Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.07.2012, 07:52   #1
lordusmordus
 
Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq - Standard

Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq



Hallo Leute,

bin neu hier und habe hier ein dickes Problem. Ich habe den Laptop von nem Bekannten bekommen weil er meinen Rat sucht bzgl. dieverser Meldungen bei Antivir. Leider sind meine (zugegebenermaßen rudimentären) PC-Kenntnisse nicht ausreichend mich dem Problem anzunehmen.

Allerdings erscheint mir gerade der Trojaner Jorik.Banker als sehr kritisch, weil von diesem Laptop Online-Banking betrieben wird.

Ich habe mal nen Scan mit OTL gemacht und Poste die Log Files.

Abschließend bleibt zu sagen, da es nicht mein PC ist, wäre ich für Hinweise auf illegale Software dankbar, sodass ich diese Entfernen kann und mir eurer Hilfe gewiss sein kann! Also bitte nicht einfach nichts schreiben, sondern mir eine zweite Chance einräumen. Danke!

OTL.txt

Zitat:
OTL logfile created on: 26.07.2012 08:16:52 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Grobi\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 28,14% Memory free
4,00 Gb Paging File | 2,21 Gb Available in Paging File | 55,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 79,12 Gb Total Space | 16,61 Gb Free Space | 21,00% Space Free | Partition Type: NTFS
Drive D: | 26,52 Gb Total Space | 7,72 Gb Free Space | 29,09% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MELDER | User Name: Grobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.26 08:16:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Grobi\Desktop\OTL.exe
PRC - [2012.07.12 17:55:47 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.06.17 08:40:39 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.13 10:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.21 12:07:48 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
PRC - [2010.09.20 22:20:56 | 001,840,128 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
PRC - [2010.04.28 18:32:36 | 001,664,512 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
PRC - [2010.04.28 17:30:55 | 001,334,096 | ---- | M] (Flexera Software, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008.09.01 00:50:20 | 000,062,848 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE
PRC - [2008.06.05 10:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2006.11.03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Bluetooth\BTTray.exe
PRC - [2006.11.03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Bluetooth\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.26 07:40:31 | 000,130,616 | ---- | M] () -- C:\Users\Grobi\AppData\Roaming\13001.029\components\AcroFF029.dll
MOD - [2012.07.12 17:55:47 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.06.17 08:40:38 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 07:23:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 07:23:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 07:23:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.01 10:04:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.01 10:03:36 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012.06.01 10:03:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.01 10:03:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.01 10:03:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.01 10:02:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.08.12 17:08:07 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2011.08.12 17:08:07 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011.08.12 17:08:07 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011.08.12 17:08:07 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011.08.12 17:08:07 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011.08.12 17:08:06 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2011.08.12 17:08:06 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3257.27061__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2011.08.12 17:08:06 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.08.12 17:08:06 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3257.27076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011.08.12 17:08:06 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:06 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.08.12 17:08:06 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:06 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:06 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:06 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:06 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.08.12 17:08:06 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2011.08.12 17:08:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2011.08.12 17:08:05 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:05 | 000,172,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:05 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.08.12 17:08:05 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:05 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:03 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:03 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.08.12 17:08:03 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:02 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3257.27072__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:02 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll
MOD - [2011.08.12 17:08:02 | 000,675,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3257.27051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:02 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2011.08.12 17:08:02 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:02 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:02 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:02 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3257.27018__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011.08.12 17:08:02 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.08.12 17:08:02 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2011.08.12 17:08:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2011.08.12 17:08:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2011.08.12 17:08:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.08.12 17:08:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.08.12 17:08:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.08.12 17:08:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011.08.12 17:08:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.08.12 17:08:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.08.12 17:08:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.08.12 17:08:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.08.12 17:08:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.08.12 17:08:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.08.12 17:08:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.08.12 17:08:01 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.08.12 17:08:00 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.08.12 17:08:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.08.12 17:08:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.08.12 17:08:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2011.08.12 17:08:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2011.08.12 17:08:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2011.08.12 17:08:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2011.08.12 17:08:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.08.12 17:08:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.08.12 17:08:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.08.12 17:08:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.08.12 17:08:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.08.12 17:07:59 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.08.12 17:07:59 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.08.12 17:07:59 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.08.12 17:07:59 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.08.12 17:07:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.08.12 17:07:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.08.12 17:07:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.08.12 17:07:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.08.12 17:07:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.08.12 17:07:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.08.12 17:07:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.08.12 17:07:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.08.12 17:07:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.08.12 17:07:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011.08.12 17:07:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.08.12 17:07:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.08.12 17:07:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2011.08.12 17:07:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.08.12 17:07:59 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.08.12 17:07:59 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.08.12 17:07:59 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2011.08.12 17:07:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.08.12 17:07:58 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.08.12 17:07:58 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011.08.12 17:07:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2011.08.12 17:07:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.08.12 17:07:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.08.12 17:07:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.08.12 17:07:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.08.12 17:07:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.08.12 17:07:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.04.12 03:29:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.10.30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2006.11.03 17:46:24 | 000,126,976 | ---- | M] () -- C:\Programme\Bluetooth\BTKeyInd.dll
MOD - [2006.11.03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.07.12 17:55:49 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.17 08:40:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2012.07.26 08:00:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.28 22:05:42 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.11.05 22:52:38 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.11.05 22:52:37 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2008.12.02 00:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.11.16 09:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 04:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 8A B2 9A D5 58 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.12 15:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 08:40:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 11:01:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Grobi\AppData\Roaming\13001.029 [2012.07.26 07:40:31 | 000,000,000 | ---D | M]

[2011.08.12 12:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grobi\AppData\Roaming\mozilla\Extensions
[2012.07.03 18:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grobi\AppData\Roaming\mozilla\Firefox\Profiles\piq2ribo.default\extensions
[2012.03.17 15:56:13 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Grobi\AppData\Roaming\mozilla\Firefox\Profiles\piq2ribo.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.07.03 18:03:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Grobi\AppData\Roaming\mozilla\Firefox\Profiles\piq2ribo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.19 16:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.12 15:33:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.07.26 07:40:31 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\GROBI\APPDATA\ROAMING\13001.029
[2012.06.17 08:40:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.18 15:10:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.09 11:04:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.09 11:04:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.09 11:04:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.09 11:04:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.09 11:04:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.09 11:04:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.08.12 14:16:15 | 000,436,434 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATIModeChange] C:\Windows\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Trojan Remover] C:\Program Files\Trojan Remover\RMVTRJAN.EXE (Simply Super Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Bluetooth\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Bluetooth\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39D700A4-8CD0-4DF6-849F-81CE84220A30}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1B72103-1543-43EE-BB79-1DD8F078A614}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\Windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a2c8b1b-d9e3-11e0-a551-0016cfd7880a}\Shell - "" = AutoRun
O33 - MountPoints2\{3a2c8b1b-d9e3-11e0-a551-0016cfd7880a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4ada39f1-70fa-11e1-aa55-0016cfd7880a}\Shell - "" = AutoRun
O33 - MountPoints2\{4ada39f1-70fa-11e1-aa55-0016cfd7880a}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.26 08:16:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Grobi\Desktop\OTL.exe
[2012.07.26 08:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.07.26 08:03:01 | 000,000,000 | ---D | C] -- C:\Users\Grobi\Documents\Simply Super Software
[2012.07.26 08:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.07.26 08:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.07.26 08:02:28 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\Simply Super Software
[2012.07.26 08:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.26 08:00:22 | 012,137,424 | ---- | C] (Simply Super Software ) -- C:\Users\Grobi\Desktop\trojan_remover_setup683.exe
[2012.07.26 07:59:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.26 07:59:37 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\Malwarebytes
[2012.07.26 07:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 07:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.26 07:59:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.26 07:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.26 07:58:34 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Grobi\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.26 07:40:31 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\13001.029
[2012.07.21 08:29:28 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\13001.028
[2012.07.19 07:35:14 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\13001.027
[2012.07.17 20:17:14 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\13001.026
[2012.07.14 20:57:03 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\13001.025
[2012.07.13 17:35:02 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\13001.024
[2012.07.13 07:44:44 | 000,000,000 | ---D | C] -- C:\Users\Grobi\Desktop\Renault Megane Grandtour
[2012.07.12 20:43:46 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\13001.023
[2012.07.12 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\xmldm
[2012.07.12 18:13:01 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Roaming\kock
[2012.07.11 22:35:06 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 15:42:49 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 15:42:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 15:42:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.10 17:03:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.07.03 18:03:56 | 000,000,000 | ---D | C] -- C:\Users\Grobi\dwhelper
[2012.06.27 17:59:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.06.27 17:49:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Users\Grobi\Documents\Rockstar Games
[2012.06.27 17:39:20 | 000,000,000 | RH-D | C] -- C:\Users\Grobi\AppData\Roaming\SecuROM
[2012.06.27 17:38:19 | 000,000,000 | ---D | C] -- C:\Users\Grobi\AppData\Local\Rockstar Games
[2012.06.27 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.06.27 17:36:02 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012.06.27 17:33:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2012.06.27 17:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[1 C:\Users\Grobi\AppData\Roaming\*.tmp files -> C:\Users\Grobi\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.26 08:16:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Grobi\Desktop\OTL.exe
[2012.07.26 08:07:25 | 000,051,664 | ---- | M] () -- C:\Users\Grobi\AppData\Roaming\appconf32.exe
[2012.07.26 08:02:49 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.07.26 08:00:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.26 08:00:40 | 012,137,424 | ---- | M] (Simply Super Software ) -- C:\Users\Grobi\Desktop\trojan_remover_setup683.exe
[2012.07.26 07:59:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 07:58:50 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grobi\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.26 07:55:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.26 07:54:00 | 000,000,034 | ---- | M] () -- C:\Users\Grobi\AppData\Roaming\blckdom.res
[2012.07.26 07:44:39 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 07:44:39 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 07:36:25 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.07.26 07:36:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 07:36:09 | 1609,383,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 20:25:15 | 000,006,400 | ---- | M] () -- C:\Users\Grobi\AppData\Roaming\BAcroIEHelpe174.dll.vir
[2012.07.19 07:57:03 | 000,000,043 | ---- | M] () -- C:\Users\Grobi\AppData\Roaming\urhtps.dat
[2012.07.12 17:55:47 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 17:55:47 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 10:43:21 | 000,340,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.27 18:02:20 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.27 18:02:20 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.27 18:02:20 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.27 18:02:20 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.27 17:36:02 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[1 C:\Users\Grobi\AppData\Roaming\*.tmp files -> C:\Users\Grobi\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.26 08:02:49 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.07.26 08:02:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.07.26 08:02:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.07.26 07:59:28 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 20:25:15 | 000,006,400 | ---- | C] () -- C:\Users\Grobi\AppData\Roaming\BAcroIEHelpe174.dll.vir
[2012.07.20 21:18:29 | 000,000,034 | ---- | C] () -- C:\Users\Grobi\AppData\Roaming\blckdom.res
[2012.07.13 07:58:45 | 000,000,043 | ---- | C] () -- C:\Users\Grobi\AppData\Roaming\urhtps.dat
[2012.06.27 17:48:22 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.01.31 02:09:34 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.01.08 11:38:40 | 000,007,605 | ---- | C] () -- C:\Users\Grobi\AppData\Local\Resmon.ResmonCfg
[2011.11.05 22:52:38 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.11.05 22:52:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.17 10:05:45 | 000,005,632 | ---- | C] () -- C:\Windows\System32\CNMVS50.DLL
[2011.09.17 08:59:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.09.17 08:59:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.08.12 17:11:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.12 17:06:07 | 000,593,920 | ---- | C] () -- C:\Windows\System32\ati2sgag.exe
[2011.08.12 16:46:39 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.08.12 13:47:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\ColorSync
[2011.08.12 13:47:19 | 000,000,268 | RH-- | C] () -- C:\Users\Grobi\AppData\Roaming\Classical
[2011.08.12 13:47:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.08.12 13:47:19 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Compressor
[2011.08.12 13:45:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2011.08.12 13:45:53 | 000,000,268 | RH-- | C] () -- C:\Users\Grobi\AppData\Roaming\Chorus
[2011.08.12 13:45:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.08.12 13:45:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Command Line Utility
[2011.08.12 12:03:21 | 000,143,360 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll
[2011.08.12 12:03:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011.08.12 12:01:13 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini
[2011.04.12 03:30:05 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008.12.09 17:23:13 | 000,051,664 | ---- | C] () -- C:\Users\Grobi\AppData\Roaming\appconf32.exe

========== LOP Check ==========

[2012.07.12 20:43:46 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\13001.023
[2012.07.13 17:35:02 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\13001.024
[2012.07.14 20:57:03 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\13001.025
[2012.07.17 20:17:33 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\13001.026
[2012.07.19 07:35:14 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\13001.027
[2012.07.21 08:29:28 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\13001.028
[2012.07.26 07:40:31 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\13001.029
[2012.01.19 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\Ansys
[2012.02.28 22:07:48 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\DAEMON Tools Lite
[2012.01.31 01:54:27 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\DVDVideoSoft
[2011.09.17 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\FreePDF
[2012.03.17 15:56:21 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\Garmin
[2011.08.12 13:57:46 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\GlarySoft
[2012.07.12 18:13:01 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\kock
[2012.02.16 10:18:53 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\Nikon
[2012.07.26 08:02:28 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\Simply Super Software
[2011.11.05 23:59:59 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\Ubisoft
[2012.01.31 02:10:57 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\Xilisoft
[2012.07.26 07:54:31 | 000,000,000 | ---D | M] -- C:\Users\Grobi\AppData\Roaming\xmldm
[2012.07.26 07:36:25 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.06.08 14:27:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Extra.txt

Zitat:
OTL Extras logfile created on: 26.07.2012 08:16:52 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Grobi\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 28,14% Memory free
4,00 Gb Paging File | 2,21 Gb Available in Paging File | 55,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 79,12 Gb Total Space | 16,61 Gb Free Space | 21,00% Space Free | Partition Type: NTFS
Drive D: | 26,52 Gb Total Space | 7,72 Gb Free Space | 29,09% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MELDER | User Name: Grobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0944FDB6-A183-46EB-8821-467901F2CDF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0BCB52AC-5DDF-4004-AC27-4F66315DBF7C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{20F743CE-AD98-4741-B827-CAF893CFDD2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29AF9D89-6506-419B-B0C2-0BAB64ED6B01}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D89BE03-BC7B-4AF2-B013-010CEE723926}" = lport=137 | protocol=17 | dir=in | app=system |
"{32B58EAF-B215-4FAF-A856-A6DEC8166A8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{551B4E49-BB31-4789-96FE-C6D16D16E843}" = rport=139 | protocol=6 | dir=out | app=system |
"{561B338D-1CF6-476F-AFED-7283BA95B22E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BFB012F-75E7-46D9-B0D5-DA98BF9D2CC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{5CF352DD-CC68-401D-9F48-FF101A3828A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72D4273E-3D1A-464E-B85F-7C55125D1F69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{740FD26F-D97E-4E0E-8990-4ED84A1BB211}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74AB0430-5549-48D5-AD0D-319928AC2377}" = lport=445 | protocol=6 | dir=in | app=system |
"{8778F390-E954-4D0A-A853-09AE2134FA6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A13F015-8194-483A-A9D7-F4D09F458F2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8EAE4721-EE8F-4EA2-9BC6-C6A823B40CAA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95495FFA-3F54-4A01-B848-9D1F91F90AF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{98496200-6F62-459A-8397-109DD3A3B81C}" = rport=138 | protocol=17 | dir=out | app=system |
"{9A098140-3B8C-479E-8D74-3E83CF0AFC93}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9DDB408F-CA6E-4977-8667-140967E13BEF}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7B5575A-D479-4504-AFED-024FA290B92B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA244460-9734-4843-B38F-C97CFF8220A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F60612D4-A57E-448D-9326-33482B19A294}" = lport=139 | protocol=6 | dir=in | app=system |
"{FFC0B847-E428-4AF5-9FA5-BAD04FA3C9A1}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EB1AB2-CE18-4A31-902C-432A156A9DB7}" = protocol=6 | dir=in | app=c:\games\anno 1404\tools\anno4web.exe |
"{1202973D-3E54-474C-A2D7-E11B62E3CAE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15CE4A8C-10E9-4D58-8EC2-6F375FA2D003}" = protocol=6 | dir=in | app=c:\games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{201CEA3F-8FAF-4600-BCF5-818426947BC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C851740-1B44-46DB-A959-14960B29FD3C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2D529A28-4375-49A2-B942-3C540B57931E}" = protocol=17 | dir=in | app=c:\games\anno 1404\addon.exe |
"{386D6AC1-D31B-4375-9EBE-76CBAC75B3F9}" = protocol=17 | dir=in | app=c:\games\anno 1404\anno4.exe |
"{3B647EFC-8B35-48C0-B891-DE8916BDAD50}" = protocol=17 | dir=in | app=c:\windows\system32\cnab4rpk.exe |
"{4FEB58FA-7425-41F5-B002-831D4DF622FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{596C8B83-1766-4549-A712-911A60F91848}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C5CE4C1-5565-4CE1-B048-A0C280F3ACE0}" = protocol=17 | dir=in | app=c:\games\anno 1404\tools\anno4web.exe |
"{65A3247B-3236-43E1-B584-A0CEA95F04B8}" = protocol=17 | dir=in | app=c:\games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{74C42B62-7A9E-41D4-AAC8-4526E82B1F2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79BB9765-6F48-444B-A640-97C1CC8EF19A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{947AA25E-EBFB-49DF-BBD0-A3E2D62A3B1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9A0C338D-E486-41EA-B368-AEEB9A4F2ACB}" = protocol=6 | dir=in | app=c:\games\anno 1404\addon.exe |
"{A68F20DD-2214-460A-96CB-D7CFF8F0E442}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7FB8A3A-5E56-4C4B-84A3-5E310D252BBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8587838-670A-42E5-9FDB-C9AE2D23193E}" = protocol=17 | dir=in | app=c:\games\anno 1404\tools\addonweb.exe |
"{BE5C46FD-E514-417F-AC33-D7590AFF5499}" = protocol=6 | dir=in | app=c:\games\anno 1404\anno4.exe |
"{BF7474EA-3C86-4C3C-902F-FB58CFE397C4}" = protocol=6 | dir=in | app=c:\games\anno 1404\tools\addonweb.exe |
"{C9F0BA93-095C-4BD8-A734-230DDA909E00}" = protocol=6 | dir=in | app=c:\windows\system32\cnab4rpk.exe |
"{CE55BC24-0F14-4E18-9988-E200A1EF666F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8D1E7D9-F1AC-4818-8900-5320EFCF9C92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBE93F80-7AAE-494C-B901-6237C48E251A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E25BE738-E11E-4645-B454-B8BEE2864952}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F01BEF67-0280-4E1D-A2F1-E34D289FD3D8}" = protocol=6 | dir=out | app=system |
"{F44A5A96-97A7-4A17-9431-5F4941E2933C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7BA96A7-E9AD-4BE8-86FF-E856AC03E6E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{37728932-EC63-48BF-ADB5-D37E95BC8087}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{38C671E9-7697-489D-901E-B731387ACA9C}C:\games\gtr2\gtr2.exe" = protocol=6 | dir=in | app=c:\games\gtr2\gtr2.exe |
"TCP Query User{3E2E4195-1088-402D-ABF6-0889105140C5}C:\program files\ansys inc\v130\ansys\bin\intel\ansys.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v130\ansys\bin\intel\ansys.exe |
"TCP Query User{53926C46-CC6E-4DB1-898A-5573D7C33D3F}C:\program files\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansysli_client.exe |
"TCP Query User{7CE45588-501F-4BCF-A655-81A8A2D775C7}C:\games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\games\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{841B8F67-3603-421B-A23B-295BAC1A5052}I:\games\gta2\gta2.exe" = protocol=6 | dir=in | app=i:\games\gta2\gta2.exe |
"TCP Query User{87398C99-EC75-465D-A424-17DE05A1FA95}C:\program files\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"TCP Query User{9F8477FD-54A9-4D6C-80DD-F5C989BD4F40}C:\program files\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"TCP Query User{A2FB02EC-6150-4DE3-8914-12D14F475491}I:\games\m.o.h\mohaa.exe" = protocol=6 | dir=in | app=i:\games\m.o.h\mohaa.exe |
"TCP Query User{E0110BA9-1FAB-4B2F-A492-BA7A504E5726}C:\program files\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"TCP Query User{EE522309-969F-48C8-ACE3-E4AF755C426E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{F0A57990-431F-4E36-8BF5-911D300D4252}I:\games\gta2\gta2.exe" = protocol=6 | dir=in | app=i:\games\gta2\gta2.exe |
"TCP Query User{FBA2B887-8335-4B43-A3BC-96E7EF71A9D1}C:\program files\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{25F7CE81-1562-4EC8-8E98-674D779EDCD0}C:\program files\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"UDP Query User{2C95726D-6E07-4775-861F-78B3F25ECEE9}I:\games\gta2\gta2.exe" = protocol=17 | dir=in | app=i:\games\gta2\gta2.exe |
"UDP Query User{47BB1E07-75B4-4C17-87F6-5E3FDDD59F7B}C:\program files\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"UDP Query User{49895C17-B7B7-43B9-9CA4-434ABE91E6C3}C:\games\gtr2\gtr2.exe" = protocol=17 | dir=in | app=c:\games\gtr2\gtr2.exe |
"UDP Query User{6B4D4AAE-98B3-4D8F-9701-96204F7E7A9F}C:\program files\ansys inc\v130\ansys\bin\intel\ansys.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v130\ansys\bin\intel\ansys.exe |
"UDP Query User{9784372A-76AA-401A-A177-ABA4F79174A3}C:\program files\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{A99FE491-C247-4C04-B523-F60DAA950DB1}C:\program files\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{B014A87D-F32E-473B-AB5B-136819397886}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B79CEE04-2D27-442B-BD00-9BD73CD8B369}I:\games\m.o.h\mohaa.exe" = protocol=17 | dir=in | app=i:\games\m.o.h\mohaa.exe |
"UDP Query User{C79D3093-0D17-41B1-BD24-04946619E663}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DDE1A75C-E1E6-4655-904B-FB50BE4A90E6}C:\games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\games\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{FC9FC798-EBFF-46C1-BF0B-C2FABDA40DEB}I:\games\gta2\gta2.exe" = protocol=17 | dir=in | app=i:\games\gta2\gta2.exe |
"UDP Query User{FCCC32BF-72FD-4749-A812-1474F8B83546}C:\program files\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansysli_client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon LBP2900" = Canon LBP2900
"CANONBJ_Deinstall_CNMCP50.DLL" = Canon i250
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF (Remove only)
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"GPL Ghostscript 9.04" = GPL Ghostscript
"Intelli-studio" = SAMSUNG Intelli-studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars" = PokerStars
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Trojan Remover_is1" = Trojan Remover 6.8.4
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.07.2012 04:51:31 | Computer Name = Melder | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden. Fehlercode:

Error - 22.07.2012 04:51:33 | Computer Name = Melder | Source = WinMgmt | ID = 10
Description =

Error - 22.07.2012 05:09:45 | Computer Name = Melder | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 23.07.2012 11:20:42 | Computer Name = Melder | Source = WinMgmt | ID = 10
Description =

Error - 24.07.2012 12:27:40 | Computer Name = Melder | Source = WinMgmt | ID = 10
Description =

Error - 24.07.2012 12:48:59 | Computer Name = Melder | Source = WinMgmt | ID = 10
Description =

Error - 24.07.2012 12:52:27 | Computer Name = Melder | Source = System Restore | ID = 8193
Description =

Error - 24.07.2012 13:47:24 | Computer Name = Melder | Source = WinMgmt | ID = 10
Description =

Error - 24.07.2012 14:17:19 | Computer Name = Melder | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 26.07.2012 01:37:56 | Computer Name = Melder | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 24.07.2012 13:32:25 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:37:25 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:37:25 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:37:25 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:39:33 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:39:33 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:39:33 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:44:33 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:44:33 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 13:44:33 | Computer Name = Melder | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >


Alt 30.07.2012, 11:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq - Standard

Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq



Zitat:
Allerdings erscheint mir gerade der Trojaner Jorik.Banker als sehr kritisch, weil von diesem Laptop Online-Banking betrieben wird.
Bei Onlinebanking solltest du generell sehr vorsichtig sein und überlegen ob du den riskanten Kompromiss einer Bereinigung wirklich eingehen willst.
Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows und anschließend das Ändern sämtlicher Passwörter!
__________________

__________________

Alt 30.07.2012, 14:16   #3
lordusmordus
 
Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq - Standard

Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq



Hi,

danke für deine Antwort. Angenommen ich möchte mein system nur bereinigen. Was müsste ich tun? Sagen dir meine Logs genaueres? Sind nur einzelne Dateien infiziert oder mein gesamtes System?
__________________

Alt 30.07.2012, 18:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq - Standard

Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq



Sprich doch einfach genau das an was du willst.
Wenn du OnlineBanking machst, solltest v.a. 1. mit deiner Bank mal sprechen und in Erwägung ziehen, OnlineBanking komplett zu sperren. Dann kannnst du dir genau und in Ruhe überlegen welche Schritte du machen willst.
Wenn um die Sicherheit geht sollte man nicht mit der Einstellung ans Werk gehen, auf Biegen und Brechen eine Neuinstallation zu verhindern. Überleg es dir.

Antwort

Themen zu Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq
acroiehelper.dll, autorun, avira, bacroiehelpe.dll, bho, branding, defender, e-banking, entfernen, error, firefox, flash player, format, grand theft auto, helper, install.exe, jorik.banker, langs, logfile, mozilla, object, office 2007, plug-in, realtek, registry, richtlinie, rkit/agent.desj, rundll, scan, searchscopes, security, software, spy.farko, super, svchost.exe, trojaner, udp, usb, windows



Ähnliche Themen: Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq


  1. rkit/agent.36864.5
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (10)
  2. rkit/agent.dfjv
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (33)
  3. RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware
    Log-Analyse und Auswertung - 22.08.2012 (58)
  4. Trojaner "TR/Jorik.Banker.bfu"
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (1)
  5. Antivir meldet mehrere Funde: TR/Spy.Farko.mj / RKIT/Agent.deob / ...
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (14)
  6. RKIT/agent.depg.1, Spy.Banker.Gen und andere ...
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (12)
  7. TR/Agent.AOXU und RKIT/Agent.depg.1
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (3)
  8. Maßnahmen gegen Trojaner TR/spy.banker.gen5 und TR/Spy.Farko.lw
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (15)
  9. Antivir zeigt dauernd: TR/Spy.Farko.lw oder TR/Rogue.kdv.651759 oder TR/Spy.Agent.ccfd usw.
    Log-Analyse und Auswertung - 08.07.2012 (1)
  10. Trojaner: Spy(Farko), Banker(Jorik),Downloader(Java) und Rootkit Funde durch Kaspersky '12
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (13)
  11. mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6
    Log-Analyse und Auswertung - 20.12.2011 (23)
  12. 5 x Malware gefunden: TR/Drop.Agent.yds, TR/Jorik.SpyEyes.of, AVA/OpenConnecti.C
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (27)
  13. RKIT/Agent.AW
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (1)
  14. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  15. Hilfe !! RKIT/Agent.U
    Plagegeister aller Art und deren Bekämpfung - 01.05.2008 (9)
  16. RKIT/Agent.WK
    Plagegeister aller Art und deren Bekämpfung - 21.02.2008 (1)
  17. TR/RKit.Agent.Q
    Plagegeister aller Art und deren Bekämpfung - 14.07.2005 (9)

Zum Thema Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq - Hallo Leute, bin neu hier und habe hier ein dickes Problem. Ich habe den Laptop von nem Bekannten bekommen weil er meinen Rat sucht bzgl. dieverser Meldungen bei Antivir. Leider - Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq...
Archiv
Du betrachtest: Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.