Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 15.06.2012, 22:29   #1
gandalf12
 
Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe - Standard

Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe



Hallo!

Mein PC ist vom

(Trojan.Spyeyes)
(Adware.Onlinegames)
(Trojan.Agent.Gen)

befallen!

Bitte helft mir! alle Dateien aus Eigene Dateien weg bzw unsichtbar...
Was habe ich bis jetzt ungternommen?:

Die Punkte wie hier beschrieben durchgearbeitet.

Die Schädlinge sind noch drauf da es geheißen hat sie nicht ohne Anweisung zu löschen.....




1.OTLOTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 15.06.2012 20:53:31 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 82,10% Memory free
5,09 Gb Paging File | 4,76 Gb Available in Paging File | 93,36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 126,88 Gb Free Space | 42,57% Space Free | Partition Type: NTFS
Drive J: | 149,05 Gb Total Space | 75,51 Gb Free Space | 50,66% Space Free | Partition Type: NTFS
Drive K: | 7,36 Gb Total Space | 5,45 Gb Free Space | 74,02% Space Free | Partition Type: FAT32
 
Computer Name: MARCO | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.15 20:01:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2011.10.28 20:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.09 00:03:44 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011.12.05 13:55:56 | 000,193,904 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011.12.05 13:54:51 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011.10.28 20:35:28 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011.10.28 20:35:28 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011.10.28 20:35:26 | 000,591,232 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2010.02.10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.01 19:59:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 19:59:20 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.01 19:59:20 | 000,340,136 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.01 19:59:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.28 20:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.12.13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010.09.17 21:02:56 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.24 19:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.02.05 14:43:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Programme\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008.05.29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.12.11 15:00:00 | 000,692,808 | ---- | M] (Mirko Böer) [Auto | Stopped] -- c:\Programme\trafficmonitor\TMPacketServiceInit.exe -- (TMPService)
SRV - [2007.05.11 03:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Marco_St\LOKALE~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.06.15 18:43:11 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012.05.01 19:59:22 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.01 19:59:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.28 20:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011.10.28 20:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.04.14 16:23:17 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.12.13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010.02.25 17:12:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 17:12:31 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.12.30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.09.02 14:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.01.20 12:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.11.04 04:21:04 | 000,083,296 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.09.26 10:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008.09.25 18:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008.08.28 23:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.24 11:30:30 | 000,022,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mam3Wdm.sys -- (MAM3_01)
DRV - [2008.06.24 11:30:12 | 000,028,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mam3.sys -- (MAM3_AA) Service for ESI MAYA44 Audio Driver (EWDM)
DRV - [2008.01.14 10:46:08 | 001,867,840 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2007.04.16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005.06.02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.02.23 19:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001.11.05 11:56:00 | 000,032,960 | ---- | M] (ALCATech GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS -- (MarxDev1)
DRV - [1997.12.23 02:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ASPI32.OLD -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.03.03 11:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.23 06:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.22 17:56:06 | 000,000,000 | ---D | M]
 
[2011.12.12 23:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.21 15:08:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.04.15 08:41:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 21:34:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.10 20:11:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.21 01:20:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.21 01:20:52 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.26 18:36:21 | 000,002,047 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.04.21 01:20:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.21 01:20:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.21 01:20:52 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [bjowggdyhclfonx] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bjowggdy.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Cmaudio8788GX] C:\WINDOWS\system\CMGxMon.exe ()
O4 - HKLM..\Run: [CnOServerLauncher] C:\WINDOWS\System32\CNOServerLauncher.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268222350281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{475A6CB9-B217-45DA-8FD4-57A5C96EBC8A}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.10 16:05:32 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.15 20:52:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.06.15 20:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2012.06.15 19:56:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE
[2012.06.15 19:56:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.06.15 19:55:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.15 19:55:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.15 19:55:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.15 19:55:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.15 18:55:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2012.06.15 18:49:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2012.06.15 18:38:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mqkeqkmdcximyst
[2012.05.25 22:15:15 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.05.25 22:15:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.05.25 22:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinZip
[2012.05.25 22:04:53 | 000,000,000 | ---D | C] -- C:\Programme\WinZip
[2012.05.19 17:22:27 | 000,000,000 | ---D | C] -- C:\TEMP
[2012.05.19 12:06:57 | 000,000,000 | ---D | C] -- C:\Programme\Diablo III
[2012.05.19 12:06:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Diablo III
[2012.05.19 11:25:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.04 17:30:33 | 000,001,670 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
[2012.12.04 17:30:33 | 000,001,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2012.06.15 20:51:20 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.06.15 20:03:14 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\i2s67e5f.exe
[2012.06.15 20:01:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.06.15 20:00:46 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
[2012.06.15 19:55:59 | 000,000,775 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.15 18:48:35 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.06.15 18:48:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.15 18:48:14 | 002,073,848 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2012.06.15 18:43:50 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.06.15 18:43:49 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 18:38:43 | 000,000,052 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ogkprofuklurkcl
[2012.06.15 18:38:40 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wwvbkzum.exe
[2012.06.15 18:38:40 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hspnbshr.exe
[2012.06.15 18:38:40 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fxfgigry.exe
[2012.06.15 18:38:40 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bjowggdy.exe
[2012.06.15 18:29:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 16:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2012.06.15 15:54:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.15 15:54:38 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 21:16:38 | 000,449,162 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.14 21:16:38 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.14 21:16:38 | 000,080,732 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.14 21:16:38 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.14 21:11:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.07 19:28:44 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.05.19 13:17:00 | 000,000,824 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Diablo III.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.04 17:30:33 | 000,001,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2012.06.15 20:51:20 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.06.15 20:49:56 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\i2s67e5f.exe
[2012.06.15 20:49:55 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
[2012.06.15 19:55:59 | 000,000,775 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.15 18:38:43 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wwvbkzum.exe
[2012.06.15 18:38:43 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bjowggdy.exe
[2012.06.15 18:38:42 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fxfgigry.exe
[2012.06.15 18:38:40 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hspnbshr.exe
[2012.06.15 18:38:40 | 000,000,052 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ogkprofuklurkcl
[2012.05.19 12:06:57 | 000,000,824 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Diablo III.lnk
[2012.02.16 16:18:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.10 17:19:37 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011.12.10 12:42:01 | 012,177,408 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2011.12.09 15:17:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.12.09 15:17:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.11.24 21:06:47 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2011.11.20 12:23:11 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2011.11.13 13:30:55 | 000,140,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.11.13 13:30:47 | 000,280,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.11.13 13:30:36 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011.11.13 13:13:24 | 000,000,276 | ---- | C] () -- C:\WINDOWS\game.ini
[2011.10.14 18:52:01 | 000,000,770 | ---- | C] () -- C:\WINDOWS\ss_slide.ini
[2011.09.02 13:53:22 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\CNOServerLauncher.exe
[2011.08.10 19:35:43 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2011.07.05 18:15:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.07.05 18:15:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.06.10 09:11:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.04.14 16:11:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011.04.14 16:11:49 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011.03.11 19:59:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.03.11 19:59:29 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.03.11 19:59:28 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.03.11 19:59:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.01.09 16:08:22 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.11.19 20:26:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
 
========== LOP Check ==========
 
[2010.03.23 00:47:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Atmel
[2012.05.19 11:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net
[2012.06.15 17:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2010.03.25 17:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.04.28 14:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core
[2011.04.28 14:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.10.02 21:08:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILOU
[2011.07.05 18:15:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2010.12.10 22:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.03.03 11:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.03.07 14:00:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup
[2010.02.25 23:34:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Movavi Video Converter 9
[2012.06.15 18:38:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mqkeqkmdcximyst
[2011.12.17 16:27:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2010.03.03 11:58:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.03.15 14:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.03.10 17:20:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.03.11 00:41:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2010.03.15 14:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2011.04.28 14:40:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2010.05.30 14:21:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2010.03.15 14:34:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2012.01.15 16:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.03.07 22:54:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrafficMonitor
[2010.02.25 17:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.12.17 10:48:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0157FEDF-3108-4F74-BBB7-808BD2FC02BD}
[2011.12.17 10:47:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3DF8DA15-204E-4E48-A387-2A84546760AE}
[2010.09.07 19:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.12.24 21:08:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{5AB81122-EBF9-4531-A9E9-D57960778847}
[2010.03.07 13:59:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{783529ED-FB56-4E47-9A20-F9C23D22C2D0}
[2011.12.17 10:49:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8AF9D3CF-B9B5-4F8E-B47F-D26DF984D190}
[2010.03.07 13:59:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}
[2012.06.15 18:43:50 | 000,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.06.15 18:48:35 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 451 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:15E1CAA4

< End of report >
         
--- --- ---

--- --- ---










2. Extra
OTL Extras logfile created on: 15.06.2012 20:53:31 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 82,10% Memory free
5,09 Gb Paging File | 4,76 Gb Available in Paging File | 93,36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 126,88 Gb Free Space | 42,57% Space Free | Partition Type: NTFS
Drive J: | 149,05 Gb Total Space | 75,51 Gb Free Space | 50,66% Space Free | Partition Type: NTFS
Drive K: | 7,36 Gb Total Space | 5,45 Gb Free Space | 74,02% Space Free | Partition Type: FAT32

Computer Name: XXXXXX | User Name: XXXXXXXX | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*isabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*isabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Pinnacle\Studio 10\programs\Studio.exe" = C:\Programme\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Programme\ScanSoft\OmniPageSE\EregGer\NAVBrowser.exe" = C:\Programme\ScanSoft\OmniPageSE\EregGer\NAVBrowser.exe:*isabled:NAVBrowser -- (Naviant, Inc.)
"C:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*isabled:PMSRegisterFile -- ( )
"C:\Programme\Pinnacle\Studio 10\programs\umi.exe" = C:\Programme\Pinnacle\Studio 10\programs\umi.exe:*isabled:umi -- (Pinnacle Systems, Inc.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat" = C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game -- ()
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Programme\StarCraft II\StarCraft II.exe" = C:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Pinnacle\Studio 10\programs\RM.exe" = C:\Programme\Pinnacle\Studio 10\programs\RM.exe:*isabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\StarCraft II\Versions\Base16755\SC2.exe" = C:\Programme\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Programme\aon\aonController\aonController.exe" = C:\Programme\aon\aonController\aonController.exe:*:Enabled:Controller
"C:\Programme\aon\aonInstaller\Installer.exe" = C:\Programme\aon\aonInstaller\Installer.exe:*:Enabled:Breitband-Internet-Installation
"C:\Programme\WinSCP\WinSCP.exe" = C:\Programme\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)
"C:\Programme\StarCraft II\Versions\Base16939\SC2.exe" = C:\Programme\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Programme\StarCraft II\Versions\Base17326\SC2.exe" = C:\Programme\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Programme\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = C:\Programme\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2 -- (Crytek GmbH)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\StarCraft II\Versions\Base18574\SC2.exe" = C:\Programme\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Programme\Valve\Steam\SteamApps\common\dead space\Dead Space.exe" = C:\Programme\Valve\Steam\SteamApps\common\dead space\Dead Space.exe:*:Enabledead Space -- ()
"C:\Programme\Valve\Steam\SteamApps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Programme\Valve\Steam\SteamApps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabledead Space -- ()
"C:\Programme\Valve\Steam\SteamApps\common\stalker clear sky\bin\xrEngine.exe" = C:\Programme\Valve\Steam\SteamApps\common\stalker clear sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R.: Clear Sky -- ()
"C:\Programme\Valve\Steam\SteamApps\common\metro 2033\metro2033.exe" = C:\Programme\Valve\Steam\SteamApps\common\metro 2033\metro2033.exe:*:Enabled:Metro 2033 -- (4A Games)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Valve\Steam\SteamApps\coax_aut\counter-strike source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\coax_aut\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Programme\Call of Duty\CoDUOMP.exe" = C:\Programme\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP
"C:\Programme\StarCraft II\Versions\Base19679\SC2.exe" = C:\Programme\StarCraft II\Versions\Base19679\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*isabled:aolload.exe
"C:\Programme\A1\A1 Servicecenter\A1Servicecenter.exe" = C:\Programme\A1\A1 Servicecenter\A1Servicecenter.exe:*:Enabled:A1 Servicecenter -- ()
"C:\Programme\A1\A1 Webassistent\A1Breitband.exe" = C:\Programme\A1\A1 Webassistent\A1Breitband.exe:*:Enabled:A1 Internet Installation
"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Programme\Your Freedom\freedom.exe" = C:\Programme\Your Freedom\freedom.exe:*:Enabled:Your Freedom client software -- (resolution Reichert Network Solutions GmbH)
"C:\Programme\StarCraft II\Versions\Base21029\SC2.exe" = C:\Programme\StarCraft II\Versions\Base21029\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\Setup_A1WLANAssistent.exe" = C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\Setup_A1WLANAssistent.exe:*:Enabled:A1TA WLAN-Assistent
"C:\Programme\A1\A1 Breitband\A1Breitband.exe" = C:\Programme\A1\A1 Breitband\A1Breitband.exe:*:Enabled:A1 Internet Installation -- (mquadr.at software engineering and consulting GmbH - Web: hxxp://www.mquadrat.eu - Mail: office@mquadrat.eu)
"C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\1_Setup_A1WLANAssistent.exe" = C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\1_Setup_A1WLANAssistent.exe:*:Enabled:A1TA WLAN-Assistent
"C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\2_Setup_A1WLANAssistent.exe" = C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\2_Setup_A1WLANAssistent.exe:*:Enabled:A1TA WLAN-Assistent
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Agent
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.954\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.954\Agent.exe:*:Enabled:Blizzard Agent
"C:\Programme\Diablo III\Diablo III.exe" = C:\Programme\Diablo III\Diablo III.exe:*:Enablediablo III -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.976\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.976\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.998\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.998\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Sudden Strike - Release 1.0"" = "Sudden Strike - Release 1.0"
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{08E2EC5A-9C9D-4472-AB52-4165774BB8D8}" = Studio 10.5 Patch
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0C439E7E-DE2B-4AC0-8BEB-DAD70FAE2918}" = AvrTools
"{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
"{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{64C13A35-B44C-47E5-88DC-0916FCE1E7C1}" = Sophos Free Encryption 2.40.1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7590F488-7796-4000-B440-EC9523CB8721}" = Movavi Video Converter 9
"{76B55683-1A17-CB8B-B1C4-A0A3F3C2D2D5}" = Catalyst Control Center InstallProxy
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8ACF42DD-C998-ED3C-1446-93AFA65E823D}" = ATI Catalyst Install Manager
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{905A7A49-C6AE-4F77-8E69-AE8B9629D719}" = A1 Internet Software
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A041B6C7-CA7A-4A8B-9AFF-6402C8EE1920}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{A84C7B4F-2D03-4991-B4D0-81295B6D34F7}_is1" = FILOU-NC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BEB79508-7D67-4A2F-9FB3-54C2B68E9532}" = PC Connectivity Solution
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}" = Nokia Software Updater
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{E88D4AC0-2992-46BC-B03A-992FF2D96DFB}_is1" = FILOU-NC11
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{ED775CE1-E9F7-41C4-BE91-C925E6D5F513}" = Studio 10.5.2 Patch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"69083DC58646DE46A09847A522A1CC487F918039" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"7-Zip" = 7-Zip 9.20
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows-Treiberpaket - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"A1 Internet Software" = A1 Internet Software
"A1 Servicecenter" = A1 Servicecenter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"AquaMark3" = AquaMark3
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BPM-Studio 4 Profi" = BPM-Studio 4 Profi
"Call of Duty" = Call of Duty
"CCleaner" = CCleaner
"C-Media Oxygen HD Sound" = ASUS Xonar DX Audio
"Diablo III" = Diablo III
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HartlauerFotoService3_is1" = Direkt Foto System 3.x
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio

"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"IrfanView" = IrfanView (remove only)
"LOGO!Soft Comfort V6.1" = LOGO!Soft Comfort V6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"proDAD-Heroglyph-2.0" = proDAD Heroglyph 2.0
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RollerCoaster Tycoon Setup" = Roll
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"ST6UNST #1" = Schachermayer Warenkorb 2.3
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 17470" = Dead Space
"Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
"Steam App 211" = Source SDK
"Steam App 43110" = Metro 2033
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 3" = TeamViewer 3
"TrafficMonitor" = TrafficMonitor 4.80
"Unknown Device Identifier_is1" = Unknown Device Identifier 7.00
"UT2004" = Unreal Tournament 2004
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinAVR-20090313" = WinAVR 20090313 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISD beta" = WinISD beta
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"WinZip" = WinZip
"Wireshark" = Wireshark 1.6.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Your_Deploy_0" = Your Freedom 20120405-01

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.06.2012 08:57:02 | Computer Name = MARCO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14973562

Error - 10.06.2012 08:57:02 | Computer Name = MARCO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14973562

Error - 11.06.2012 12:21:03 | Computer Name = MARCO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11.06.2012 12:21:03 | Computer Name = MARCO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14984750

Error - 11.06.2012 12:21:03 | Computer Name = MARCO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14984750

Error - 12.06₆苪黎质텤졈⠉栋ゲ跽礖몎⫪⺕볃ᆫ玤䃃칑셯怣꜉㿯ⲟ魴䂹•申瓺놪ܫ亃׿섋享쥲깸珿ẑ➝壗ꛜ❋찲麽襕拌鐧鏓ꐓְ韽眺෻ꩠ풹뻘흁뒠杙᪙㖶쟙话穡ᔺ纆뇜䳫㯩暴ニꎰ麹覾딴⾂祾ϭࠀ냚쫬׷蟺惎쁠뤐鉽曤ᳲ⹟㯍棔ࡾ뗽쾘綖㔑먬♐ࣷ쑆꨺嘿鸞쯕㏚ὕ䘚絫쒡䖖ꎣ䒊꫸巅깃䙂錇霒랢횏∷鳓銿ꐲ◡ລ䶈珒 䰓牾鍈ꝺ巑剗渟⨦兲眎颺ꩆ䢖绅ﱿ噪蚏鷝湿ꐹ參蝷̐ᮖ⍾脰ᬺ澉휹糼遁尶夗λ螞쟂ꪖ탨稽͝ꗧ噚슳ꁵ쒖腆ᷘ␵ꇹ詇腲啒聾ꀣ丸泓꥗龓棥粲ꇮ뷏쥑楻躆ᨬ깻콦᪒陨ᄓ뤂턶扴茗缘讯㨴ꟸ뒜릐⼏ߤ뤬ὔ漕齼Ჹ⁆儩4譆颬韌τ珗ᤏ豈௉偐㧌唗㾳濸쥡훐⸬䗿俁㓭㩋㲁䫨⦲굘᠆棯ნ쒽揤扶떛⚻媣i卦䋧ᨾ恏浇瞧ᙨ 쯦㲊ஒꡤ迾㙍룁⥿膎듓㙨ᓴ콋ۙ롼쳓鬃ᇳ椩黆役㳸縴摮֑寱憝㪪笩됃虄祔셭뜘ꅪ邌ꑺ쮏퓰ᔍ쌃홏폔ꄂ緹烋Ꭶ똛쮢獑凗闌䱗⡍뫼嗏촢篔춅ᚿ댠嶼ᭁ흺阓垨䅻句┸퍈龨⨌挚ﳋ浵囍禨哲⭊↢ヲ蝶㮺쏹䈢䠺㓟ffl䗣ˤ䑛鍩ᅳ샡潗艋풵죡僉﫼ꑏ譚⾻仟碃練툪ꖞ㉁鎸쪣ﭻ罯搦㙂砝聏ઠ䀗ᒬѱ쒲솤፺⣕䢦吭b鹫젴ᒑ譝뮮ƪⷸﶶ颢☛쉡傏 頼殖壳⌈喝俳囅爻᮱ꬣﲢ粩극券乨쀲햸暕霻䟹ⲛ䆈㏴鎟Ẕ♡흪ꦨ乚䊈ᤒᏥ䁂퓇헳痠烷财⋵께욭Ή꿉엡᲼㹚胔풊Ḥ졧᭹ↈ釭ﮒ핵욌慮칙຾ﶀᆛ阡셮骑ꫀ兰⢑჎汗ঀ옠嗧፫䉐瞭뭝鴫벬ᶤ䳥끄⢋匒瘸똤펗䱠을㸱窲鎫䶕킈宏쿀寍㭨虶䮹潞卋㧋€ 鸊樀섑D ⨀쑂៧뉢횴왈䎸뗚쟍ﳯ賣稑鱟蟾圙໅⽩䉿췖ꦟ窜⁨⚨⦅豯ਨ㤮Ḥ驺㌲陠猣쬤ᆦ쁕傘ㄴ血㎒晐懩এ⋇됈ô ॵऀᇍ䳁 ࠤ䃀匧칱怷場ﭿၐ쀠澠憲찓辿縻쐛변炼塤݋醑⽙料䵧캲ﲴ볖풮⯠邒―ꁯ솟硹೫ꝍ償悳᧢ꂿ官꤁鳰獕洤郷镧鍇ᖝ嫮捕隴䢵汵苌촕ʱ翪ﺋ걏讲ꃾ๵ゲ혧띥同썭菿厁㸝ᑖ씕៽₭ាᦥ๤䇊뫅꺱攓趬隇ဵᎲ⡫᧜数ᮙ哝ᆣଯ댹ꖢ홡ꕮ暧黇付܀媒ᄡ汽৮㕓靬鰛Ȋ밠滂쓚ქ䄤愬ת哓䅣ຌ᯶͜㜀镘樘짖蘻٭᷶㰉ᩞ㾸㣞ꑄ 喀餀髪䕕莕翘⎂敋⸵▩譏묆豽㭎憗焌龶∙莇Ⳝ顕7씮잝⬤艂પࡕ諴ꂤ᳉퉰䝘ॠ쌳䧏伊㏖∏闷ꎏ㦒蘿涄ꞥ冺ꨋ튛㺣鄓꠳ⲋ⦸ꐳ໫榽竺坐賻悈硄옸怷써誇ꪲ뗰퐀ꤗ⬯턉䷧捝詧≍オ⌆⏅縛粜Ԯ퀫ᄉ敒稽枋쉽⧔૒㹛꽈捚䒗鿱䊥ਙꁣ駂훏コ㐞ꨔ楰뛥戵켔ꝳ삖襡购捔٧㻉尷׹䴳⍶㷞ړ曜﷕㡹㦄⍫鍿ꨩ톳땬䃤쇅稾웿푲揼㶒벗ㆶ᪺殇㷯 谡訰祍켡᧮芯扅魏⽿ⲗ⛹벾䣜珬睧댖탔෽ɕ禃菿꜋昖⡮㔐偄鿇䈮瑭⪭ꝱᓦ┏ᩜ흑᏿ࡆ⯫좆輮焚麙流夡ے얌楦摈屷숏㙪咕ߪӢ퐻鱲璄쑍햀ᾚꯘ廙￞숨ᗥ矬膪䱙ꗄ彨惰뚝熼囗ᆱ秙ョ⬉⁈⮅륇ᄚ뮾뚋탪㸨뷦흌̍㿅룛鸃ﵫ㩚狟✏焮䂥节⦢ೇﺢ擅湀訔홈鶴利俺ႏᜃ䏿뢌劽糆ҼΛ駔醈㗨譼ᙚ卓㟇쐊泠퀜今턏ࢬ䚢䚗묕玞뮪ஐ坴歀 㿫靄㮺躡鿧ퟢ奎㧫㻀籓Ꮵ뗃㤋઻.蓘漃檒ꉁᴫ狽쑏㝻ᵊⷂ◛䠶ᶼ鷹臕ᇢ崁닧輄ꔄ댪쫾놫㜷ɥὠ㶈챊գ浳৘ゼ쏷⥊厹裆搇㵠㲨껼࢕ꙺ丈⊋ꪓᬢ䚚¸懈儺ᴙ鳔ꧬ贼蠤鰇啶뷝వ呼ꅦﹷ肋懢䎞Გ⨸幫ⴄ欿뢎븟ꔩ騣﹑흏劀盘迖콱塆捡뺽ᑫ닁섑宛뗜ਕص硞㎼ɣ藗邿匆ꎪ옽鷪켧擀纫ꔌ暑ꚖⰭ랒⺚ↁ宂ቖꆚ恈璂 膜侻ⷴ吟餫军녙楶໐ꤐ⋨∃볤쮩矩䂧㽘嘩耥Ģ婔̛笈兌䀦ឭ꽇볐ॖﻘꨵ囓⳻ꢙ䯡뼸濊笯ꢞ൭쀸须넴圃뼾吺砂僋ȯ擖ꌁ연천썫疹龈覌邫ㅼ㓨ዿ༒絾誡塩릥㹳机장ﺰ이꣌ᤄ片쟍ຍ퐷닃꒢똆옴㎕볏왬從酺쌙栴ꛜ乃똖為訮쁜ꔶ教茇⑱ꖒ焿ꡜ➎刁䂖躙ꞔﴍ୫檏仐鶎瑻ݝ覆⇌댗뮺鮽擐饫宲䦭羨㏔枆뗰꿃⾟뗊鉹䐋껻驣갥雎䑍 ୊䳲髩ⴗ粳꣭⤆垒濕᭴舍Ṡ♣ᄉ哚캶煢⪋锟절權靛庚Ⲽ贐㵓窨큚㪖쌞ຣ阰鄅ҡ蝒揧搷湬輹䟆㱳蔖ꙙ應儧졕∼鯹ә낵꠩쨍쵈ɳ瑷䏢켻谼◓㦎뺞뇸搮ퟱﰊ꽨꥕䃂䩆屝Ᏸ䠉沉謮僲ൟ䍟̱沊嚪윿ꂌ逕ᕓគޛ﫩曼줲ⳓ⭙ꖚ䅝˰䝎䀎澰豼ᜆ䧃痧崁박耞㺮줂絹쪨㎥瑸Α䄇㿟鏦캪꽊褷毐躙⫨칓䠃䫑뚪̄ᶶछ⟞뉺儵拡梇刎凡猵艑 絰輐ს귦病Ḝ଼儫音毛⨚팧ྫ䂡㭉蹂垨ꁰ극ఔꮽ஋६泄㣟睻捌굼㟠龎祫㷹鐌굕甶顃ꐷట젬狄캓喨胯ﶣﭚኗ쾅蹉뫴⭖잹㸟≚弑끁퓞魨켏ြ䆤翊뿗䞱䦭㵞릗᫦쓚だﳿ줪᮲쏠뿸콨馊̊᠒㚫ᆾ跧곍㹗⨌惭릔赚詎掲Ԧ縭еꊞ돤佩答ꁂ鱸ꌚ 샷羄嬼䎪캹￱틩㍩ૃ餢疡꩒卖Ꭸ⒨玅挡吻쎉捋ഩ㨷蝯珲8妫怸䨊萲䕒틾ᨗ 脏煮뙮쳹遂鶣秔﹨霫⬅⿾ꏌ㫄ก薱퇭䒿뢛謹∛낯﹇뻥薠沗䛑巡餹泻☨ꂳ힁옙㖬ဤ㒛眨גּ㟴꙯勲錀벾荩﹀웬훌ⵌ鼴紱辝ᵞ棇࣪顎䰔鰼抁䢈矷ᐬ㳜㽱上扤ွ㳰᠂㴉椊ⵧ싿ࣇ뻔㴴᱆旿앙颛꧟㛱덵䜢퇩㚢暣垏䒛휅熈쨿▟틡阹傧嬍⢕蹴߿䏄网ⳗ㎪끈葽ऄꗋ쭡꓋᤬鐗̱䫬쮔ვ폠黦흘懵讛穮ឌ﹅퉇Ŧ㕇掲ᢄ 꺟ꅃ틺ꨧ$ ऀࣘ ᅩ廁 J䃳㠔뒺戔䱌챬㧄パ嶑㦯騨跚裾듎籋㗄灌ᑤꑽ⨃橝玕덞韪ᾏᅯ헺博溰幐骰﹯蒭᩿矷蹙팖聵х췛桚﵌붮櫓財濿떕ທ¢ ॴऀᄖ滁 ࠤ䃂呷Ŗ൒ᠬ頗餠偘⼯⬯Ԋ诪㩎✉心㪜⼋⬯̊扲翯㫹￟ꪭᾃ蹽謐髊⸝蛘痾뉩풪倇岍撒셽嗸ᬷ璳톧⮡㴕뱟먦㝕梩请줌剒牲⃔銡㉒쾨놐ד鑊怜皌㊚㒲있ⴶ䣚蔲덑憦舽쒛롬Ѝ픡䓪㧌㙁ઌ比漦ᷖ㫙譲䓤徺랯谡଼ﳝ↛㽆ꦟ疽酢ꜣ릌嬜ᘬ쐢氽㭺뺎⵬雈嘻늅钘ꨱ笼鱙鳐䈆흇ᨛ螇鐙វ⪴蜅ᄴ洍᝱廔ṣ李鴐㙣ꇥ䢤冪滥Ύ䝄膠ڽ뉱뼄᨜ 疉躈됶㬏␧揓渰䘕‿フ餩챓甓晖莧쫐笰쟓袸ꪎ낐ꕫ溁湣訵푶䪬扮䉼汉ഌ汦윁㝬姡䫉楣䩀읱儇컥›굚咞潽奴틇ο逸和斤䗱緧ꆳ䂿⦰뵙윿픘鄭ὴ㬒稦㉽鈺妋퓠柶ৣ檒㲞쌾㩺弟혨ʥ棘訶ꇧ⅂氛ᔔ㻗㟌꼦룛᷿捥쏓F캥꫉딏암앻ꔑ貼יִ쏨ꘝ洶機ꣻ⁼᧳ﲣ﷏쥊親耲⤶階ܒ됞魖䋒坤뗫ᛊ蹱ᒆ懈洹⪳휺₱꠫轴ꢆ퉁䚎 홫朰ᡖ橣ꉊ弿蠊粛큘摶ꦘ䑾攊苧䜏⋍锺鯅ጌख鼬ᣚ㔗럂嗬騞뭰먱띦䟬葉쐋𣏕ᾕ錫㐍礅䧆歯⽳Ɏ쁕㭽럡ꕒꌠ䫑錍쬦閒ᕸ뤜ꛏ᡺龃ᎌ쀢쇈생寗䅒螤ㆂ顷Ꮃ龼贁溳아嬰䴝龐⩬㙐捵呙ꀽ鶦ଈ㮴ᬮ馷㟩驖쁢拷췊㙮ﴴ㾅⇫瑰蜧ꗚ蝜뢫௻瓙埞⚠║殟苁ꮂ욯桼甫쾝ፏ㐍朒눦ᄁ襠譛﫺숣៊餕๪ﴷޤꦖ哃砺ⲹ筙⍗赸偺眥涬풽ⓥ霵◬ 韏胆ꃗ뤍徛쳫媯ꋉ䋜Ŀ堞ꃇ﭅燊䭀孥㙄㍖虲뫺얶蟬爫匲䃢虂벍刾晌颳䊖䝅䗨뷬ᤁ疛뛳弶뢉盾ᮐ䰉戬莃䍴痾㇢ﱄ彻鳳ặ➏╎蜛蘠꽱뻲ﲭវﯳᴵႉ鮋ࡅ⛧ୈ㮗亍㞎ꡍ먗暌䮂䢕밈廫☋콕腘㙤氳્桐瀽ꃥ盵꺍縛璘鎘貰奦ᵖᷭ蹤䖤ꁳ왼܏詵훍鿽轍蝋騞冭夰쨠쿍ᣰ๦䜌陉詄哶㽴槸諜钯퓘᫓Ꭻ蒊牴륇䁄渖泶 ⴩㜤⑴䟴使륻ꛥ쑔欔኿歵魿ⷦζ㣩럞흈즏괼尼刺˧挈굨ⴊ睦ጠ芌Ⓒ鄷↶骼㽰༲剃꒙Л郐Ѳ똂鮕폯쎓ڗ虴騙ᰬ렑傈ೝ쑶쑶᧻ẏ뽬荽ᖃ륡ƶ쭜蛭쯉퀻䔑ퟫ诡ᰅȖ㖰앋眷傤္肸੍빮뼮잒阽賘搖곳ﺵ崃뛆吴읥⭞⏕㣚䦝Ủꋀ䤜匓厨㳜ꡎ蟧홺㣆知∆鑰齦포쬏Ბ轒闖ﶂꖶﵦ٢黈럇ﰬ딐ꬸ䥻氮䝝Ҍ뵤救虳ᗞ璝㛛혓 㜠埂怊㵴碲饳ãᯎ짭⍢㘹혓鑈꧔ﯜ᧳섨泙戎峎湨⪙팜⾝鋮淓䟅춆戓ꃳ킠濬쟖罁瓶㐙㲊潏ԇ꧶񳕳汋㛻⻤뙩菖뫴뤶ᒋೝ勒腏Ԧ钀㭘퀠磻‟❙襕픕䔾垒툷ᕰ뀼댚糌濼쑢偛㩭㫞圤铪䯥ꡚڗꈵ庎༾떀ꡎ﫽覇ﮁ놛㩱鉻炰ꗺⶵǼ랒㟴㎡踳邲⡣㔹济⡒雽綨鿑蕰踬瀮ꩠ땍鰜䊎炤玗應ژᖠ똸㧹輊篋暈濝炜淔隔ꇵ昳콢椵雀놺ꕿꩬ䗍 Ҧ엷탷ᭀ늹媏톃쬸暓凅㳒㵫莬Ꭻ官鲰Ᵽ杇䠥활ꣶ檩傹胛ﰿ본牏㻘搋ꭑ馱൸跡⢶㎞硘׀⯍邻懡ђ⛒ᾥ﹬⮀릏꠴匊啑訔㙉帧葔南鷚鑍㝻ꁢ凷ἦ◛ἠ줥頩ገ鶴騧螱ຖꃻ鉇羗⴩ꮝ鋾ꕌ맾脪ಲꀭ梌뿋ྟ攱紂శ䃣輆婡Ļ씌뭞纜ど鍠㌙튾砧袩႔楟Ⓔ䵌ꑒ囁䍬鈵念젧ᲇ辀褵餈ᔴ鍸㬳ꕍ蹧⸴㑾౬昍ᄺ偙ꫭ睁䉎皪썕守ꄾ◠뉮䅊誷挌ꩨ寂䚹 ʯᧈᙡ䓤잪萶ꓘꯣ❝′鷙㙼ㅙ⯥犮벮琖雲橅㴎ꒃ驕䒮⴯潜⎻쇙༉姶䷄렬霁⢢ೈ땟ꇌ沽綣郛쭊杪騃ꪻ⾙ُ搘氁鍛쁉 ℉樀섑x ⨀쑂ᯯ戃Ằ쩺込∵ꆥᅯ訟ᅤ鲜짿ꫯ劳役ㅚ䑱땍鿾⌋ྲ¥ῑ㗧ឪ컯ዦ䂆⏢쫠呾녬ꀢꋺᘪ糮벡檳ꓳ鰑ᚚ뛽+ ॵऀᆚ迁 ࠤ䃄䱵轫몓ꕅ孕Ⱛ轡急샠벼겼ᜨޚ扣摞薂Ĉ恗⥩靯繟耜븒齎俜냲菗ⴣ晍訏뜅뚵㶲嬖﹊摽霗熝렉ᗧ㚜ᮓ쒖꽕㭺㮳籽ꃍ軵ഋ跽얪᪹헛儫倫ᅠ맂쁗큩懈轾彐ᙄ쥏쇙Ꝡ浥쪈룀橮䪮䭄彗飂꾍煇啛瓵뾬鄫쭏웿⌟貀楍諭厰夒玭幆敄乴锤뛡Ừ翧ᖡ틋ꕹڴ꼼쎢⺡臏휼垨魶ﶏႺ貽깋㧓栭㑫㥧㒢桖휪▲떁ᢠ惡ᨳਹ곷k元㼑杨뤵餡ᯥ㷈⏄᫭鶮 푅斓춼煮㥄⪢᭽괰⢔٘൓쒼妢ᱟ騬쳔璮눾纅捰褑Ⴘ켉醑黸郙疍䝗㥟措崬絭䓴箶ꩪ矉듴嬴扠ṵ龋鸹䷗汶힥拺ᯒ잗峲譇쌹敼檆쐒䂰勇ꋩ甛ᐱ柟ᡚ쪲㢎獹삪࿑籹漶常ཞ䪇﨓ꢠ퓯鮻쨘橽ذ놕ቆ斖泭Ჾꎫꓕᇎ貈根烄链歛䍶櫶잋옜ٴℌҋ땻菰ꆿ韂袦꺪절舔첝ገ㓦冢䥯⮤䤣ⓙ냥苠룱䔰屳ؙ惛됛ಽ是䱝秡閭뿠匄ᥞ᜽곶巳᱄늌ⴃ ⧼ﱮ⹨똒鑭籦츦ꞯﮃ確蠿⧉슀缉婀졎ꙏﬠ為甴ⷒꆐ륍象ꮢ曊ꢔ૞ﻅ揂癦剼퓷쁆쵑ퟨꏲ엊䜡㆚鼺싾ﯴ릐䡦篠⻞埚蓞艝ƒӤ黼⨶姤ﴀ벾鼊ᮂꁦ㍨銧᱖ꑮ⸑䊾쀈﫶끛霶킓躗␚鱅섑㊄ṹ首듒豓즏㻊蚰䭆ꏠⅅ潆쇡們疉ᚥ颬ﷂ咷㠤鍥튝谞⪛龫璑鰃븖ꖐ卪瀈ứ誫熷ꙙ倕咑꜖൮ꉸᕗ拟ꤋᇰ쒗嚅磽ℏ鸈፯Ꞛ勻Ე烲㷜봣㵸뱱聥 䅎㪠䳤癅尒父堊门뽯㚼阒옻풁㲢耹只需뫐희ᵃ챯蕞滾䒙죲蕶礎쥋䙜殨⹺偪닔◔憸ꂄ閿보韇㗟꾑露両섶枱ኻ੭눀㸝䃫拁⨕圲ζ冡幑䐲ಖ㱯숏꽽䂢쏛䭢扟བḀ랂ᖵ鋑盧㘃뎫灣佴玀䚜场挜욅줬ǟ냵Ꙉ皾暮ꉱ鐻孖臓⫺灾ᡱꖢ킲硦싖T⨍嫏䁜Ⓔ︃叵㙎瘺㭽፫銆哪ᕲᕫ맋ဎỆ惡෼煮㄃ᅠើ衫괟Ҟែꉂ됢鴐쉾凄ꨡߦ膖䤂樢葸屦흦 鶀癬뱃钵睑ᤢ᚛閌朊ﱛᷟꆨ홎쑔鼍뒌ᬫ컙藛쟶흃꿫鷈蝿㡿1䷿腭ဩ裄桐劒Ꙉ㷊恄䀽規撢잮娊ꯅᨽ踎틥뷎ದ鶥⬀ꄥ옺렂隅냥줼卿윘䛛㼪爬ᯝ㧯㧢䵓㔿㘥碲跖⣡㻓꧘搂䱅♵硏⥅ឞ汽䶙阉Ჾ뒂왟켌囚袘坙ท텨⽶烜릐稻剑奶鰁㋻餿뤞弩⊂䕱辤풒Ʈ⭺ᝡ⮖墭ﲟ봀∷཯㴘Νሦ᳂䙈㓠饏ﷹ皺瀸ഇ⅒鬣⟜ጋ賲䘻㧝颵䋤ࠑ慗䣣씈棦哿쒕 힥ힴ怀붝毹ݭ粝棪朘뚵硘ڦ햣牲珮♄耭}蝥좇孴ェ볞끕䡃㱥畿ꆻ⚐쮻랠痌ﴥ㑴戛賟﫩꼦ꄍ迃ꋅ뫍៩⬺ꓨ溿鐤嬞苰ꋷ鎽颠咜䒀瘝쭁杉湪埪ₓ饶뀧灾柪磺쁩㗯玾ሲ鼬㱱￲쒕♿ᣁꌦຣ鏀챻쁈㱴咯唈輢뽰鷿┢㫆絚齓攔꺯㻌僯檵햷磄䜍拾῿蒛뜎頀ł绹혹᪥됕౺ﮃ嶆豺뵸籔挙䐡牴췟ꚕ鎡䇕㟃鷱컱㽚켹번㡹ꇪ㶯瘶닃♒ Ƀ௰迆㸖㶑莯瘉茳Ý㣢໷絇쬙ʧ渏쥀祲梻띏練鋚摮謑⾬웶⑔㹆葊ࡦ쟬쩊⽫쓧੒摂񦅈㵽稞钌뒊읈䋎ᶜꄮ䝔簙쌺魮軣⍍啀缃ﳴ뾛쾝쩚㖤捅ᡕ⟌








3.Gmer.txt
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-15 23:20:06
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Scsi\JRAID1Port5Path0Target0Lun0 SATA____ rev.0000
Running: i2s67e5f.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT  Lbd.sys (Boot Driver/Lavasoft AB)                                                                                   ZwCreateKey [0xF766787E]
SSDT  Lbd.sys (Boot Driver/Lavasoft AB)                                                                                   ZwSetValueKey [0xF7667BFE]

---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd6007f5                                         
Reg   HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd6007f5 (not active ControlSet)                     
Reg   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               
Reg   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION                                506D802C4BD9320BD25C672EB68AFB6E6573114138ABB6C9FB5999EA1E3254D3D1A3D5E42B8A7485F545173648821B791F834EE0FE4CB65D5AF6F319518B73F67C2A4810D46FDEB5F03B5BD3A7E8DB524E916F31AA626E07BFA820349813C1CDBDE060B1635A1DB496EBCA60E4AF893DC8BE37845EA06353261C2D2A4DDEA4CE53261E6E05E010010B08EF5B248D2161B72D5ED3D47DD1325D06A20ADCC63450D25EF10F7ADA4DFE46464B679BFCD1C9980311BA5834A7F7879DF70B4764391323F3C2839BE69CF394FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A6171C11EC38DE3D62417CE825159AF1326A398E12583565CA1569BF3B9F28677817DAA18348D9632FE1DE5F0CFA12A39FB9944BD656939461C7424BF4DA3FDF2472C59DC1B8C0D27B0D8565B35D5819B15184103BDBA543AF2E7301309E92A1F365E315506C3E699872FE72CFC003B2684D4E29F26B093787F39821C386EA76A9474CDF483D60975837F914D8DB0B22C7C0DC79F838BF87BDB677844966F1FB0DE4BCEA83B89D9E93F44DEC8A1A4E71D7AF3D7609ACB0A32D0AF396204239A4E67D13B6A1A34C9626386FAF659A8DFB2796A2AC2562274932751CD5685532B5874653D505F2ABE7EE8100A72E32E
Reg   HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x6B 0x65 0x49 0x6A ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xE9 0x02 0x6C 0xFA ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0xAA 0x52 0xC6 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xF8 0x31 0x0F 0xA9 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Und zu guter Letzt die Log vom Malewarescan:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.6001.18702
Administrator :: MARCO [Administrator]

Schutz: Deaktiviert

15.06.2012 19:58:31
mbam-log-2012-06-15 (20-46-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 415471
Laufzeit: 45 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
J:\Programme\WMR\WmrProInstall.exe (Adware.Onlinegames) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\XXXXX\0.6343209680516496.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

(Ende)

Habe probiert die Schädlinge mit Malwarebytes entfernen zu lassen.
Laut Malwarebytes wurden die erfolgreich gelöscht, allerdings ist der PC immer noch gesperrt, der "Ihr Computer wurde gesperrt Bildschirm" erscheint immer noch.

Was nun?

Alt 18.06.2012, 13:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe - Standard

Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Antwort

Themen zu Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe
ad-aware, adobe, adware.onlinegames, alternate, antivir, avira, bho, bonjour, browser, call of duty, canon, cdburnerxp, cleaner pro, converter, dateisystem, einstellungen, error, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, logfile, plug-in, realtek, recycle.bin, registry, rundll, scan, searchscopes, security, software, teamspeak, trojan.agent.ge, trojan.agent.gen, trojan.spyeyes, udp, windows internet



Ähnliche Themen: Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe


  1. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  2. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  3. PUP.Funmoods und Trojan.Spyeyes und evtl Trojan.Ransomlock.P
    Log-Analyse und Auswertung - 26.03.2013 (11)
  4. Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (8)
  5. Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor?
    Plagegeister aller Art und deren Bekämpfung - 25.02.2013 (11)
  6. Trojan.Fakesmoke, Trojan.Agent-128337, Trojan.Agent-128287 bei Desinfect 2012 (Clam AV)
    Log-Analyse und Auswertung - 06.02.2013 (17)
  7. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  8. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  9. Trojan.SpyEyes, Trojan.ZbotR.Gen, 2x Trojan.Agent gefunden
    Mülltonne - 14.09.2012 (4)
  10. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  11. EXP/2008-5353.AO TR/Kazy.80527.3 Trojan.BT.Soft.Gen Trojan.Banker Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  12. nach Infektion mit trojan spyeyes,zbot,agent Java virus funktioniert tastatur nicht mehr
    Log-Analyse und Auswertung - 25.08.2011 (1)
  13. Trojan.SpyEyes.WC eingefangen Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (1)
  14. Trojan.Hiloti.Gen / Trojan.SpyEyes /Trojan.Agent.U in Registry
    Plagegeister aller Art und deren Bekämpfung - 18.02.2011 (12)
  15. Mehrere Funde mit Malwarebytes: Malware.Packer.Gen, Spyware.SpyEyes (3x), Trojan.Agent (2x)
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (29)
  16. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)
  17. Brauche Hilfe! trojan-agent-winlogonhook, trojan-downloader-zlob, ...
    Plagegeister aller Art und deren Bekämpfung - 05.02.2008 (0)

Zum Thema Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe - Hallo! Mein PC ist vom (Trojan.Spyeyes) (Adware.Onlinegames) (Trojan.Agent.Gen) befallen! Bitte helft mir! alle Dateien aus Eigene Dateien weg bzw unsichtbar... Was habe ich bis jetzt ungternommen?: Die Punkte wie hier - Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe...
Archiv
Du betrachtest: Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.