Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.11.2011, 22:38   #1
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Beitrag

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



Hallo liebe Trojaner-Board Community

Seit kurzen bemerkte ich das meine Systemleistung stark zunahm und dabei bemerkte ich im Taskmanager das die Datei: csrss.exe (Größe: 444 KB) dafür verantwortlich ist.
Bei meiner Recherche in Google fand ich heraus das diese Datei normalerweise nur in Windows Systemordner nur vorkommen darf ansonsten handelt es sich sehr wahrscheinlich um einen Trojaner. Die Datei versucht auch sich mit dem Internet, zu verbinden dies habe ich aber mit meiner Firewall bereits unterbunden. Beim Löschen der Datei wird sie einfach wieder hergestellt mit Ordner. Mein Virusprogramm schlägt nicht Alarm und sonstige Sicherheitsprogramme erkennen dieses Programm nicht.

Kann mir irgendjemand bei diesem Problem weiterhelfen? Ich bin kein Experte bezogen auf Viren. Alles, was ich bis jetzt wusste und fand an Informationen, suchte ich bei Google.


Danke für die Hilfe in voraus.


Mit freundlichen Grüßen

Chesspower88


P.S. Darf man diese Datei per Anhang hochladen zur Analyse?

Alt 26.11.2011, 05:46   #2
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



Der Trojaner ist sehr aggressiv zuletzt verbarg er meine Systemfirewall, um ungehindert ins Internet zu funken. Eine Neuinstallation der Firewall wurde verhindert und bei einer anderen Version der gleichen Firewall gab es ein Bluescreen.

Nach dem Bluescreen startete ich in den abgesicherten Modus von Windows und entfernte den immer wieder installierenden Ordner. Bei dem darauf folgenden Neustart wurde das Programm nicht mehr ausgeführt und die Autostarteinträge waren inaktiv und konnten gelöscht werden.

Ich bin mir jetzt nicht sicher, ob das bereits alles war. Der Trojaner war äußerst aggressiv und ich habe etwas bange, dass dieses Programm immer noch auf meinem System läuft und dies nur ein Unterprogramm war, das von eigentlichen Trojaner initialisiert wurde.
__________________


Alt 26.11.2011, 12:26   #3
markusg
/// Malware-holic
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe

    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
__________________

Alt 27.11.2011, 11:25   #4
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Beitrag

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.11.2011 11:39:28 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gerd\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 55,10% Memory free
9,72 Gb Paging File | 7,66 Gb Available in Paging File | 78,85% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,63 Gb Total Space | 200,39 Gb Free Space | 44,08% Space Free | Partition Type: NTFS
Drive J: | 7,45 Gb Total Space | 0,77 Gb Free Space | 10,32% Space Free | Partition Type: FAT32
 
Computer Name: CHESSPOWER-VAIO | User Name: Gerd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gerd\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Users\Gerd\Logox für alle Anwendungen\Logox. für alles.exe ()
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - c:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()
MOD - C:\Users\Gerd\Logox für alle Anwendungen\Logox. für alles.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (bcfsrm) -- C:\Windows\SysNative\drivers\bcfsrm.sys (Jetico, Inc.)
DRV:64bit: - (bcftdi) -- C:\Windows\SysNative\drivers\bcftdi.sys (Jetico, Inc.)
DRV:64bit: - (BcfilterMP) -- C:\Windows\SysNative\drivers\bcfilter.sys (Jetico, Inc.)
DRV:64bit: - (Bcfilter) -- C:\Windows\SysNative\drivers\bcfilter.sys (Jetico, Inc.)
DRV:64bit: - (bc_ngn) -- C:\Windows\SysNative\drivers\bc_ngn.sys (Jetico, Inc.)
DRV:64bit: - (bc_tdi_f) -- C:\Windows\SysNative\drivers\bc_tdi_f.sys (Jetico, Inc.)
DRV:64bit: - (bc_prt_f) -- C:\Windows\SysNative\drivers\bc_prt_f.sys (Jetico, Inc.)
DRV:64bit: - (bc_pat_f) -- C:\Windows\SysNative\drivers\bc_pat_f.sys (Jetico, Inc.)
DRV:64bit: - (bc_ip_f) -- C:\Windows\SysNative\drivers\bc_ip_f.sys (Jetico, Inc.)
DRV:64bit: - (bc_hash_f) -- C:\Windows\SysNative\drivers\bc_hash_f.sys (Jetico, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (OXUDIDRV) -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys ()
DRV:64bit: - (CPen) -- C:\Windows\SysNative\drivers\CPen.sys ()
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (AVerAF35) -- C:\Windows\SysNative\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (OXSDIDRV_x64) Oxford Semi eSATA Filter (x64) -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys ()
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 48 A7 5D 3A B5 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/|hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite|hxxp://www.youtube.com/|hxxp://www.allmystery.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011.11.15 07:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.11.15 07:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.16 07:24:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.14 14:41:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 07:24:24 | 000,000,000 | ---D | M]
 
[2011.10.31 20:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions
[2011.11.15 07:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\uxc6fp4v.default\extensions
[2011.11.07 07:01:18 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\uxc6fp4v.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011.11.15 07:57:16 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\uxc6fp4v.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.11.02 15:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.02 15:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.16 07:24:28 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\GERD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UXC6FP4V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.14 14:41:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.17 19:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Gerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Gerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Gerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2011.10.30 21:31:18 | 000,437,957 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15062 more lines...
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\Microsoft\csrss.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\Microsoft\csrss.exe
O8:64bit: - Extra context menu item: Add to &Evernote - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to &Evernote - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ 7.5\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ 7.5\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: matheboard.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0bc67ad5-218e-11e0-9067-f07bcbcb1074}\Shell - "" = AutoRun
O33 - MountPoints2\{0bc67ad5-218e-11e0-9067-f07bcbcb1074}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{0bc67ad8-218e-11e0-9067-f07bcbcb1074}\Shell - "" = AutoRun
O33 - MountPoints2\{0bc67ad8-218e-11e0-9067-f07bcbcb1074}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{16326ab5-0f6f-11e0-ba74-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{16326ab5-0f6f-11e0-ba74-5442491305ab}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{16326ad2-0f6f-11e0-ba74-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{16326ad2-0f6f-11e0-ba74-5442491305ab}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{16326adf-0f6f-11e0-ba74-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{16326adf-0f6f-11e0-ba74-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{27cd5678-23f8-11e0-a35c-f07bcbcb1074}\Shell - "" = AutoRun
O33 - MountPoints2\{27cd5678-23f8-11e0-a35c-f07bcbcb1074}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2811343e-2b0d-11e0-bbc8-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{2811343e-2b0d-11e0-bbc8-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4b0a1493-90c4-11e0-bfe3-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{4b0a1493-90c4-11e0-bfe3-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63179e35-7d3d-11e0-af9d-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{63179e35-7d3d-11e0-af9d-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7a112029-7d84-11e0-aa37-f07bcbcb1074}\Shell - "" = AutoRun
O33 - MountPoints2\{7a112029-7d84-11e0-aa37-f07bcbcb1074}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\DudenKorrektor.msi
O33 - MountPoints2\{85dc2b8a-1d98-11e0-8d51-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{85dc2b8a-1d98-11e0-8d51-5442491305ab}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b0a2ba91-91dd-11e0-a0a0-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{b0a2ba91-91dd-11e0-a0a0-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cb7ac48c-4b53-11e0-8d53-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{cb7ac48c-4b53-11e0-8d53-5442491305ab}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{e95e49ea-7d24-11e0-92aa-f07bcbcb1074}\Shell - "" = AutoRun
O33 - MountPoints2\{e95e49ea-7d24-11e0-92aa-f07bcbcb1074}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f57886be-2ceb-11e0-ad86-5442491305ab}\Shell - "" = AutoRun
O33 - MountPoints2\{f57886be-2ceb-11e0-ad86-5442491305ab}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.27 11:07:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gerd\Desktop\OTL.exe
[2011.11.26 04:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011.11.26 04:59:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Zonelabs
[2011.11.25 22:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.11.25 22:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.11.25 22:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011.11.22 05:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.19 09:40:36 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{874BBEB4-3E67-4CF1-88E5-D1B0D7C4C672}
[2011.11.19 09:40:25 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{BADD5A4B-B317-458C-8068-D39F896E6ABA}
[2011.11.18 16:33:39 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\ASCOMP Software
[2011.11.18 16:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOMP Software
[2011.11.18 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software
[2011.11.17 11:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.11.16 21:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.11.16 21:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011.11.16 13:01:27 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Alte Daten
[2011.11.16 07:28:22 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\DDMSettings
[2011.11.15 07:57:52 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.11.15 07:57:10 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\Conduit
[2011.11.15 07:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2011.11.15 07:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2011.11.14 07:21:44 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{EEF212CC-2BFB-42D3-84CF-F63A3AFD4776}
[2011.11.14 07:21:23 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{084CE115-4D43-40E2-B988-347DB677A5A2}
[2011.11.13 08:41:03 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\MAGIX Downloads
[2011.11.11 06:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IEAdblock
[2011.11.10 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{EA6798C9-C80D-4717-AD59-3579F6E3F437}
[2011.11.10 09:59:57 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{1154314C-1210-4AB4-BD10-189B86E09434}
[2011.11.09 16:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011.11.09 16:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2011.11.07 07:01:37 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\adaware
[2011.11.07 07:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011.11.07 07:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011.11.07 07:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011.11.05 17:52:37 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\Löschen empfindlicher Informationen
[2011.11.05 14:55:07 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{6BB1AF9D-5455-4663-ADE0-A46478FB7225}
[2011.11.05 14:54:41 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{5FA6FCB9-0B82-41FD-8B84-7D32744F67B5}
[2011.11.05 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Tracing
[2011.11.03 18:45:48 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Avira
[2011.11.03 18:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.03 18:45:14 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.11.03 18:45:14 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.11.03 18:45:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.11.03 18:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.03 18:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.11.03 12:31:58 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Logox für alle Anwendungen
[2011.11.02 15:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.02 15:45:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.02 15:45:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.02 15:45:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.02 15:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.10.31 20:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.10.30 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{AAA9A15D-8AC4-457A-A243-D0F0B25BB4BE}
[2011.10.30 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{E493FB12-375A-476B-A118-083C92285E99}
[2011.10.30 06:55:57 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{07FDDCBC-CC24-44A3-9DE7-9B4319D7AEC7}
[2011.10.30 06:55:35 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{5334246E-22A0-4E77-B449-BCD9EC0FC3BA}
[2011.10.28 13:26:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.27 11:07:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd\Desktop\OTL.exe
[2011.11.26 08:22:53 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.26 08:22:53 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.26 08:22:53 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.26 08:22:53 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.26 08:22:53 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.26 08:21:16 | 000,001,039 | ---- | M] () -- C:\Users\Gerd\Desktop\Trillian.lnk
[2011.11.26 05:21:55 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.26 05:21:55 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.26 05:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.26 05:13:46 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.26 04:55:16 | 563,853,270 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.26 04:45:50 | 000,086,114 | -H-- | M] () -- C:\Users\Gerd\AppData\Roaming\Gerdv1.18.0 - Trial versionlog.dat
[2011.11.23 10:01:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.11.22 05:58:27 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.20 19:59:36 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.11.20 16:40:45 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.11.20 16:40:45 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.11.19 19:20:03 | 000,000,132 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.11.18 16:33:36 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Secure Eraser.lnk
[2011.11.16 07:24:31 | 000,001,615 | ---- | M] () -- C:\Users\Gerd\Desktop\DivX Movies.lnk
[2011.11.16 07:24:07 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.11.15 07:58:01 | 000,415,915 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011.11.10 06:21:49 | 005,121,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.09 20:03:30 | 000,003,882 | ---- | M] () -- C:\Users\Gerd\Desktop\Logox. für alles.lnk
[2011.11.07 07:02:28 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011.11.07 07:00:47 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.04 06:38:41 | 000,001,520 | ---- | M] () -- C:\Users\Gerd\Desktop\Config-Laschsis.lnk
[2011.11.03 18:53:56 | 000,001,260 | ---- | M] () -- C:\Users\Gerd\Desktop\Eigene Dateien.lnk
[2011.11.03 12:45:12 | 000,001,150 | ---- | M] () -- C:\Users\Gerd\Desktop\Mozilla Firefox.lnk
[2011.11.03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.11.02 15:45:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.11.02 15:45:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.02 15:45:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.02 15:45:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.10.31 20:52:17 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.30 21:31:18 | 000,437,957 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111106-205809.backup
[2011.10.30 21:31:18 | 000,437,957 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111123-155624.backup
[2011.10.30 21:31:18 | 000,437,957 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111106-210521.backup
[2011.10.30 21:31:18 | 000,437,957 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.26 08:21:16 | 000,001,069 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2011.11.26 08:21:16 | 000,001,039 | ---- | C] () -- C:\Users\Gerd\Desktop\Trillian.lnk
[2011.11.26 04:55:16 | 563,853,270 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.22 05:58:27 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.19 18:41:37 | 000,000,132 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.11.18 16:33:36 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Secure Eraser.lnk
[2011.11.16 07:24:31 | 000,001,615 | ---- | C] () -- C:\Users\Gerd\Desktop\DivX Movies.lnk
[2011.11.16 07:24:07 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.11.15 07:57:36 | 000,415,915 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011.11.09 20:03:30 | 000,003,882 | ---- | C] () -- C:\Users\Gerd\Desktop\Logox. für alles.lnk
[2011.11.04 06:38:41 | 000,001,520 | ---- | C] () -- C:\Users\Gerd\Desktop\Config-Laschsis.lnk
[2011.11.03 18:53:56 | 000,001,260 | ---- | C] () -- C:\Users\Gerd\Desktop\Eigene Dateien.lnk
[2011.11.03 12:45:12 | 000,001,150 | ---- | C] () -- C:\Users\Gerd\Desktop\Mozilla Firefox.lnk
[2011.11.01 13:54:21 | 000,000,886 | ---- | C] () -- C:\Users\Gerd\Desktop\Logox 4 SpeechBox.lnk
[2011.10.31 20:52:17 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.31 20:52:17 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.10 20:39:36 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Local\{1F300D96-ED2C-4AE4-8A3D-FDB27F659553}
[2011.08.31 00:41:11 | 000,005,632 | ---- | C] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.21 20:05:29 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.05.25 18:53:57 | 000,000,082 | ---- | C] () -- C:\Users\Gerd\AppData\Local\X-Plane Installer.prf
[2011.05.13 09:45:16 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Local\{F7E4046D-9E44-44A3-9208-F3746DD86739}
[2011.05.02 23:30:50 | 001,144,147 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2011.05.02 23:27:54 | 003,935,545 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.05.02 21:23:46 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.05.02 21:19:34 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.05.02 21:19:20 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.26 18:29:07 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.26 18:29:07 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.25 09:01:02 | 000,007,625 | ---- | C] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg
[2011.04.19 21:58:22 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.22 08:04:09 | 000,211,056 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2011.03.22 07:57:01 | 000,000,032 | ---- | C] () -- C:\Windows\install.INI
[2011.03.18 22:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.03.18 22:29:56 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.03.18 22:28:30 | 001,557,504 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.03.18 22:27:08 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.03.18 22:26:44 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.03.18 22:25:38 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.03.18 22:25:24 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.03.04 04:20:23 | 000,000,844 | ---- | C] () -- C:\Windows\eReg.dat
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.03.01 19:32:32 | 000,000,184 | ---- | C] () -- C:\Windows\pdf2word.INI
[2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.20 07:17:03 | 000,000,184 | ---- | C] () -- C:\Windows\ZoneLib-DisplayNames.ini
[2011.02.20 01:11:36 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\jesterss.dll
[2011.02.19 06:00:27 | 000,001,782 | ---- | C] () -- C:\Windows\SymmTime.ini
[2011.01.29 03:24:27 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.20 05:55:10 | 000,033,040 | ---- | C] () -- C:\ProgramData\dudenbib.wav
[2010.12.29 14:23:41 | 000,000,159 | ---- | C] () -- C:\Windows\AVerText.ini
[2010.12.23 19:58:38 | 000,000,309 | ---- | C] () -- C:\Windows\game.ini
[2010.12.23 10:09:30 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\wklnhst.dat
[2010.12.18 14:53:33 | 000,000,479 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.12 20:34:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.12.12 15:43:19 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.10.08 07:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.02 19:03:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.02 18:12:16 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.08.29 07:01:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.25 22:00:24 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.21 20:39:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2010.08.06 16:30:59 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2010.05.19 23:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.19 22:45:17 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.05.19 22:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.05.19 22:45:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.05.19 22:45:15 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.05.19 22:45:14 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.05.19 22:45:08 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.05.19 22:45:08 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009.08.11 22:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.11.06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006.03.08 11:42:33 | 000,086,114 | -H-- | C] () -- C:\Users\Gerd\AppData\Roaming\Gerdv1.18.0 - Trial versionlog.dat
[2006.03.04 05:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
         
--- --- ---

Geändert von Chesspower88 (27.11.2011 um 11:43 Uhr) Grund: Unter Extra Registry vergessen Use SafeList zu aktivieren.

Alt 27.11.2011, 11:34   #5
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Beitrag

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.11.2011 11:39:28 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gerd\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 55,10% Memory free
9,72 Gb Paging File | 7,66 Gb Available in Paging File | 78,85% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,63 Gb Total Space | 200,39 Gb Free Space | 44,08% Space Free | Partition Type: NTFS
Drive J: | 7,45 Gb Total Space | 0,77 Gb Free Space | 10,32% Space Free | Partition Type: FAT32
 
Computer Name: CHESSPOWER-VAIO | User Name: Gerd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48F04AD2-77E9-45F3-8A4F-F5D38E519F02}" = BOINC
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C5855017-5867-4FE3-9BEF-2E5AF57FEBF8}" = Iomega Encryption
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBB823F3-E8BD-4578-9D16-42AF176FD777}" = VAIO Personalization Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CD890B33C151F0A9940A3982594354969B729745" = Windows-Treiberpaket - C Technologies AB (CPen) Input Pen  (02/22/2010 3.0.0.2)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Recuva" = Recuva
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BD992A-D4C7-447D-8AA1-60B5759EA30D}" = SILENT HILL 4
"{0252CACB-68DA-480B-8A50-ED0422D1A7D2}" = Fritz Beginner
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A72194A-1E08-41CD-AEFF-3F36C51DAB3C}" = Fritz Beginner
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E5C4DE6-101B-11D6-986D-00500443CF9F}" = Sven Bømwøllen DL
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10631C28-62E5-477C-9B40-40C5EA8219BE}" = Black & White® 2 Battle of the Gods
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{134B5C7C-C390-466E-B99E-181C8C057AAA}" = C-Pen Core
"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11 WM Edition
"{1AD2EC5E-9A73-452B-8C87-43D2E32C3831}" = Fritz11 WM Edition
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C0A1883-3A46-4416-A225-99BFF203462A}" = Deep Fritz 12
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6A79665E-2B6A-4BDF-BEC9-22BE4CA41B15}" = ChessBase Reader
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D2BBFC7-C0B7-4991-926F-BFC30013512C}" = GEOgraf System Runtime Components
"{6E554A6F-7BA1-4FCE-ABFA-430A24631111}" = Duden Korrektor Patch 022010
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}" = Fritz 13
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{89173B88-384A-459B-B687-9C0BBC934EF4}" = Die*Sims™*3 Erstelle einen Sim
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932247E9-A3C1-11D4-80B0-00A0D21817C9}" = Blair Witch II
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{971853BB-F530-442A-B780-F7E3A8EE13AD}" = Deep Fritz 12
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}" = Duden Korrektor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A39DAD32-3515-438D-8617-F8AE2A301031}" = Nero 8
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DBE79C99-F6CA-42B4-A37F-8BCA3BD086F8}" = Logox 4 Professional
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Air Combat Simulation
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT: SOVIET ASSAULT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7955AEF-6249-4662-9D6B-DABB8531D83A}" = Blair Witch Vol. III - Die Elly Kedward Sage
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF895069-BD9A-11D5-986D-00500443CF9F}" = Moorhuhn 3 DL
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blair Witch Volume One - Rustin Parr" = Blair Witch Volume One - Rustin Parr
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324
"Free Studio_is1" = Free Studio version 5.1.7
"Free Video Dub_is1" = Free Video Dub version 1.8.10
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.7.718
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.3.4
"Google Chrome" = Google Chrome
"Homeworld2" = Homeworld2
"HyperCam 3" = HyperCam 3
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"JDownloader" = JDownloader
"KEBau" = KEBau
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Premium D" = MAGIX Video deluxe 16 Premium 9.0.0.54 (D)
"MarketingTools" = VAIO Marketing Tools
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Moorhuhn-Sushi" = Moorhuhn-Sushi
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 11.50.1074" = Opera 11.50
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"Secure Eraser_is1" = Secure Eraser v4.0
"Security Task Manager" = Security Task Manager 1.8d
"splashtop" = VAIO Quick Web Access
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = BEWERBUNGS-MASTER
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 21970" = R.U.S.E
"Steam App 240" = Counter-Strike: Source
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 57900" = Duke Nukem Forever
"TeamViewer 6" = TeamViewer 6
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0
"VLC media player" = VLC media player 1.1.11
"webmmf" = WebM Media Foundation Components
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.1.0
"WinLiveSuite" = Windows Live Essentials
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"ws4.webspeech" = G DATA WebSpeech 4
"Xfire" = Xfire (remove only)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
 
========== Last 10 Event Log Errors ==========
 
[ AKG_DGMNet Events ]
Error - 22.06.2011 05:08:09 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description = ---------------------------------- Name: Ohne ID: EMPTY Pfad:  Aktiv: 
nein ---------------------------------- Name: Ohne ID: 45;D06E39D24D628187 Pfad: C:\Users\Gerd\Desktop\Ordner
 von xxxxxxx\EigenerName\Geografanwendung\projekt.vestra\DGM\Urgelände.dgm Aktiv:
 ja 
 
Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description = Beim Generieren des XML-Dokuments ist ein Fehler aufgetreten.
 
Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description =    bei System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter 
xmlWriter, Object o, XmlSerializerNamespaces namespaces, String encodingStyle, String
 id)     bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter,
 Object o, XmlSerializerNamespaces namespaces)     bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter
 textWriter, Object o)     bei AKG_DGMNet.DGMVerwaltung.UCVerwaltung.Serialize(String
 FileName)
 
Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description = ---------------------------------- Name: Ohne ID: EMPTY Pfad:  Aktiv: 
nein ---------------------------------- Name: Urgelände ID: 45;D06E39D24D628187 Pfad:
 C:\Users\Gerd\Desktop\Ordner von xxxxxxx\EigenerName\Geografanwendung\projekt.vestra\DGM\Urgelände.dgm
Aktiv:
 ja 
 
Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description = Beim Generieren des XML-Dokuments ist ein Fehler aufgetreten.
 
Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description =    bei System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter 
xmlWriter, Object o, XmlSerializerNamespaces namespaces, String encodingStyle, String
 id)     bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter,
 Object o, XmlSerializerNamespaces namespaces)     bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter
 textWriter, Object o)     bei AKG_DGMNet.DGMVerwaltung.UCVerwaltung.Serialize(String
 FileName)
 
Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description = ---------------------------------- Name: Ohne ID: EMPTY Pfad:  Aktiv: 
nein ---------------------------------- Name: Urgelände ID: 45;D06E39D24D628187 Pfad:
 C:\Users\Gerd\Desktop\Ordner von xxxxxxx\EigenerName\Geografanwendung\projekt.vestra\DGM\Urgelände.dgm
Aktiv:
 ja 
 
Error - 22.06.2011 05:08:13 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description = Beim Generieren des XML-Dokuments ist ein Fehler aufgetreten.
 
Error - 22.06.2011 05:08:13 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description =    bei System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter 
xmlWriter, Object o, XmlSerializerNamespaces namespaces, String encodingStyle, String
 id)     bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter,
 Object o, XmlSerializerNamespaces namespaces)     bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter
 textWriter, Object o)     bei AKG_DGMNet.DGMVerwaltung.UCVerwaltung.Serialize(String
 FileName)
 
Error - 22.06.2011 05:08:13 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0
Description = ---------------------------------- Name: Ohne ID: EMPTY Pfad:  Aktiv: 
nein ---------------------------------- Name: Urgelände ID: 45;D06E39D24D628187 Pfad:
 C:\Users\Gerd\Desktop\Ordner von xxxxxxx\EigenerName\Geografanwendung\projekt.vestra\DGM\Urgelände.dgm
Aktiv:
 ja 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Geändert von Chesspower88 (27.11.2011 um 11:45 Uhr) Grund: Unter Extra Registry vergessen Use SafeList zu aktivieren.

Alt 27.11.2011, 11:47   #6
markusg
/// Malware-holic
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



hiho

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\Microsoft\csrss.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\Microsoft\csrss.exe
:Files
C:\Program Files (x86)\Microsoft\csrss.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
--> Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe

Alt 27.11.2011, 12:13   #7
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
File C:\Program Files (x86)\Microsoft\csrss.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
File C:\Program Files (x86)\Microsoft\csrss.exe not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Microsoft\csrss.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gerd
->Flash cache emptied: 2849396 bytes

User: Public

Total Flash Files Cleaned = 3,00 mb


[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gerd
->Temp folder emptied: 23047325 bytes
->Temporary Internet Files folder emptied: 10326768 bytes
->Java cache emptied: 23982234 bytes
->FireFox cache emptied: 37783493 bytes
->Google Chrome cache emptied: 107703375 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3229792 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1269362 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 149826 bytes
RecycleBin emptied: 407896 bytes

Total Files Cleaned = 198,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11272011_120311

Files\Folders moved on Reboot...
C:\Users\Gerd\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gerd\AppData\Local\Temp\~DFBDDD84DE1C29FE66.TMP moved successfully.
File\Folder C:\Windows\temp\ZLT025b9.TMP not found!

Registry entries deleted on Reboot...

Alt 27.11.2011, 12:19   #8
markusg
/// Malware-holic
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



ok, dann gehts hiermit weiter.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.11.2011, 13:16   #9
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-26.04 - Gerd 27.11.2011  12:51:47.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3950.2448 [GMT 1:00]
ausgeführt von:: c:\users\Gerd\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gerd\AppData\Roaming\.#
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-27 bis 2011-11-27  ))))))))))))))))))))))))))))))
.
.
2011-11-27 12:06 . 2011-11-27 12:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-27 11:08 . 2011-11-27 11:08	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B96C2C7-F320-44A0-9607-24CE4F9E919E}\offreg.dll
2011-11-26 08:27 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B96C2C7-F320-44A0-9607-24CE4F9E919E}\mpengine.dll
2011-11-26 03:59 . 2011-11-26 03:59	--------	d-----w-	c:\program files (x86)\Zone Labs
2011-11-26 03:59 . 2011-11-26 03:59	--------	d-----w-	c:\windows\SysWow64\Zonelabs
2011-11-25 21:41 . 2011-11-26 05:10	--------	d-----w-	c:\programdata\SecTaskMan
2011-11-25 21:41 . 2011-11-25 21:41	--------	d-----w-	c:\program files (x86)\Security Task Manager
2011-11-22 04:39 . 2011-11-22 04:39	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-18 15:33 . 2011-11-18 15:33	--------	d-----w-	c:\users\Gerd\AppData\Roaming\ASCOMP Software
2011-11-18 15:33 . 2011-11-18 15:33	--------	d-----w-	c:\program files (x86)\ASCOMP Software
2011-11-16 20:45 . 2011-11-26 09:25	--------	d-----w-	c:\program files (x86)\SpywareBlaster
2011-11-16 12:01 . 2011-11-23 20:35	--------	d-----w-	c:\users\Gerd\Alte Daten
2011-11-16 06:28 . 2011-11-16 06:28	--------	d-----w-	c:\users\Gerd\AppData\Local\DDMSettings
2011-11-15 06:57 . 2011-11-27 10:05	--------	d-----w-	c:\windows\Internet Logs
2011-11-15 06:57 . 2011-11-15 06:57	--------	d-----w-	c:\users\Gerd\AppData\Local\Conduit
2011-11-15 06:44 . 2011-11-15 06:56	--------	d-----w-	c:\program files (x86)\CheckPoint
2011-11-11 05:57 . 2011-11-11 05:57	--------	d-----w-	c:\program files (x86)\IEAdblock
2011-11-09 18:37 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 18:37 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:37 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:37 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-09 15:46 . 2011-11-09 15:46	--------	d-----w-	c:\program files\Agnitum
2011-11-09 15:42 . 2011-11-09 15:42	--------	d-----w-	c:\programdata\Agnitum
2011-11-07 06:01 . 2011-11-07 06:01	--------	d-----w-	c:\users\Gerd\AppData\Local\adaware
2011-11-07 06:01 . 2011-11-27 11:09	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2011-11-07 06:01 . 2011-11-07 06:01	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2011-11-07 06:01 . 2011-11-07 06:01	--------	d-----w-	c:\program files (x86)\adawaretb
2011-11-05 13:54 . 2011-11-26 02:59	--------	d-----w-	c:\users\Gerd\Tracing
2011-11-03 17:45 . 2011-11-03 17:45	--------	d-----w-	c:\users\Gerd\AppData\Roaming\Avira
2011-11-03 17:45 . 2011-10-11 14:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-11-03 17:45 . 2011-10-11 14:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-11-03 17:45 . 2011-10-11 14:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-03 17:45 . 2011-11-03 17:45	--------	d-----w-	c:\programdata\Avira
2011-11-03 17:45 . 2011-11-03 17:45	--------	d-----w-	c:\program files (x86)\Avira
2011-11-03 11:31 . 2011-11-09 19:03	--------	d-----w-	c:\users\Gerd\Logox für alle Anwendungen
2011-11-02 14:46 . 2011-11-02 14:46	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-11-02 14:45 . 2011-11-02 14:45	--------	d-----w-	c:\program files (x86)\Java
2011-10-28 12:26 . 2011-10-28 12:26	--------	d-----w-	c:\windows\system32\Macromed
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 09:01 . 2011-05-21 08:54	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-07 06:02 . 2011-09-10 23:25	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-11-03 11:06 . 2011-08-30 23:56	69376	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-11-02 14:45 . 2010-08-20 14:55	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-10-20 23:26 . 2011-10-20 23:26	94208	----a-w-	c:\windows\SysWow64\dpl100.dll
2011-10-13 20:29 . 2011-10-13 20:29	42392	----a-w-	c:\windows\SysWow64\xfcodec.dll
2011-10-13 20:29 . 2011-10-13 20:29	28056	----a-w-	c:\windows\system32\xfcodec64.dll
2011-10-01 06:24 . 2011-10-01 06:24	73728	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut5_D216F3B2761946D6B253BD0528BFB287.exe
2011-10-01 06:24 . 2011-10-01 06:24	69632	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut7_D216F3B2761946D6B253BD0528BFB287.exe
2011-10-01 06:24 . 2011-10-01 06:24	65536	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut1_D216F3B2761946D6B253BD0528BFB287.exe
2011-10-01 06:24 . 2011-10-01 06:24	65536	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\ARPPRODUCTICON.exe
2011-10-01 06:24 . 2011-10-01 06:24	335872	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut2_D216F3B2761946D6B253BD0528BFB287.exe
2011-09-10 15:18 . 2010-08-29 05:26	230864	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2011-09-08 20:57 . 2010-08-21 09:34	163840	----a-w-	c:\windows\LgxSetup.exe
2011-09-06 18:14 . 2011-04-21 19:30	253952	------w-	c:\windows\Setup1.exe
2011-09-06 18:14 . 2011-04-21 19:30	74752	----a-w-	c:\windows\ST6UNST.EXE
2011-09-01 05:24 . 2011-10-12 20:31	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 20:31	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 20:31	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 20:31	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 20:31	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 20:31	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10	87440	----a-w-	c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08	2393184	----a-w-	c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 20:03	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Microsoft Works Update Detection"=c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"TrayServer"=c:\program files (x86)\MAGIX\Video_deluxe_16_Premium\TrayServer.exe
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [x]
R3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CPen;C-Pen;c:\windows\system32\Drivers\CPen.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [x]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 bc_hash_f;BC_HASH_Filter; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 bcfsrm;Jetico Personal Firewall filesystem filter;c:\windows\system32\drivers\bcfsrm.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-09 1394504]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{07e84f41-11d5-4615-aaf6-368df0762b41}]
2011-07-01 09:38	153232	---ha-w-	c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 14:38]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 14:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-06 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.tagesschau.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ 7.5\ICQ7.5\ICQ.exe
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\progra~2\COMMON~1\WEBSPE~1.0\LgxIEBar.dll
Trusted Zone: matheboard.de\www
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\uxc6fp4v.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/|hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite|hxxp://www.youtube.com/|hxxp://www.allmystery.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
HKLM-Run-ISW - (no file)
AddRemove-Blair Witch Volume One - Rustin Parr - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn-Sushi - c:\windows\system32\MOORHU~1.SCR
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-27  13:12:59
ComboFix-quarantined-files.txt  2011-11-27 12:12
.
Vor Suchlauf: 7 Verzeichnis(se), 215.172.706.304 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 214.645.305.344 Bytes frei
.
- - End Of File - - 709E53DE972059EBA5EE3834A99E3694
         
--- --- ---

Alt 27.11.2011, 15:52   #10
markusg
/// Malware-holic
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.11.2011, 20:18   #11
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Beitrag

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8252

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27.11.2011 20:16:57
mbam-log-2011-11-27 (20-16-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|)
Durchsuchte Objekte: 569895
Laufzeit: 2 Stunde(n), 32 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\sectaskman\csrss.exe.q_quarantine_1278f006_q (Spyware.Password) -> Quarantined and deleted successfully.

Alt 27.11.2011, 20:36   #12
markusg
/// Malware-holic
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



hi, gibts irgendwelche probleme mit dem pc?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.11.2011, 22:23   #13
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



Nein, es gibt keine Probleme. Die Datei: csrss.exe.q_quarantine_1278f006_q
War dann wohl noch ein Überbleibzel?

Wo wurde nochmals das Logfile von Malwarebytes' Anti-Malware gespeichert?

Alt 28.11.2011, 11:55   #14
markusg
/// Malware-holic
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Standard

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



kannst du unter malwarebytes, logdateien sehen
das ist die quarantäne von prozess explorer.
wenn wir fertig sind musst du alle passwörter endern

lade den CCleaner standard:
CCleaner Download - CCleaner 3.12.1572
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.11.2011, 14:09   #15
Chesspower88
 
Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Beitrag

Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe



Ad-Aware Lavasoft Limited 30.08.2011 34,1MB 9.6.0 notwendig
Ad-Aware Security Toolbar Lavasoft 06.11.2011 0.9.1.8 notwendig
AdblockIE af0.net 10.11.2011 9,46MB 1.2 notwendig
Adobe AIR Adobe Systems Inc. 02.10.2011 2.5.1.17730 unbekannt
Adobe Community Help Adobe Systems Incorporated. 02.10.2011 3.4.980 unbekannt
Adobe Download Manager NOS Microsystems Ltd. 05.03.2011 1.6.2.99 unbekannt
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 22.11.2011 6,00MB 11.1.102.55 notwendig
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 16.11.2011 6,00MB 11.1.102.55 notwendig
Adobe Photoshop CS5.1 Adobe Systems Incorporated 02.10.2011 3.033MB 12.1 notwendig
Adobe Reader X (10.1.1) - Deutsch Adobe Systems Incorporated 17.09.2011 165,9MB 10.1.1 notwendig
Alps Pointing-device for VAIO ALPS ELECTRIC CO., LTD. 05.08.2010 unbekannt
Apple Application Support Apple Inc. 31.03.2011 52,8MB 1.4.1 unbekannt
Apple Software Update Apple Inc. 07.07.2011 2,38MB 2.1.3.127 unbekannt
ArcSoft Magic-i Visual Effects 2 ArcSoft 05.08.2010 2.0.1.85 unbekannt
ArcSoft WebCam Companion 3 ArcSoft 05.08.2010 3.0.21.278 unbekannt
ATI Catalyst Install Manager ATI Technologies, Inc. 18.12.2010 22,3MB 3.0.769.0 notwendig
Audacity 1.2.6 08.04.2011 notwendig
Avira Free Antivirus Avira 03.11.2011 104,8MB 12.0.0.861 notwendig
BEWERBUNGS-MASTER 05.09.2011 notwendig
Black & White® 2 Lionhead Studios 24.06.2011 1.00.0000 notwendig
Black & White® 2 Battle of the Gods Lionhead Studios 24.06.2011 1.00.0000 notwendig
Blair Witch II Human Head Studios 17.12.2010 931MB 1.00.0000 notwendig
Blair Witch Vol. III - Die Elly Kedward Sage 17.12.2010 notwendig
Blair Witch Volume One - Rustin Parr 17.12.2010 notwendig
BOINC Space Sciences Laboratory, U.C. Berkeley 06.03.2011 20,0MB 6.10.58 unnötig
C-Pen Core C Technologies 15.03.2011 197,8MB 1.3.00 notwendig
Call of Duty: Modern Warfare 2 Infinity Ward 20.08.2010 notwendig
Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 20.08.2010 notwendig
Canon MX330 series MP Drivers 23.06.2011 notwendig
CCleaner Piriform 27.11.2011 3.12 notwendig
ChessBase Reader ChessBase 21.04.2011 2 unnötig
Command & Conquer 3 Ihr Firmenname 16.07.2011 13.500MB 1.00.0000 notwendig
Command & Conquer Generals Electronic Arts 14.07.2011 1.553MB 0.50.0000 notwendig
Command & Conquer™ 3: Kanes Rache Ihr Firmenname 16.07.2011 11.558MB 1.00.0000 notwendig
Command & Conquer™ Alarmstufe Rot 3 Electronic Arts 20.07.2011 8.422MB 1.0.1.0 notwendig
Counter-Strike: Source Valve 03.08.2011 notwendig
Deep Fritz 12 ChessBase 18.09.2010 12.0.0 notwendig
Die Sims™ 3 Electronic Arts 05.05.2011 1.19.44 notwendig
Die Sims™ 3 Design-Garten-Accessoires Electronic Arts 06.05.2011 7.0.55 notwendig
Die Sims™ 3 Gib Gas-Accessoires Electronic Arts 07.05.2011 5.0.44 notwendig
Die Sims™ 3 Late Night Electronic Arts 12.05.2011 6.0.81 notwendig
Die Sims™ 3 Luxus-Accessoires Electronic Arts 06.05.2011 3.0.38 notwendig
Die Sims™ 3 Reiseabenteuer Electronic Arts 12.05.2011 2.0.86 notwendig
Die Sims™ 3 Traumkarrieren Electronic Arts 12.05.2011 4.0.87 notwendig
Die*Sims™*3 Erstelle einen Sim Electronic Arts 12.05.2011 1.0.25 notwendig
DivX-Setup DivX, LLC 15.11.2011 2.6.0.34 unbekannt
Dual-Core Optimizer AMD 14.06.2011 86,00KB 1.1.4.0169 notwendig
Duden Korrektor Bibliographisches Institut GmbH 30.09.2011 623MB 7.00.0000 notwendig
Duden Korrektor Patch 022010 Bibliographisches Institut GmbH 30.09.2011 6,03MB 7.00.0000 notwendig
Duke Nukem Forever Gearbox Software 14.06.2011 notwendig
DVDVideoSoftTB Toolbar 26.12.2010 unnötig
Einstellungen für VAIO-Inhaltsüberwachung Sony Corporation 20.03.2011 2.6.0.11050 unbekannt
Evernote Evernote Corp. 05.08.2010 53,2MB 3.5.0.545 unbekannt
Firebird SQL Server - MAGIX Edition MAGIX AG 18.04.2011 10,1MB 2.1.26.0 unbekannt
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 11.04.2011 15,4MB notwendig
Free Audio Converter version 2.2.16.324 DVDVideoSoft Limited. 11.04.2011 26,3MB notwendig
Free Studio version 5.1.7 DVDVideoSoft Ltd. 31.08.2011 370MB notwendig
Free Video Dub version 1.8.10 DVDVideoSoft Limited. 08.04.2011 25,0MB notwendig
Free YouTube Download 3 version 3.0.7.718 DVDVideoSoft Limited. 20.07.2011 44,7MB notwendig
Free YouTube Download version 3.0.16.923 DVDVideoSoft Ltd. 08.10.2011 39,0MB notwendig
Free YouTube to MP3 Converter version 3.10.11.923 DVDVideoSoft Ltd. 27.09.2011 42,4MB notwendig
Freemake Video Converter Version 2.3.4 Ellora Assets Corporation 10.09.2011 46,4MB 2.3.4 notwendig
Fritz 13 ChessBase 30.10.2011 919MB 13.0.0.0 notwendig
Fritz Beginner ChessBase 21.04.2011 12.0.0 notwendig
Fritz11 WM Edition ChessBase 18.09.2010 1.0 notwendig
G DATA Logox 4 Speechengine G DATA Software AG 21.08.2010 notwendig
G DATA WebSpeech 4 G DATA Software AG 21.08.2010 notwendig
Google Chrome Google Inc. 16.09.2011 15.0.874.121 notwendig
Google Earth Google 27.12.2010 84,4MB 6.1.0.5001 notwendig
GPGNet Gas Powered Games 20.08.2010 97,8MB 1.0.0 notwendig
GRID Codemasters 02.08.2011 1.30.0000 notwendig
Homeworld2 Sierra 13.07.2011 notwendig
HyperCam 3 Solveig Multimedia 02.09.2011 3.0.912.18 notwendig
ICQ7.5 ICQ 08.05.2011 7.5 notwendig
Intel(R) Control Center Intel Corporation 19.05.2010 1.2.1.1007 unbekannt
Intel(R) Management Engine Components Intel Corporation 20.08.2010 6.0.0.1179 unbekannt
Intel(R) Rapid Storage Technology Intel Corporation 19.05.2010 9.5.4.1001 unbekannt
Intel(R) Turbo Boost Technology Driver Intel Corporation 19.05.2010 01.00.01.1002 unbekannt
Iomega Encryption Iomega an EMC Company 28.11.2010 6,98MB 1.00.0003 unbekannt
Java(TM) 6 Update 16 (64-bit) Sun Microsystems, Inc. 05.08.2010 90,8MB 6.0.160 unbekannt
Java(TM) 6 Update 29 Oracle 01.11.2011 95,0MB 6.0.290 unbekannt
JDownloader AppWork UG (haftungsbeschränkt) 26.02.2011 notwendig
KEBau 21.03.2011 notwendig
Left 4 Dead Valve 07.10.2010 notwendig
Left 4 Dead 2 Valve 07.10.2010 notwendig
Lock On: Air Combat Simulation 23.05.2011 1.00.000 notwendig
LogMeIn Hamachi LogMeIn, Inc. 09.09.2011 2.1.0.124 notwendig
Logox 4 Professional 07.09.2011 notwendig
MAGIX 3D Maker (embeded) MAGIX AG 18.04.2011 6.0.0.8 unbekannt
MAGIX Screenshare MAGIX AG 18.04.2011 4.3.6.1987 unbekannt
MAGIX Speed burnR MAGIX AG 18.04.2011 6.0.1.4 unbekannt
MAGIX Video deluxe 16 Premium 9.0.0.54 (D) MAGIX AG 18.04.2011 9.0.0.54 notwendig
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 26.11.2011 13,8MB 1.51.2.1300 notenwdig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.11.2010 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.11.2010 2,94MB 4.0.30319 unbekannt
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 10.08.2011 31,3MB 3.5.88.0 unbekannt
Microsoft Games for Windows Marketplace Microsoft Corporation 10.08.2011 6,04MB 3.5.50.0 unbekannt
Microsoft IntelliPoint 8.2 Microsoft Corporation 10.08.2011 8.20.468.0 unbekannt
Microsoft IntelliType Pro 8.2 Microsoft Corporation 10.08.2011 8.20.468.0 unbekannt
Microsoft Office Professional Plus 2010 Microsoft Corporation 21.11.2011 14.0.6029.1000 notwendig
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 14.06.2011 378MB 10.0.6626.0 unnötig
Microsoft Picture It! Foto Premium 9 Microsoft Corporation 22.12.2010 9.0.0.0000 notwendig
Microsoft Silverlight Microsoft Corporation 11.10.2011 140,1MB 4.0.60831.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 05.08.2010 1,72MB 3.1.0000 unbekannt
Microsoft SQL Server Compact 3.5 SP1 English Microsoft Corporation 05.08.2010 2,59MB 3.5.5692.0 unbekannt
Microsoft SQL Server Compact 3.5 SP1 x64 English Microsoft Corporation 05.08.2010 3,69MB 3.5.5692.0 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 21.08.2010 0,25MB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 21.08.2010 0,24MB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10.08.2011 2,37MB 8.0.59193 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 05.08.2010 0,69MB 8.0.61000 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 18.04.2011 0,57MB 8.0.51011 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 05.11.2010 0,19MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 18.04.2011 0,77MB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 18.04.2011 0,58MB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 20.12.2010 0,24MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 18.12.2010 0,77MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.06.2011 0,77MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 18.01.2011 4,32MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 18.12.2010 0,58MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.10.2010 0,57MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.01.2011 0,57MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.06.2011 0,59MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 03.11.2011 4,56MB 10.0.40219 unbekannt
Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 20.08.2010 unbekannt
Microsoft Works Microsoft Corporation 22.12.2010 247MB 07.03.0512 unnötig
Microsoft WSE 3.0 Runtime Microsoft Corp. 05.05.2011 0,92MB 3.0.5305.0 unbekannt
Moorhuhn 3 DL 19.02.2011 notwendig
Moorhuhn-Sushi 19.02.2011 notwendig
Mozilla Firefox 8.0 (x86 de) Mozilla 13.11.2011 34,9MB 8.0 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.08.2010 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.08.2010 1,33MB 4.20.9876.0 unbekannt
Need for Speed™ Most Wanted 29.07.2011 notwendig
Nero 8 Nero AG 11.12.2010 3.594MB 8.0.293 notwendig
Office-Bibliothek Bibliographisches Institut & F.A. Brockhaus AG 28.08.2010 643MB 5.00.3 notwendig
OpenAL 10.08.2011 unbekannt
Opera 11.50 Opera Software ASA 09.08.2011 11.50.1074 notwendig
PDFCreator Frank Heindörfer, Philip Chinery 18.01.2011 0.9.5 notwendig
PMB Sony Corporation 05.08.2010 258MB 5.0.00.10260 unbekannt
R.U.S.E Ubisoft 17.09.2011 notwendig
Razer Lachesis Razer USA Ltd. 15.09.2011 1.10.0000 notwendig
Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 05.08.2010 6.0.1.5992 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.08.2010 6.0.1.5992 notwendig
Recuva Piriform 07.09.2011 1.40 notwendig
RemoteComms External Disk Access PLX Technology 28.11.2010 5,55MB 1.25.0003 unbekannt
Roxio Easy Media Creator 10 LJ Roxio 05.08.2010 125,0MB 10.3 unbekannt
Secure Eraser v4.0 ASCOMP Software GmbH 17.11.2011 10,5MB notwendig
Security Task Manager 1.8d Neuber Software 24.11.2011 1.8d unnötig
Setting Utility Series Sony Corporation 05.08.2010 5.1.0.11200 unbekannt
Setup-Start von Microsoft Works 2004 22.12.2010 unbekannt
Silent Hill 2 - Directors Cut 14.05.2011 notwendig
SILENT HILL 3 Konami Computer Entertainment Tokyo, Inc. 15.05.2011 4.971MB 1.00.0000 notwendig
SILENT HILL 4 14.05.2011 1.00.000 notwendig
Skype Click to Call Skype Technologies S.A. 24.10.2011 15,1MB 5.6.8442 notwendig
Skype™ 5.5 Skype Technologies S.A. 24.10.2011 33,6MB 5.5.124 notwendig
Sony Home Network Library Sony Corporation 20.03.2011 2.2.0.11240 unbekannt
Spybot - Search & Destroy Safer Networking Limited 30.08.2010 1.6.2 notwendig
SpywareBlaster 4.4 Javacool Software LLC 15.11.2011 4.4.0 notwendig
Star Wars Battlefront II LucasArts 16.07.2011 1.0 notwendig
Star Wars Empire at War LucasArts 16.07.2011 1.0 notwendig
Star Wars Empire at War Forces of Corruption LucasArts 16.07.2011 1.0 notwendig
Star Wars: The Force Unleashed Activision 05.10.2010 notwendig 1.1
Steam Valve Corporation 20.08.2010 42,3MB 1.0.0.0 notwendig
Supreme Commander - Forged Alliance Gas Powered Games 20.08.2010 notwendig 1.00.0000
Sven Bømwøllen DL 19.02.2011 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 01.05.2011 notwendig
TeamViewer 6 TeamViewer GmbH 27.08.2011 6.0.11052 notwendig
Trillian Cerulean Studios, LLC 27.08.2011 notwendig
TrueCrypt TrueCrypt Foundation 09.09.2011 7.1 notwendig
TuneUp Utilities TuneUp Software 20.08.2010 9.0.3000.52 notwendig
Uninstall 1.0.0.1 30.04.2011 11,2MB unbekannt
VAIO - PMB VAIO Edition Guide Sony Corporation 11.07.2011 72,4MB 1.5.00.03020 unbekannt
VAIO - PMB VAIO Edition Plug-in Sony Corporation 18.08.2011 181,4MB 1.5.10.06150 unbekannt
VAIO Content Metadata Intelligent Analyzing Manager Sony Corporation 20.03.2011 29,4MB 3.9.0.11260 unbekannt
VAIO Content Metadata Intelligent Network Service Manager Sony Corporation 20.03.2011 12,3MB 3.9.0.11180 unbekannt
VAIO Content Metadata Manager Settings Sony Corporation 20.03.2011 20,3MB 3.9.0.11180 unbekannt
VAIO Content Metadata XML Interface Library Sony Corporation 20.03.2011 7,60MB 3.9.0.11180 unbekannt
VAIO Control Center Sony Corporation 27.08.2010 4.1.1.07160 unbekannt
VAIO Data Restore Tool Sony Corporation 05.08.2010 1.2.0.09150 unbekannt
VAIO DVD Menu Data Sony Corporation 05.08.2010 2.4.00.05300 unbekannt
VAIO Energie Verwaltung Sony Corporation 05.08.2010 5.0.0.11300 unbekannt
VAIO Entertainment Platform Sony Corporation 20.03.2011 3.9.0.11160 unbekannt
VAIO Event Service Sony Corporation 05.08.2010 5.1.0.12010 unbekannt
VAIO Gate Sony Corporation 18.08.2011 2.4.0.06210 unbekannt
VAIO Gate Default Sony Corporation 05.08.2010 1.0.0.10290 unbekannt
VAIO Marketing Tools Sony Corporation 05.08.2010 unbekannt
VAIO Media plus Sony Corporation 05.08.2010 2.0.1.10160 unbekannt
VAIO Media plus Opening Movie Sony Corporation 05.08.2010 1.2.0.09100 unbekannt
VAIO Movie Story Template Data Sony Corporation 05.08.2010 439MB 2.5.00.05300 unbekannt
VAIO Original Funktion Einstellungen Sony Corporation 20.03.2011 2.3.0.11240 unbekannt
VAIO Personalization Manager Sony Corporation 20.03.2011 59,6MB 3.0.0.11160 unbekannt
VAIO Premium Partners Sony Europe 05.08.2010 1.0 unbekannt
VAIO Quick Web Access Sony Corporation 27.08.2010 303MB 1.3.1.7 unbekannt
VAIO screensaver Sony Europe 05.08.2010 1.0.0.0 unbekannt
VAIO Smart Network Sony Corporation 18.12.2010 3.3.1.08110 unbekannt
VAIO Update Sony Corporation 14.06.2011 5.4.1.04200 unbekannt
VAIO Wallpaper Contents Sony Corporation 05.08.2010 2.0.0.06010 unbekannt
VAIO-Support für Übertragungen Sony Corporation 27.08.2010 1.1.2.06030 unbekannt
VeryPDF PDF2Word v3.0 VeryPDF.com Inc 28.02.2011 notwendig
VLC media player 1.1.11 VideoLAN 27.07.2011 1.1.11 notwendig
WebM Media Foundation Components WebM Project 06.10.2011 0.25.0.0 unbekannt
WIDCOMM Bluetooth Software Broadcom Corporation 18.05.2010 144,4MB 6.2.1.500 unbekannt
Windows 7 Codec Pack 3.1.0 Windows 7 Codec Pack 27.07.2011 notwendig
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Broadcom 05.08.2010 09/09/2009 6.2.0.9405 unbekannt
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 05.08.2010 07/28/2009 6.2.0.9800 unbekannt
Windows Live Essentials Microsoft Corporation 07.08.2011 15.4.3538.0513 unbekannt
Windows Live Sync Microsoft Corporation 01.09.2010 2,79MB 14.0.8117.416 unbekannt
Windows-Treiberpaket - C Technologies AB (CPen) Input Pen (02/22/2010 3.0.0.2) C Technologies AB 15.03.2011 notwendig 02/22/2010 3.0.0.2
WinRAR 18.09.2010 notwendig
WORLD IN CONFLICT: SOVIET ASSAULT Ubisoft Entertainment 16.07.2011 1.0.1.0 notwendig
Xfire (remove only) 20.08.2010 notwendig
ZoneAlarm Free Check Point 14.11.2011 60,0MB 10.1.056.000 notwendig
ZoneAlarm-Sicherheit Toolbar ZoneAlarm-Sicherheit 14.11.2011 notwendig

Antwort

Themen zu Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe
alarm, analyse, anhang, csrss.exe, datei, einfach, erkennen, files, firewall, google, interne, internet, kurze, löschen, microsoft, problem, schlägt, stark, systemleistung, taskmanager, tjojaner, trojaner, trojaner-board, unbekannter, virus, virusprogramm, wahrscheinlich, windows



Ähnliche Themen: Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe


  1. Meldung RunDLL Program Files (x86)\HomeTab\TBUpdater.dll
    Log-Analyse und Auswertung - 26.10.2014 (28)
  2. Malwarebytes: Trojan.Delf.Bat in C:\Program Files (x86)\HJC PS3 ISP V22\i386_dd2.exe
    Log-Analyse und Auswertung - 22.09.2014 (10)
  3. C:\Program Files\HomeTab\TBUpdater.dll problem
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (41)
  4. Trojan.FakeAlert in C:\Program Files (x86)\OpenOffice 4 \program\calc.dll
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (5)
  5. Thema: C:\Program Files(x86)\HomeTab\TBupdter.dll
    Log-Analyse und Auswertung - 18.10.2013 (2)
  6. c:\program files(x86)\hometab\tbupdater.dll
    Log-Analyse und Auswertung - 05.10.2013 (14)
  7. C:\Program Files(x86)\HomeTab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (4)
  8. C:\Program Files(x86)\HomeTab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (7)
  9. Loganalyse C:\Program Files (x86)\BrowserCompanion
    Log-Analyse und Auswertung - 06.09.2012 (1)
  10. O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSetting
    Mülltonne - 02.07.2012 (0)
  11. c:\program Files(x86)\LP\BF4B\A4D.exe Einfach Malware?
    Log-Analyse und Auswertung - 03.11.2011 (1)
  12. TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (20)
  13. Fragen zu C:\Program Files\Java\jre6\bin\javaw.exe
    Log-Analyse und Auswertung - 07.07.2010 (2)
  14. C:\Program Files\Windows Install\csrss.exe
    Log-Analyse und Auswertung - 17.03.2010 (4)
  15. C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    Log-Analyse und Auswertung - 31.05.2009 (1)
  16. Csrss.exe Reg.exe Unbekannter Virus
    Plagegeister aller Art und deren Bekämpfung - 30.04.2009 (4)
  17. Vista und Program Files...
    Alles rund um Windows - 16.08.2008 (2)

Zum Thema Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe - Hallo liebe Trojaner-Board Community Seit kurzen bemerkte ich das meine Systemleistung stark zunahm und dabei bemerkte ich im Taskmanager das die Datei: csrss.exe (Größe: 444 KB) dafür verantwortlich ist. Bei - Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe...
Archiv
Du betrachtest: Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.