012-06-11 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-05-11 12:59]
.
2012-05-11 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-05-11 12:59]
.
2012-06-12 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-05-11 12:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=14597
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: imdb.com\secure
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
d:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-12  09:23:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-12 07:23
.
Vor Suchlauf: 13 Verzeichnis(se), 32.578.469.888 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 32.331.382.784 Bytes frei
.
- - End Of File - - 085C8BC7C7DD9BACC83492A3760B3C0D
         
--- --- ---
Ereignisanzeige meldet auch ständig das hier, und das schon seit April:

Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Geändert von Numitor (12.06.2012 um 09:07 Uhr)

Alt 12.06.2012, 09:08   #7
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Mehrere Anti-Virus-Programme
Code:
ATTFilter
AV: Avira
Lavasoft Ad-Watch Live! Anti-Virus
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software. Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.
Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 12.06.2012, 09:20   #8
Numitor
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Habe Ad-Aware deinstalliert.
Mehr hilft wohl nicht mehr

Alt 12.06.2012, 09:46   #9
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
FILE::
c:\windows\system32\poua7stgo.dll
C:\Windows\SysWOW64\UpdSvc.dll
DRIVER::
Update-Service
DNScache
CLEARJAVACACHE::
REGISTRY::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f84e55c-9b36-11e1-ab0c-485b3998c3f1}]
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2: MBAM



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 12.06.2012, 21:50   #10
Numitor
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Hier der Log von Combofix

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-12.01 - Bernhard 12.06.2012  19:02:58.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.2821 [GMT 2:00]
ausgeführt von:: c:\users\Bernhard\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bernhard\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\poua7stgo.dll"
"c:\windows\SysWOW64\UpdSvc.dll"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\poua7stgo.dll
c:\windows\SysWOW64\UpdSvc.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Dnscache
-------\Service_Update-Service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))
.
.
2012-06-11 10:54 . 2012-06-11 10:54	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\e-academy Inc
2012-06-11 10:54 . 2012-06-11 10:54	--------	d-----w-	c:\users\Bernhard\AppData\Local\e-academy Inc
2012-06-09 01:11 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-09 01:11 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-09 01:11 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-09 01:11 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-09 01:10 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-09 01:10 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-09 01:10 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-09 01:10 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-09 01:10 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-08 06:57 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDE86759-8501-4A73-BEFD-5A0B9E398C63}\mpengine.dll
2012-06-06 08:57 . 2012-06-06 08:57	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 08:57 . 2012-06-06 08:57	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-30 06:29 . 2012-05-30 06:29	71680	----a-w-	c:\windows\system32\frapsv64.dll
2012-05-30 06:29 . 2012-05-30 06:29	65536	----a-w-	c:\windows\SysWow64\frapsvid.dll
2012-05-29 07:37 . 2012-05-29 07:37	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-21 12:46 . 2012-05-21 12:59	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Mp3tag
2012-05-21 12:46 . 2012-05-21 12:46	--------	d-----w-	c:\program files (x86)\Mp3tag
2012-05-21 12:41 . 2012-05-21 12:41	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\Hulubulu
2012-05-21 12:37 . 2012-05-21 12:37	--------	d-----w-	c:\windows\Downloaded Installations
2012-05-20 17:18 . 2012-05-20 17:18	--------	d-----w-	c:\users\Bernhard\AppData\Roaming\AnvSoft
2012-05-20 17:17 . 2012-05-20 17:17	--------	d-----w-	c:\program files (x86)\AnvSoft
2012-05-20 17:04 . 2012-04-18 11:49	405176	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-20 14:03 . 2012-03-22 11:43	2557952	----a-w-	c:\windows\SysWow64\QtCore4.dll
2012-05-17 08:52 . 2012-05-17 08:52	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-14 17:19 . 2012-06-07 15:06	--------	d-----w-	c:\program files (x86)\Diablo III
2012-05-14 17:19 . 2012-05-14 17:47	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-05-14 17:19 . 2012-05-14 17:47	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-14 11:19 . 2012-05-14 11:19	--------	d-----w-	c:\programdata\Battle.net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 08:52 . 2011-09-07 11:17	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 07:50 . 2012-05-11 07:38	1668	----a-w-	c:\windows\system32\ASOROSet.bin
2012-05-11 07:05 . 2012-05-11 07:05	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-08 16:36 . 2012-03-24 11:59	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:36 . 2012-03-24 11:59	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-05-25 03:07	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-08-31 18:58	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-05-25 02:58	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-08-31 18:58	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-08-31 18:58	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-08-31 18:58	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-05-25 02:24	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2010-08-31 18:58	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-04-04 13:56 . 2012-04-14 15:17	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-11 07:11	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 07:11	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 07:11	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-11 07:11	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-11 07:10	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-11 07:10	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-12_07.04.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-31 18:59 . 2012-06-12 16:11	78162              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-12 16:11	45234              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-18 22:06 . 2012-06-12 16:11	17268              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-333037292-1054110904-1588077299-1001_UserData.bin
- 2010-11-18 22:06 . 2012-06-12 07:05	17268              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-333037292-1054110904-1588077299-1001_UserData.bin
- 2010-11-22 22:01 . 2012-06-12 07:03	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-22 22:01 . 2012-06-12 16:08	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-22 22:01 . 2012-06-12 07:03	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-22 22:01 . 2012-06-12 16:08	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-22 22:01 . 2012-06-12 16:08	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-22 22:01 . 2012-06-12 07:03	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-12 07:03 . 2012-06-12 07:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 17:12 . 2012-06-12 17:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-12 07:03 . 2012-06-12 07:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-12 17:12 . 2012-06-12 17:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-12 07:02	389632              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-12 17:11	389632              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-29 16:11 . 2012-06-12 17:11	30607328              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-333037292-1054110904-1588077299-1001-12288.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-26 3077528]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-31 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R4 GtDetectSc;GtDetectSc;c:\program files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [2009-05-04 809984]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 135664]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 135664]
R4 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [2009-12-04 111904]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 08:52]
.
2012-06-11 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-05-11 12:59]
.
2012-05-11 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-05-11 12:59]
.
2012-06-12 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-05-11 12:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Bernhard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=14597
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: imdb.com\secure
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
d:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\AsScrPro.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-12  19:31:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-12 17:31
ComboFix2.txt  2012-06-12 07:23
.
Vor Suchlauf: 18 Verzeichnis(se), 32.967.569.408 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 32.533.069.824 Bytes frei
.
- - End Of File - - 30F80CFE71051288917B5CF8D7715BFD
         
--- --- ---
Hier der Log von MBAM

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernhard :: BERNHARD-PC [Administrator]

11.06.2012 21:12:57
mbam-log-2012-06-11 (21-12-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 483064
Laufzeit: 58 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Avira hat heute Morgen noch einen AGENT Fund in System32 gemeldet (nur in der Ereignisanzeige)

Alt 13.06.2012, 08:48   #11
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Zitat:
Avira hat heute Morgen noch einen AGENT Fund in System32 gemeldet (nur in der Ereignisanzeige)
Poste mir das entsprechende Log von Avira!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.06.2012, 13:11   #12
Numitor
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Das hier war die letzte Infektionsmeldung.

Code:
ATTFilter
Protokollname: Application
Quelle:        Avira Antivirus
Datum:         12.06.2012 08:11:09
Ereignis-ID:   4113
Aufgabenkategorie:Infektion
Ebene:         Warnung
Schlüsselwörter:Klassisch
Benutzer:      SYSTEM
Computer:      Bernhard-PC
Beschreibung:
AntiVir erkannte in der Datei C:\Windows\System32\xpty0h43.tsp verdächtigen Code mit der Bezeichnung 'TR/ATRAPS.Gen'!
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Avira Antivirus" />
    <EventID Qualifiers="32768">4113</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-06-12T06:11:09.000000000Z" />
    <EventRecordID>30538</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Bernhard-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>TR/ATRAPS.Gen</Data>
    <Data>C:\Windows\System32\xpty0h43.tsp</Data>
    <Data>0x0</Data>
    <Data>
    </Data>
  </EventData>
</Event>
         
Von Avira selbst kriege ich nur den:
Code:
ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 11. Juni 2012  12:01

Es wird nach 3814688 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Bernhard
Computername   : BERNHARD-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 16:36:44
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 16:36:44
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 16:36:45
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 16:36:46
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 16:36:36
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 10:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 07:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 12:01:15
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 17:21:25
VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 16:36:35
VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 16:36:35
VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 16:36:35
VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 16:36:35
VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 16:36:35
VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 16:36:35
VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 16:36:35
VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 16:36:35
VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 16:36:35
VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 15:57:08
VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 17:20:49
VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 22:54:20
VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 18:21:12
VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 07:21:59
VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 12:44:54
VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 12:45:19
VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 15:00:52
VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 18:46:38
VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 18:46:41
VBASE024.VDF   : 7.11.32.86      2048 Bytes  08.06.2012 18:46:41
VBASE025.VDF   : 7.11.32.87      2048 Bytes  08.06.2012 18:46:41
VBASE026.VDF   : 7.11.32.88      2048 Bytes  08.06.2012 18:46:41
VBASE027.VDF   : 7.11.32.89      2048 Bytes  08.06.2012 18:46:41
VBASE028.VDF   : 7.11.32.90      2048 Bytes  08.06.2012 18:46:41
VBASE029.VDF   : 7.11.32.91      2048 Bytes  08.06.2012 18:46:41
VBASE030.VDF   : 7.11.32.92      2048 Bytes  08.06.2012 18:46:41
VBASE031.VDF   : 7.11.32.116    77824 Bytes  10.06.2012 23:34:57
Engineversion  : 8.2.10.80 
AEVDF.DLL      : 8.1.2.8       106867 Bytes  02.06.2012 15:00:51
AESCRIPT.DLL   : 8.1.4.24      450939 Bytes  01.06.2012 12:46:03
AESCN.DLL      : 8.1.8.2       131444 Bytes  24.03.2012 12:01:19
AESBX.DLL      : 8.2.5.10      606580 Bytes  30.05.2012 10:31:56
AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 07:55:37
AEPACK.DLL     : 8.2.16.16     807288 Bytes  30.05.2012 10:31:47
AEOFFICE.DLL   : 8.1.2.28      201082 Bytes  26.04.2012 21:13:43
AEHEUR.DLL     : 8.1.4.36     4874615 Bytes  01.06.2012 12:46:00
AEHELP.DLL     : 8.1.21.0      254326 Bytes  12.05.2012 13:24:35
AEGEN.DLL      : 8.1.5.28      422260 Bytes  26.04.2012 21:13:40
AEEXP.DLL      : 8.1.0.44       82293 Bytes  30.05.2012 10:31:56
AEEMU.DLL      : 8.1.3.0       393589 Bytes  31.01.2012 07:55:34
AECORE.DLL     : 8.1.25.10     201080 Bytes  01.06.2012 12:45:22
AEBB.DLL       : 8.1.1.0        53618 Bytes  31.01.2012 07:55:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 16:36:43
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 16:36:44
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 16:36:46
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 16:36:44
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 16:36:44
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 16:36:45
AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 16:36:44
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 16:36:45
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 16:36:44
RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 16:36:44

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Bernhard\AppData\Local\Temp\31258352.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 11. Juni 2012  12:01

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Bernhard\Desktop\d3dybse3i.dll'
C:\Users\Bernhard\Desktop\d3dybse3i.dll
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen
Beginne mit der Suche in 'C:\Users\Bernhard\Desktop\nsp4gkpf.dll'
C:\Users\Bernhard\Desktop\nsp4gkpf.dll
  [FUND]      Ist das Trojanische Pferd TR/PSW.Kykymber.ceig

Beginne mit der Desinfektion:
C:\Users\Bernhard\Desktop\nsp4gkpf.dll
  [FUND]      Ist das Trojanische Pferd TR/PSW.Kykymber.ceig
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '562d6385.qua' verschoben!
C:\Users\Bernhard\Desktop\d3dybse3i.dll
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ec64ce2.qua' verschoben!


Ende des Suchlaufs: Montag, 11. Juni 2012  12:02
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
      2 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
      0 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      2 Hinweise
         
Die letzte Meldung in der Anzeige war um 08:11, also vor dem ersten Combofix-Durchlauf.

Alt 13.06.2012, 13:26   #13
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



VT


Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
    C:\Windows\System32\xpty0h43.tsp
             
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.06.2012, 15:57   #14
Numitor
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



Die Datei ist nicht auffindbar. Weder in der Avira-Quarantäne noch beim Defender und auch nicht im Verzeichnis

Alt 14.06.2012, 08:08   #15
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Standard

TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64



CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
FILELOOK::
C:\Windows\System32\xpty0h43.tsp
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64
.com, acrobat update, ad-aware, alternate, antivir, audacity, avira, bho, converter, dateisystem, device driver, ebanking, error, firefox, flash player, geld, google, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, home, install.exe, jdownloader, langsam, league of legends, logfile, microsoft office word, mp3, neu aufsetzen, office 2007, pando media booster, plug-in, pup.toolbardownloader, realtek, regclean, regclean pro, scan, searchscopes, security, senden, software, svchost.exe, system neu, usb 2.0, windows




Ähnliche Themen: TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  3. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  4. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  5. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  6. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  8. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  9. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  10. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  11. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  12. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  13. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  14. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...} und JAVA/Dldr.Lamar.CI
    Mülltonne - 09.07.2012 (2)
  15. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  16. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  17. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)

Zum Thema TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 - Avira spuckt mir folgende Funde aus: Typ: Datei Quelle: C:\Windows\SysWOW64\d3dybse3i.dll Status: Infiziert Quarantäne-Objekt: 4a3d8f14.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.42 Virendefinitionsdatei: 7.11.27.144 Meldung: - TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64...
Archiv
Du betrachtest: TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.