Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.06.2012, 18:01   #1
Bertibert
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Hallo,
leider habe auch ich mir den Trojaner eingefangen und bitte um Eure Hilfe, damit ich diesen wieder wegbekomme. Neu aufsetzen will ich eigentlich nicht, außer es geht wirklich nicht anders. OTL.txt u. Extras.txt sowie die Malwarebytes Logdatei habe ich angehängt. Ein Versuch mit dem TDSSKiller ist leider kläglich gescheitert. Fände es super, wenn mir jemand helfen könnte.
Die OTL.txt ist zum Hochladen zu groß, deshalb muß ich sie so einfügen.
Grüße, Robert

OTL logfile created on: 19.06.2012 17:52:01 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Bertl\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,94 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,83% Memory free
6,09 Gb Paging File | 4,18 Gb Available in Paging File | 68,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 22,27 Gb Free Space | 9,56% Space Free | Partition Type: NTFS
Drive D: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: BERTL-PC | User Name: Bertl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bertl\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files (x86)\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\PSIService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll ()
MOD - C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ISPwdSvc) -- C:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMIDS) -- C:\Windows\SysNative\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV:64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV:64bit: - (SYMDNS) -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (s816mdm) -- C:\Windows\SysNative\DRIVERS\s816mdm.sys (MCCI Corporation)
DRV:64bit: - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\SysNative\DRIVERS\s816unic.sys (MCCI)
DRV:64bit: - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s816mgmt.sys (MCCI Corporation)
DRV:64bit: - (s816obex) -- C:\Windows\SysNative\DRIVERS\s816obex.sys (MCCI Corporation)
DRV:64bit: - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\SysNative\DRIVERS\s816nd5.sys (MCCI Corporation)
DRV:64bit: - (s816mdfl) -- C:\Windows\SysNative\DRIVERS\s816mdfl.sys (MCCI Corporation)
DRV:64bit: - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s816bus.sys (MCCI Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\wg111v3.sys (NETGEAR Inc. )
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\DRIVERS\point64k.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\DRIVERS\JGOGO.sys (JMicron )
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080513.001\IDSviA64.sys (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {18780ed6-1531-47da-bf90-c91f72f2b4ee} - C:\Program Files (x86)\Softonic-Austria_\prxtbSof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = hxxp://www.zumie.com/?prt=ZUMIE136&keywords={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031783

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - No CLSID value found
IE - HKCU\..\URLSearchHook: {18780ed6-1531-47da-bf90-c91f72f2b4ee} - C:\Program Files (x86)\Softonic-Austria_\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=e03ecf7f000000000000001e2aac4342
IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = hxxp://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={930F0273-0EC1-4822-8314-4C035DC4C0D1}&mid=7fab1e16e9c647d0a6b0d15426906e76-cc2a1ca55867323915759095492a971517fd6611&lang=de&ds=tt015&pr=sa&d=2012-06-16 16:10:09&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031783
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B0e9c05a9-a91c-42ec-8e77-0b1fc2b2143b%7D&mid=7fab1e16e9c647d0a6b0d15426906e76-cc2a1ca55867323915759095492a971517fd6611&ds=tt015&v=11.1.0.12&lang=de&pr=sa&d=2012-06-16%2016%3A10%3A09&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.06.16 16:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 18:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:51:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 18:05:59 | 000,000,000 | ---D | M]

[2009.03.07 14:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Extensions
[2009.03.07 14:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.06.17 13:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions
[2011.06.02 11:12:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.04.07 14:20:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.20 22:17:21 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.05.09 22:00:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\engine@conduit.com
[2011.08.31 12:02:08 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\ffxtlbr@babylon.com
[2010.10.19 21:28:08 | 000,000,927 | ---- | M] () -- C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\searchplugins\conduit.xml
[2012.03.20 23:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.05.16 17:10:22 | 000,000,000 | ---D | M] (WordSearch) -- C:\Program Files (x86)\mozilla firefox\extensions\{32A8BD73-1A5E-4a89-9939-AE6244253795}
[2008.05.16 17:09:13 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Program Files (x86)\mozilla firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2012.06.16 16:10:23 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012.06.18 16:51:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 17:50:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.10 19:03:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.16 16:09:46 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.08.31 12:02:02 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.10 19:03:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.10 19:03:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.10 19:03:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.10 19:03:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.10 19:03:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.2_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DealPly = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Google Mail = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Softonic-Austria_ Toolbar) - {18780ed6-1531-47da-bf90-c91f72f2b4ee} - C:\Program Files (x86)\Softonic-Austria_\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic-Austria_ Toolbar) - {18780ed6-1531-47da-bf90-c91f72f2b4ee} - C:\Program Files (x86)\Softonic-Austria_\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Austria_ Toolbar) - {18780ED6-1531-47DA-BF90-C91F72F2B4EE} - C:\Program Files (x86)\Softonic-Austria_\prxtbSof0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [Tele2 LiveUpdate] C:\Program Files (x86)\Tele2\LiveUpdate\LiveupdateClient.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AF0B599-BB18-465E-8F32-C296665C488A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A6C986-EF78-47F5-BDD5-66E75D2CEE69}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bertl\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bertl\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.01 20:44:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{23fc1cf1-0652-11dd-9e47-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23fc1cf1-0652-11dd-9e47-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe
O33 - MountPoints2\{b631f285-33ad-11dd-9466-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b631f285-33ad-11dd-9466-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe
O33 - MountPoints2\{dc1997a8-0658-11dd-b211-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc1997a8-0658-11dd-b211-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.19 17:34:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.19 16:59:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.06.19 16:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.06.19 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\SpeedyPC Software
[2012.06.19 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\DriverCure
[2012.06.19 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.06.18 17:42:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.17 14:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.06.17 14:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.06.17 13:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.16 16:13:20 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\Malwarebytes
[2012.06.16 16:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.16 16:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.16 16:12:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.16 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.16 16:10:48 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.06.16 16:10:39 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.06.16 16:10:39 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.06.16 16:10:36 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Local\AVG Secure Search
[2012.06.16 16:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.06.16 16:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.06.16 16:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.06.16 16:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012.06.16 16:07:36 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\TuneUp Software
[2012.06.16 16:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.06.16 16:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.16 16:04:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.16 16:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012.06.15 15:15:16 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bertl\Desktop\TDSSKiller.exe
[2012.06.10 16:32:10 | 000,000,000 | ---D | C] -- C:\Users\Bertl\dwhelper
[2012.06.09 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Local\Macromedia
[2012.05.29 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\Bertl\Documents\Diablo III
[2012.05.29 21:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.29 21:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.29 21:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.05.29 21:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.19 17:55:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{35305DF5-FA23-4540-B1EF-651FF0A50A46}.job
[2012.06.19 17:55:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7F306578-A669-4BB9-9C62-2D4B2C9D6E80}.job
[2012.06.19 17:55:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F3B6BE1-C64C-4942-836B-F12F7DEA0B8B}.job
[2012.06.19 17:49:41 | 000,000,000 | ---- | M] () -- C:\Users\Bertl\defogger_reenable
[2012.06.19 17:27:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.19 17:27:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.19 16:25:54 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 16:25:54 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 16:25:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 17:45:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.17 15:06:15 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft-Tastatur.lnk
[2012.06.17 15:06:15 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft-Maus.lnk
[2012.06.17 15:06:15 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.06.17 15:06:12 | 000,001,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.06.16 16:10:33 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.16 16:10:33 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.15 17:35:19 | 000,261,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bertl\Desktop\TDSSKiller.exe
[2012.06.14 17:26:13 | 001,699,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 17:26:13 | 000,714,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 17:26:13 | 000,668,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 17:26:13 | 000,163,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 17:26:13 | 000,133,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.12 17:30:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.29 21:59:24 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.29 13:09:54 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.05.29 13:09:50 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.05.29 13:09:50 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.19 17:49:41 | 000,000,000 | ---- | C] () -- C:\Users\Bertl\defogger_reenable
[2012.06.19 16:30:43 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[2012.06.17 15:38:35 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[2012.06.17 14:34:27 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.06.17 14:34:24 | 000,001,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.06.16 18:11:10 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[2012.06.16 16:12:31 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.16 16:10:33 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.16 16:10:33 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.16 16:10:31 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.05.29 21:36:58 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.01.31 22:27:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\@
[2012.01.31 22:27:38 | 000,002,048 | -HS- | C] () -- C:\Users\Bertl\AppData\Local\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\@
[2011.10.27 18:56:50 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2011.02.10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010.12.29 02:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.24 14:21:18 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe
[2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== LOP Check ==========

[2009.05.07 19:39:55 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\AllDup
[2010.08.22 13:47:17 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\Ashampoo
[2009.04.22 15:45:35 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\Auslogics
[2008.05.21 14:09:31 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\CDBurnerXP_Soft
[2008.05.21 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\DeepBurner
[2012.06.19 16:45:23 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\DriverCure
[2008.04.10 23:29:49 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\elefundesktops
[2008.10.28 21:49:02 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\flightgear.org
[2009.03.30 19:59:22 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\FOG Downloader
[2011.05.03 20:56:23 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\Free Download Manager
[2012.05.06 15:01:07 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\FrostWire
[2009.12.18 10:55:25 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\GetRightToGo
[2008.10.23 18:30:27 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\Leadertech
[2008.04.11 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\MAGIX
[2009.05.30 09:07:40 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\MobMapUpdater
[2010.01.03 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\PC Suite
[2008.10.25 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\PeerNetworking
[2011.01.14 22:30:19 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\runic games
[2010.01.03 13:57:49 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\Samsung
[2012.06.19 16:45:23 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\SpeedyPC Software
[2008.09.26 11:28:29 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\Teleca
[2012.06.16 16:07:36 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\TuneUp Software
[2008.04.09 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\Turbine
[2011.08.31 11:51:49 | 000,000,000 | ---D | M] -- C:\Users\Bertl\AppData\Roaming\VistaCodecs
[2012.06.19 01:25:23 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.19 18:00:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{35305DF5-FA23-4540-B1EF-651FF0A50A46}.job
[2012.06.19 18:00:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5F3B6BE1-C64C-4942-836B-F12F7DEA0B8B}.job
[2012.06.19 18:00:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7F306578-A669-4BB9-9C62-2D4B2C9D6E80}.job

========== Purity Check ==========



< End of report >

Alt 20.06.2012, 07:54   #2
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Da hast du dir ein richtiges Herzchen eingefangen!


Schritt 1: ckscan



Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.



Schritt 2: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 20.06.2012, 16:18   #3
Bertibert
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Hi Marius!
Vielen Dank dass Du Dich meiner annimmst! Nachstehend die Ergebnisse!
TR/Small.FI in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@ und TR/ATRAPS.Gen wurden übrigens auch noch gefunden, den Report hänge ich auch noch dran.


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.QJAPAI
----- EOF -----

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 16:41:02
-----------------------------
16:41:02.823 OS Version: Windows x64 6.0.6002 Service Pack 2
16:41:02.823 Number of processors: 2 586 0xF0D
16:41:02.823 ComputerName: BERTL-PC UserName: Bertl
16:41:04.274 Initialize success
16:41:55.620 AVAST engine defs: 12062000
16:42:10.924 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
16:42:10.924 Disk 0 Vendor: WDC_WD2500JS-00NCB1 10.02E02 Size: 238475MB BusType: 3
16:42:10.924 Disk 0 MBR read successfully
16:42:10.939 Disk 0 MBR scan
16:42:10.939 Disk 0 Windows VISTA default MBR code
16:42:10.955 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
16:42:10.986 Disk 0 scanning C:\Windows\system32\drivers
16:42:23.996 Service scanning
16:42:46.663 Modules scanning
16:42:46.663 Disk 0 trace - called modules:
16:42:46.679 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
16:42:46.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004624640]
16:42:46.694 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> [0xfffffa8003302520]
16:42:46.694 5 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0xfffffa80032ff940]
16:42:49.456 AVAST engine scan C:\Windows
16:42:52.934 AVAST engine scan C:\Windows\system32
16:48:40.081 AVAST engine scan C:\Windows\system32\drivers
16:49:02.062 AVAST engine scan C:\Users\Bertl
16:59:48.619 AVAST engine scan C:\ProgramData
17:01:29.130 Scan finished successfully
17:05:29.386 Disk 0 MBR has been saved successfully to "C:\Users\Bertl\Desktop\MBR.dat"
17:05:29.386 The log file has been saved successfully to "C:\Users\Bertl\Desktop\aswMBR.txt"

16.06.2012,13:29:35 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
16.06.2012,14:03:05 [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen2!
C:\Users\Bertl\AppData\Local\Temp\2129195.exe
[INFO] Benutzer: BERTL-PC\BERTL
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:03:08 [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen2!
C:\Users\Bertl\AppData\Local\Temp\2129195.exe
[INFO] Benutzer: BERTL-PC\BERTL
[INFO] Datei wurde an Scanner übergeben.
16.06.2012,14:03:11 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Users\Bertl\AppData\Local\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\n
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:03:25 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
16.06.2012,14:03:25 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\n
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Datei wurde an Scanner übergeben.
16.06.2012,14:03:25 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
16.06.2012,14:03:28 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\n
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:03:33 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:03:33 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:07:38 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:07:39 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:11:55 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:11:55 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:16:11 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:16:45 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:20:59 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:20:59 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:24:58 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:24:59 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:29:30 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:29:34 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:33:32 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:33:32 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:37:46 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:37:46 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:42:01 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:42:02 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:46:18 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:46:18 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:50:34 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:50:34 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:54:33 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:54:34 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:58:49 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,14:58:49 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:03:24 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:03:24 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:07:23 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:07:23 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:11:55 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:11:56 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:16:03 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:16:04 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:20:28 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:20:30 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:24:58 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:24:58 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:28:45 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:28:48 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:28:48 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:33:14 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:33:14 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:37:13 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:37:13 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:41:30 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:41:32 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:46:18 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:46:18 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:50:18 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:50:19 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:54:34 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,15:54:35 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,16:03:06 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,16:07:22 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,17:41:17 [INFO] Update-Auftrag gestartet!
16.06.2012,17:41:35 [INFO] Aktuelle Engine Version: 8.2.10.92
16.06.2012,17:41:35 [INFO] Aktuelle Version der VDF-Datei: 7.11.33.42
16.06.2012,18:06:36 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:11:10 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:11:10 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:13:15 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
16.06.2012,18:14:36 [INFO] ---------------------------------------------------------
16.06.2012,18:14:36 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
16.06.2012,18:14:47 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.42
16.06.2012,18:14:48 [INFO] Online-Dienste stehen zur Verfügung.
16.06.2012,18:14:48 [INFO] Echtzeit Scanner wurde aktiviert
16.06.2012,18:14:48 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
16.06.2012,18:14:49 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:15:55 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
16.06.2012,18:17:10 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
16.06.2012,18:19:21 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:44:44 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:49:14 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:50:03 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
16.06.2012,18:51:26 [INFO] ---------------------------------------------------------
16.06.2012,18:51:26 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
16.06.2012,18:51:37 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.42
16.06.2012,18:51:37 [INFO] Online-Dienste stehen zur Verfügung.
16.06.2012,18:51:37 [INFO] Echtzeit Scanner wurde aktiviert
16.06.2012,18:51:37 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
16.06.2012,18:51:37 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:51:37 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:52:53 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
16.06.2012,18:55:55 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,18:55:55 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,19:08:58 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,19:08:58 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
16.06.2012,19:22:19 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
17.06.2012,13:16:20 [INFO] ---------------------------------------------------------
17.06.2012,13:16:20 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
17.06.2012,13:16:48 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.42
17.06.2012,13:16:48 [INFO] Online-Dienste stehen zur Verfügung.
17.06.2012,13:16:48 [INFO] Echtzeit Scanner wurde aktiviert
17.06.2012,13:16:48 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
17.06.2012,13:16:49 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
17.06.2012,13:16:49 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
17.06.2012,13:17:28 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
17.06.2012,13:22:51 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
17.06.2012,15:33:47 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
17.06.2012,15:33:48 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
17.06.2012,15:38:19 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
17.06.2012,15:38:35 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
17.06.2012,16:46:59 [WARNUNG] Echtzeit Scanner wurde deaktiviert
17.06.2012,16:47:06 [INFO] Echtzeit Scanner wurde aktiviert
17.06.2012,16:53:11 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
17.06.2012,17:41:06 [INFO] Update-Auftrag gestartet!
17.06.2012,17:41:20 [INFO] Aktuelle Engine Version: 8.2.10.92
17.06.2012,17:41:20 [INFO] Aktuelle Version der VDF-Datei: 7.11.33.56
17.06.2012,18:27:00 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
17.06.2012,20:02:34 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
17.06.2012,23:40:43 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
17.06.2012,23:42:27 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
18.06.2012,16:49:05 [INFO] ---------------------------------------------------------
18.06.2012,16:49:05 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
18.06.2012,16:49:17 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.56
18.06.2012,16:49:17 [INFO] Online-Dienste stehen zur Verfügung.
18.06.2012,16:49:17 [INFO] Echtzeit Scanner wurde aktiviert
18.06.2012,16:49:17 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
18.06.2012,16:49:19 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
18.06.2012,16:50:03 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
18.06.2012,16:53:32 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
18.06.2012,16:57:52 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
18.06.2012,17:02:22 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
18.06.2012,17:06:11 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
18.06.2012,17:07:31 [INFO] ---------------------------------------------------------
18.06.2012,17:07:31 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
18.06.2012,17:07:42 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.56
18.06.2012,17:07:42 [INFO] Online-Dienste stehen zur Verfügung.
18.06.2012,17:07:42 [INFO] Echtzeit Scanner wurde aktiviert
18.06.2012,17:07:42 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
18.06.2012,17:07:44 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
18.06.2012,17:08:20 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
18.06.2012,17:12:05 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
18.06.2012,17:41:03 [INFO] Update-Auftrag gestartet!
18.06.2012,17:41:21 [INFO] Aktuelle Engine Version: 8.2.10.92
18.06.2012,17:41:21 [INFO] Aktuelle Version der VDF-Datei: 7.11.33.78
18.06.2012,17:54:02 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
18.06.2012,17:55:13 [INFO] ---------------------------------------------------------
18.06.2012,17:55:13 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
18.06.2012,17:55:28 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.78
18.06.2012,17:55:28 [INFO] Online-Dienste stehen zur Verfügung.
18.06.2012,17:55:28 [INFO] Echtzeit Scanner wurde aktiviert
18.06.2012,17:55:28 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
18.06.2012,17:55:30 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
18.06.2012,17:55:54 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
18.06.2012,18:00:00 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
19.06.2012,01:25:29 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
19.06.2012,16:25:59 [INFO] ---------------------------------------------------------
19.06.2012,16:25:59 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
19.06.2012,16:26:11 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.78
19.06.2012,16:26:11 [INFO] Online-Dienste stehen zur Verfügung.
19.06.2012,16:26:11 [INFO] Echtzeit Scanner wurde aktiviert
19.06.2012,16:26:11 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
19.06.2012,16:26:13 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
19.06.2012,16:26:24 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
19.06.2012,16:30:43 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
19.06.2012,17:00:13 [WARNUNG] Echtzeit Scanner wurde deaktiviert
19.06.2012,17:30:22 [INFO] Echtzeit Scanner wurde aktiviert
19.06.2012,17:32:16 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
19.06.2012,17:41:09 [INFO] Update-Auftrag gestartet!
19.06.2012,17:41:26 [INFO] Aktuelle Engine Version: 8.2.10.92
19.06.2012,17:41:26 [INFO] Aktuelle Version der VDF-Datei: 7.11.33.106
19.06.2012,19:21:14 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
19.06.2012,19:38:15 [INFO] ---------------------------------------------------------
19.06.2012,19:38:15 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
19.06.2012,19:38:35 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.106
19.06.2012,19:38:36 [INFO] Online-Dienste stehen zur Verfügung.
19.06.2012,19:38:36 [INFO] Echtzeit Scanner wurde aktiviert
19.06.2012,19:38:36 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
19.06.2012,19:39:36 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
19.06.2012,19:41:37 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
19.06.2012,19:43:26 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
19.06.2012,19:44:57 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
20.06.2012,16:24:12 [INFO] ---------------------------------------------------------
20.06.2012,16:24:12 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
20.06.2012,16:24:27 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.10.92, VDF Version: 7.11.33.106
20.06.2012,16:24:28 [INFO] Online-Dienste stehen zur Verfügung.
20.06.2012,16:24:28 [INFO] Echtzeit Scanner wurde aktiviert
20.06.2012,16:24:28 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
20.06.2012,16:26:28 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
20.06.2012,16:27:28 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:29:43 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Windows\System32\services.exe
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
20.06.2012,16:32:28 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:33:24 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:35:00 [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:37:28 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:42:28 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:44:59 [FUND] Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA!
C:\Users\Bertl\AppData\Local\Temp\av4883.tmp
[INFO] Benutzer: BERTL-PC\BERTL
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:47:28 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:52:28 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,16:57:28 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,17:02:28 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
20.06.2012,17:07:29 [FUND] Ist das Trojanische Pferd TR/Small.FI!
C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
__________________

Alt 21.06.2012, 07:15   #4
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 21.06.2012, 22:40   #5
Bertibert
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Hi Marius,
nachstehend das Ergebnis:

- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{18780ED6-1531-47DA-BF90-C91F72F2B4EE} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1266670936-2579149240-1289076800-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bc,fe,85,ce,9b,6f,fc,b1,fb,78,84,fd,5f,96,59,50,f7,8b,09,c8,fe,65,ca,
e4,4a,f6,98,e4,4f,81,62,1b,9e,2e,84,af,65,0e,92,63,80,73,5b,cf,10,59,22,ea,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1266670936-2579149240-1289076800-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,39,42,0c,e4,91,13,89,38,1c,e7,23,3c,43,ba,4f,2d,10,ef,cb,c4,
82,4b,c2,61,4c,aa,2c,54,dd,bc,68,4e,1c,15,90,d5,11,50,73,cb,2f,27,8b,8f,89,\
"rkeysecu"=hex:47,0d,d1,31,38,1b,3d,6b,51,be,cd,8b,c6,24,8a,c1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21 18:19:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-21 16:19
.
Vor Suchlauf: 22 Verzeichnis(se), 23.876.222.976 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 29.653.471.232 Bytes frei
.
- - End Of File - - 2F7503C7415DD9D45331830326B2501B


Alt 22.06.2012, 09:00   #6
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Das Log ist nicht vollständig, bitte poste den kompletten Inhalt der Datei!
__________________
--> TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@

Alt 22.06.2012, 16:15   #7
Bertibert
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Hi Marius,

sorry hatte gestern schon ein paar Bier als ich es gepostet habe, nachstehend das gesamte Log:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-21.01 - Bertl 21.06.2012  18:02:24.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3006.1540 [GMT 2:00]
ausgeführt von:: c:\users\Bertl\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\pswi_preloaded.exe
c:\users\Bertl\AppData\Roaming\Microsoft\Windows\Cookies\Index_4332E74F.dat
c:\users\Bertl\AppData\Roaming\Microsoft\Windows\Cookies\Index_FEAF72BD.dat
c:\users\Bertl\AppData\Roaming\Microsoft\Windows\Cookies\IndexIE_4332E74F.dat
c:\users\Bertl\AppData\Roaming\Microsoft\Windows\Cookies\IndexIE_FEAF72BD.dat
c:\windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\@
c:\windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@
c:\windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@
c:\windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\P2P Networking
c:\windows\SysWow64\P2P Networking\Cache\Database\file-10001-128.sig
c:\windows\SysWow64\P2P Networking\Cache\Database\index256.dbb
.
c:\windows\system32\services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-21 bis 2012-06-21  ))))))))))))))))))))))))))))))
.
.
2012-06-21 16:10 . 2012-06-21 16:13	--------	d-----w-	c:\users\Bertl\AppData\Local\temp
2012-06-21 16:10 . 2012-06-21 16:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-21 16:10 . 2012-06-21 16:10	--------	d-----w-	c:\users\Schatzi\AppData\Local\temp
2012-06-21 15:16 . 2012-06-21 15:16	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-21 15:00 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 15:00 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 15:00 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 15:00 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 15:00 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 15:00 . 2012-06-02 22:19	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-21 15:00 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 15:00 . 2012-06-02 22:19	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-21 15:00 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 15:00 . 2012-06-02 22:12	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-21 14:59 . 2012-06-02 13:19	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-21 14:59 . 2012-06-02 13:12	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-06-21 14:59 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 14:59 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 14:59 . 2012-06-19 15:34	--------	d-----w-	C:\sh4ldr
2012-06-19 14:59 . 2012-06-19 14:59	--------	d-----w-	c:\program files\Enigma Software Group
2012-06-19 14:58 . 2012-06-19 15:34	--------	d-----w-	c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-19 14:45 . 2012-06-19 14:45	--------	d-----w-	c:\users\Bertl\AppData\Roaming\SpeedyPC Software
2012-06-19 14:45 . 2012-06-19 14:45	--------	d-----w-	c:\users\Bertl\AppData\Roaming\DriverCure
2012-06-19 14:45 . 2012-06-19 15:31	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-06-18 15:42 . 2012-06-18 15:42	--------	d-----w-	C:\_OTL
2012-06-17 11:34 . 2012-06-17 11:34	--------	d-----w-	c:\program files (x86)\ESET
2012-06-16 14:13 . 2012-06-16 14:13	--------	d-----w-	c:\users\Bertl\AppData\Roaming\Malwarebytes
2012-06-16 14:12 . 2012-06-16 14:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-16 14:12 . 2012-06-18 15:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-16 14:12 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-16 14:10 . 2012-05-29 11:09	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2012-06-16 14:10 . 2012-05-29 11:09	25952	----a-w-	c:\windows\system32\authuitu.dll
2012-06-16 14:10 . 2012-05-29 11:09	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-06-16 14:10 . 2012-06-16 14:10	--------	d-----w-	c:\users\Bertl\AppData\Local\AVG Secure Search
2012-06-16 14:10 . 2012-06-19 15:33	--------	d-----w-	c:\programdata\AVG Secure Search
2012-06-16 14:09 . 2012-06-16 14:10	--------	d-----w-	c:\program files (x86)\Common Files\AVG Secure Search
2012-06-16 14:09 . 2012-06-16 14:10	--------	d-----w-	c:\program files (x86)\AVG Secure Search
2012-06-16 14:07 . 2012-06-16 14:07	--------	d-----w-	c:\users\Bertl\AppData\Roaming\TuneUp Software
2012-06-16 14:07 . 2012-06-16 14:10	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2012-06-16 14:04 . 2012-06-16 14:11	--------	d-----w-	c:\programdata\TuneUp Software
2012-06-16 14:04 . 2012-06-16 14:04	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-16 14:04 . 2012-06-16 14:04	--------	d-----w-	c:\programdata\Common Files
2012-06-15 15:48 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCAD7097-660F-4553-A235-514B09549183}\mpengine.dll
2012-06-14 15:04 . 2012-05-01 14:29	209920	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 15:04 . 2012-05-15 20:15	2767360	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 15:04 . 2012-04-23 16:25	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-14 15:04 . 2012-04-23 16:25	1267200	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 15:04 . 2012-04-23 16:00	984064	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-14 15:04 . 2012-04-23 16:25	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 15:04 . 2012-04-23 16:00	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-14 15:04 . 2012-04-23 16:00	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-10 15:15 . 2012-06-10 15:15	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 15:15 . 2012-06-10 15:15	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-10 14:32 . 2012-06-10 14:32	--------	d-----w-	c:\users\Bertl\dwhelper
2012-06-09 16:13 . 2012-06-09 16:13	--------	d-----w-	c:\users\Bertl\AppData\Local\Macromedia
2012-05-29 19:36 . 2012-06-12 19:29	--------	d-----w-	c:\program files (x86)\Diablo III
2012-05-29 19:36 . 2012-05-29 19:59	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-05-29 19:34 . 2012-05-29 19:34	--------	d-----w-	c:\programdata\Battle.net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 16:07 . 2012-04-14 15:07	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 16:07 . 2011-06-08 18:02	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:46 . 2011-12-28 21:27	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 17:46 . 2011-12-28 21:27	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 16:41 . 2012-05-05 16:41	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-07 16:05 . 2012-04-07 16:05	777488	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 08:22 . 2012-05-08 22:05	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-08 22:06	1423744	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-26 22:22 . 2012-03-26 22:22	3993600	----a-w-	c:\program files (x86)\GUT3F09.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{18780ed6-1531-47da-bf90-c91f72f2b4ee}"= "c:\program files (x86)\Softonic-Austria_\prxtbSof0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{18780ed6-1531-47da-bf90-c91f72f2b4ee}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{18780ed6-1531-47da-bf90-c91f72f2b4ee}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\Softonic-Austria_\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-16 14:09	2074208	----a-w-	c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{18780ed6-1531-47da-bf90-c91f72f2b4ee}"= "c:\program files (x86)\Softonic-Austria_\prxtbSof0.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-16 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{18780ed6-1531-47da-bf90-c91f72f2b4ee}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-04 1242448]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Sony Ericsson PC Suite"="c:\program files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-15 57344]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Tele2 LiveUpdate"="c:\program files (x86)\Tele2\LiveUpdate\LiveupdateClient.exe" [2010-06-18 4553080]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-16 1107552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-27 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"gtsrp"="c:\program files (x86)\gtsrp\gtsrp.exe"
"Amazing3DAquariumWallpaper"=
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NPSStartup"=
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-21 27648]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-23 19:24]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 16:53]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 16:53]
.
2012-06-21 c:\windows\Tasks\User_Feed_Synchronization-{35305DF5-FA23-4540-B1EF-651FF0A50A46}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
2012-06-21 c:\windows\Tasks\User_Feed_Synchronization-{5F3B6BE1-C64C-4942-836B-F12F7DEA0B8B}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
2012-06-21 c:\windows\Tasks\User_Feed_Synchronization-{7F306578-A669-4BB9-9C62-2D4B2C9D6E80}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 1381208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 1460096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 15934496]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 82464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0e9c05a9-a91c-42ec-8e77-0b1fc2b2143b%7D&mid=7fab1e16e9c647d0a6b0d15426906e76-cc2a1ca55867323915759095492a971517fd6611&ds=tt015&v=11.1.0.12&lang=de&pr=sa&d=2012-06-16%2016%3A10%3A09&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{18780ED6-1531-47DA-BF90-C91F72F2B4EE} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1266670936-2579149240-1289076800-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bc,fe,85,ce,9b,6f,fc,b1,fb,78,84,fd,5f,96,59,50,f7,8b,09,c8,fe,65,ca,
   e4,4a,f6,98,e4,4f,81,62,1b,9e,2e,84,af,65,0e,92,63,80,73,5b,cf,10,59,22,ea,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1266670936-2579149240-1289076800-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,39,42,0c,e4,91,13,89,38,1c,e7,23,3c,43,ba,4f,2d,10,ef,cb,c4,
   82,4b,c2,61,4c,aa,2c,54,dd,bc,68,4e,1c,15,90,d5,11,50,73,cb,2f,27,8b,8f,89,\
"rkeysecu"=hex:47,0d,d1,31,38,1b,3d,6b,51,be,cd,8b,c6,24,8a,c1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21  18:19:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-21 16:19
.
Vor Suchlauf: 22 Verzeichnis(se), 23.876.222.976 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 29.653.471.232 Bytes frei
.
- - End Of File - - 2F7503C7415DD9D45331830326B2501B
         
--- --- ---

Alt 26.06.2012, 07:56   #8
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Schritt 1: Software deinstallieren



  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    Conduit Engine
    AVG Security Toolbar
    McAfee Security Scan Plus
    Softonic-Austria_ Toolbar
  • Schließe das Fenster.



Schritt 2: CF-Script



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
RESTORE::
c:\windows\system32\services.exe
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 26.06.2012, 16:55   #9
Bertibert
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Hi Marius,

nachstehend das Log:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-26.01 - Bertl 26.06.2012  17:36:49.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3006.1700 [GMT 2:00]
ausgeführt von:: c:\users\Bertl\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bertl\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-26 bis 2012-06-26  ))))))))))))))))))))))))))))))
.
.
2012-06-26 15:43 . 2012-06-26 15:43	--------	d-----w-	c:\users\Schatzi\AppData\Local\temp
2012-06-26 15:43 . 2012-06-26 15:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-26 15:43 . 2012-06-26 15:43	--------	d-----w-	c:\users\Bertl\AppData\Local\temp
2012-06-26 15:22 . 2012-06-26 15:22	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{11E8DBC0-EA8F-4239-A16F-0665A0DCB00B}\offreg.dll
2012-06-26 15:01 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{11E8DBC0-EA8F-4239-A16F-0665A0DCB00B}\mpengine.dll
2012-06-21 15:16 . 2012-06-21 15:16	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-21 15:00 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 15:00 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 15:00 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 15:00 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 15:00 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 15:00 . 2012-06-02 22:19	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-21 15:00 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 15:00 . 2012-06-02 22:19	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-21 15:00 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 15:00 . 2012-06-02 22:12	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-21 14:59 . 2012-06-02 13:19	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-21 14:59 . 2012-06-02 13:12	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-06-21 14:59 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 14:59 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 14:59 . 2012-06-19 15:34	--------	d-----w-	C:\sh4ldr
2012-06-19 14:59 . 2012-06-19 14:59	--------	d-----w-	c:\program files\Enigma Software Group
2012-06-19 14:58 . 2012-06-19 15:34	--------	d-----w-	c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-19 14:45 . 2012-06-19 14:45	--------	d-----w-	c:\users\Bertl\AppData\Roaming\SpeedyPC Software
2012-06-19 14:45 . 2012-06-19 14:45	--------	d-----w-	c:\users\Bertl\AppData\Roaming\DriverCure
2012-06-19 14:45 . 2012-06-19 15:31	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-06-18 15:42 . 2012-06-18 15:42	--------	d-----w-	C:\_OTL
2012-06-17 11:34 . 2012-06-17 11:34	--------	d-----w-	c:\program files (x86)\ESET
2012-06-16 14:13 . 2012-06-16 14:13	--------	d-----w-	c:\users\Bertl\AppData\Roaming\Malwarebytes
2012-06-16 14:12 . 2012-06-16 14:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-16 14:12 . 2012-06-18 15:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-16 14:12 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-16 14:10 . 2012-05-29 11:09	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2012-06-16 14:10 . 2012-05-29 11:09	25952	----a-w-	c:\windows\system32\authuitu.dll
2012-06-16 14:10 . 2012-05-29 11:09	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-06-16 14:07 . 2012-06-16 14:07	--------	d-----w-	c:\users\Bertl\AppData\Roaming\TuneUp Software
2012-06-16 14:07 . 2012-06-16 14:10	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2012-06-16 14:04 . 2012-06-16 14:11	--------	d-----w-	c:\programdata\TuneUp Software
2012-06-16 14:04 . 2012-06-16 14:04	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-16 14:04 . 2012-06-16 14:04	--------	d-----w-	c:\programdata\Common Files
2012-06-14 15:04 . 2012-05-01 14:29	209920	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 15:04 . 2012-05-15 20:15	2767360	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 15:04 . 2012-04-23 16:25	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-14 15:04 . 2012-04-23 16:25	1267200	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 15:04 . 2012-04-23 16:00	984064	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-14 15:04 . 2012-04-23 16:25	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 15:04 . 2012-04-23 16:00	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-14 15:04 . 2012-04-23 16:00	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-10 15:15 . 2012-06-10 15:15	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 15:15 . 2012-06-10 15:15	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-10 14:32 . 2012-06-10 14:32	--------	d-----w-	c:\users\Bertl\dwhelper
2012-06-09 16:13 . 2012-06-09 16:13	--------	d-----w-	c:\users\Bertl\AppData\Local\Macromedia
2012-05-29 19:36 . 2012-06-23 16:43	--------	d-----w-	c:\program files (x86)\Diablo III
2012-05-29 19:36 . 2012-05-29 19:59	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-05-29 19:34 . 2012-05-29 19:34	--------	d-----w-	c:\programdata\Battle.net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 16:07 . 2012-04-14 15:07	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 16:07 . 2011-06-08 18:02	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:46 . 2011-12-28 21:27	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 17:46 . 2011-12-28 21:27	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 16:41 . 2012-05-05 16:41	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-07 16:05 . 2012-04-07 16:05	777488	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 08:22 . 2012-05-08 22:05	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-08 22:06	1423744	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-26 22:22 . 2012-03-26 22:22	3993600	----a-w-	c:\program files (x86)\GUT3F09.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-21_16.13.00   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-06-26 15:02	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-06-21 15:10	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-06-21 15:10	98304              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-06-26 15:02	98304              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-06-26 15:02	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-06-21 15:10	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-06-26 14:48	78132              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-26 14:48	78352              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-09 16:44 . 2012-06-26 14:48	22824              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1266670936-2579149240-1289076800-1000_UserData.bin
- 2009-01-29 07:53 . 2012-06-16 14:11	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-01-29 07:53 . 2012-06-26 14:52	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2008-04-09 16:43 . 2012-06-26 14:52	81920              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-09 16:43 . 2012-06-21 15:33	81920              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-05 19:36 . 2012-06-15 16:06	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-05 19:36 . 2012-06-24 15:23	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-05 19:36 . 2012-06-24 15:23	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-05 19:36 . 2012-06-15 16:06	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-05 19:36 . 2012-06-15 16:06	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-05 19:36 . 2012-06-24 15:23	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-23 17:57 . 2012-06-24 15:23	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-23 17:57 . 2012-06-16 11:28	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-23 17:57 . 2012-06-24 15:23	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-23 17:57 . 2012-06-16 11:28	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-21 16:12 . 2012-06-21 16:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-26 14:46 . 2012-06-26 14:46	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-26 14:46 . 2012-06-26 14:46	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-21 16:12 . 2012-06-21 16:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-30 16:03 . 2012-06-24 22:00	217202              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-04-09 16:43 . 2012-06-21 15:33	786432              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-09 16:43 . 2012-06-26 14:52	786432              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-09 16:43 . 2012-06-21 15:33	114688              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-09 16:43 . 2012-06-26 14:52	114688              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-11 15:34 . 2012-06-21 16:11	238948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-11 15:34 . 2012-06-25 22:14	238948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-06-12 17:16 . 2012-06-21 16:11	1081952              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1266670936-2579149240-1289076800-1000-8192.dat
+ 2010-06-12 17:16 . 2012-06-25 22:15	1081952              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1266670936-2579149240-1289076800-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-04 1242448]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Sony Ericsson PC Suite"="c:\program files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-15 57344]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Tele2 LiveUpdate"="c:\program files (x86)\Tele2\LiveUpdate\LiveupdateClient.exe" [2010-06-18 4553080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-27 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-21 27648]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-23 19:24]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 16:53]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 16:53]
.
2012-06-26 c:\windows\Tasks\User_Feed_Synchronization-{35305DF5-FA23-4540-B1EF-651FF0A50A46}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
2012-06-26 c:\windows\Tasks\User_Feed_Synchronization-{5F3B6BE1-C64C-4942-836B-F12F7DEA0B8B}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
2012-06-26 c:\windows\Tasks\User_Feed_Synchronization-{7F306578-A669-4BB9-9C62-2D4B2C9D6E80}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 1381208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 1460096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 15934496]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 82464]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0e9c05a9-a91c-42ec-8e77-0b1fc2b2143b%7D&mid=7fab1e16e9c647d0a6b0d15426906e76-cc2a1ca55867323915759095492a971517fd6611&ds=tt015&v=11.1.0.12&lang=de&pr=sa&d=2012-06-16%2016%3A10%3A09&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{18780ed6-1531-47da-bf90-c91f72f2b4ee} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{18780ED6-1531-47DA-BF90-C91F72F2B4EE} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1266670936-2579149240-1289076800-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bc,fe,85,ce,9b,6f,fc,b1,fb,78,84,fd,5f,96,59,50,f7,8b,09,c8,fe,65,ca,
   e4,4a,f6,98,e4,4f,81,62,1b,9e,2e,84,af,65,0e,92,63,80,73,5b,cf,10,59,22,ea,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1266670936-2579149240-1289076800-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,39,42,0c,e4,91,13,89,38,1c,e7,23,3c,43,ba,4f,2d,10,ef,cb,c4,
   82,4b,c2,61,4c,aa,2c,54,dd,bc,68,4e,1c,15,90,d5,11,50,73,cb,2f,27,8b,8f,89,\
"rkeysecu"=hex:47,0d,d1,31,38,1b,3d,6b,51,be,cd,8b,c6,24,8a,c1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-06-26  17:46:05
ComboFix-quarantined-files.txt  2012-06-26 15:46
ComboFix2.txt  2012-06-21 16:19
.
Vor Suchlauf: 25 Verzeichnis(se), 31.945.416.704 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 31.821.557.760 Bytes frei
.
- - End Of File - - 4175393D471714E3DF37222407008088
         
--- --- ---

Alt 28.06.2012, 06:27   #10
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Schritt 1: Fix mit adwCleaner

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2: CF-Script



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
FCOPY::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe | c:\windows\system32\services.exe
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 28.06.2012, 16:26   #11
Bertibert
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Hi Marius,

nachstehend das ADW u. ComboFix Log:

# AdwCleaner v1.700 - Logfile created 06/28/2012 at 17:01:05
# Updated 26/06/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Bertl - BERTL-PC
# Running from : C:\Users\Bertl\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Bertl\AppData\Local\Conduit
Deleted on reboot : C:\Users\Bertl\AppData\LocalLow\BabylonToolbar
Deleted on reboot : C:\Users\Bertl\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\Conduit
Deleted on reboot : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\ConduitCommon
Deleted on reboot : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\ConduitEngine
Deleted on reboot : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Deleted on reboot : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\extensions\engine@conduit.com
Deleted on reboot : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\extensions\ffxtlbr@babylon.com
Deleted on reboot : C:\Program Files\Babylon
Deleted on reboot : C:\Program Files (x86)\AskTBar
Deleted on reboot : C:\Program Files (x86)\Conduit
File Deleted : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3031783
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18372

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=nt_ss&affid=100474&mntrid=e03ecf7f000000000000001e2aac4342 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\prefs.js

Deleted : user_pref("CT2431245..clientLogIsEnabled", true);
Deleted : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2431245.CTID", "CT2431245");
Deleted : user_pref("CT2431245.CurrentServerDate", "31-12-2010");
Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2431245.DownloadReferralCookieData", "");
Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Fri Dec 31 2010 18:25:08 GMT+0100");
Deleted : user_pref("CT2431245.EnableClickToSearchBox", false);
Deleted : user_pref("CT2431245.EnableSearchHistory", false);
Deleted : user_pref("CT2431245.EnableSearchSuggest", false);
Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 1099);
Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Wed Dec 29 2010 20:24:52 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Wed Dec 29 2010 20:24:50 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Wed Dec 29 2010 20:24:52 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Wed Dec 29 2010 20:24:52 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Wed Dec 29 2010 20:24:50 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Wed Dec 29 2010 20:24:52 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Wed Dec 29 2010 20:24:52 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Wed Dec 29 2010 20:24:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2431245.FirstServerDate", "25-11-2010");
Deleted : user_pref("CT2431245.FirstTime", true);
Deleted : user_pref("CT2431245.FirstTimeFF3", true);
Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2431245.HasUserGlobalKeys", true);
Deleted : user_pref("CT2431245.Initialize", true);
Deleted : user_pref("CT2431245.InitializeCommonPrefs", true);
Deleted : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2431245.InstallationId", "integrated_CT2431245 .exe");
Deleted : user_pref("CT2431245.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2431245.InstalledDate", "Thu Nov 25 2010 18:31:30 GMT+0100");
Deleted : user_pref("CT2431245.InvalidateCache", false);
Deleted : user_pref("CT2431245.IsGrouping", false);
Deleted : user_pref("CT2431245.IsMulticommunity", false);
Deleted : user_pref("CT2431245.IsOpenThankYouPage", false);
Deleted : user_pref("CT2431245.IsOpenUninstallPage", true);
Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri Dec 31 2010 18:20:08 GMT+0100");
Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2431245.LastLogin_3.2.1.3", "Fri Dec 31 2010 18:20:08 GMT+0100");
Deleted : user_pref("CT2431245.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2431245.Locale", "de-de");
Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2431245.MCDetectTooltipShow", false);
Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2431245.RadioIsPodcast", false);
Deleted : user_pref("CT2431245.RadioLastCheckTime", "Fri Dec 31 2010 18:20:08 GMT+0100");
Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Deleted : user_pref("CT2431245.RadioMediaID", "20503672");
Deleted : user_pref("CT2431245.RadioMediaType", "Media Player");
Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Deleted : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Deleted : user_pref("CT2431245.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2431245.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri Dec 31 2010 18:20:08 GMT+0100");
Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2431245.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2431245.ServiceMapLastCheckTime", "Fri Dec 31 2010 18:20:08 GMT+0100");
Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Fri Dec 31 2010 18:20:07 GMT+0100");
Deleted : user_pref("CT2431245.SettingsLastUpdate", "1293612709");
Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Thu Dec 16 2010 18:56:47 GMT+0100");
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2431245.UserID", "UN51962569004590354");
Deleted : user_pref("CT2431245.ValidationData_Search", 0);
Deleted : user_pref("CT2431245.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2431245.WeatherNetwork", "");
Deleted : user_pref("CT2431245.WeatherPollDate", "Fri Dec 31 2010 18:20:09 GMT+0100");
Deleted : user_pref("CT2431245.WeatherUnit", "C");
Deleted : user_pref("CT2431245.alertChannelId", "825452");
Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT2431245.components.1000080", true);
Deleted : user_pref("CT2431245.components.1042240440808890403", false);
Deleted : user_pref("CT2431245.components.129009402593156547", false);
Deleted : user_pref("CT2431245.components.129009402595187825", false);
Deleted : user_pref("CT2431245.components.129009402595656583", false);
Deleted : user_pref("CT2431245.components.129009402596594108", false);
Deleted : user_pref("CT2431245.components.129235916598147545", false);
Deleted : user_pref("CT2431245.components.2474961556328767918", false);
Deleted : user_pref("CT2431245.components.3101995424177833784", false);
Deleted : user_pref("CT2431245.components.5605168323123821535", false);
Deleted : user_pref("CT2431245.myStuffEnabled", true);
Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2431245.testingCtid", "");
Deleted : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Fri Dec 31 2010 18:20:08 GMT+0100");
Deleted : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Thu Nov 25 2010 18:31:32 GMT+0100");
Deleted : user_pref("CT2431245.usageEnabled", false);
Deleted : user_pref("CT2431245.usagesFlag", 2);
Deleted : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Deleted : user_pref("CT2475029.CTID", "ct2481020");
Deleted : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Sat Aug 28 2010 18:37:18 GMT+0200");
Deleted : user_pref("CT2475029.CommunityChanged", true);
Deleted : user_pref("CT2475029.CurrentServerDate", "28-8-2010");
Deleted : user_pref("CT2475029.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Sun Aug 22 2010 13:47:21 GMT+0200");
Deleted : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201073583");
Deleted : user_pref("CT2475029.EMailNotifierPollDate", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.ExternalComponentPollDate129077842555155326", "Sat Aug 28 2010 18:37:18 GMT+020[...]
Deleted : user_pref("CT2475029.ExternalComponentPollDate129078508355624514", "Sun Aug 22 2010 13:47:21 GMT+020[...]
Deleted : user_pref("CT2475029.FeedLastCount129133095456874337", 0);
Deleted : user_pref("CT2475029.FeedLastCount6244576562585401993", 0);
Deleted : user_pref("CT2475029.FeedPollDate129076849370150342", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076850042182211", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076850596400916", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076850791868756", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076852434375419", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076853083906444", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076854010937606", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076855068438037", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076855340312884", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076855597344292", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076855883906472", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076856408281730", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076856723281882", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076856982969262", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076857229219583", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076857478587121", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129076858014837073", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029379", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029381", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029382", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129133095459686870", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129133095459686871", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137419319063373", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137419319063374", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137435445312162", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137435445312163", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137435445312164", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137435445312165", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687146", "Sun Aug 22 2010 13:47:21 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687147", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687148", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214602500", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214602506", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214602512", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214602518", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214602524", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214602530", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603404", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603410", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603416", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603422", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603428", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603434", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603440", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603446", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603452", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603458", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603464", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603470", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603476", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603482", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603488", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214603494", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758786", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758792", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758798", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758804", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758810", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758816", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758822", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758828", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758834", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758840", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758846", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758852", "Sun Aug 22 2010 13:47:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758858", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758864", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758870", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758876", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758882", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758888", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758894", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758900", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758906", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758912", "Sun Aug 22 2010 13:47:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758918", "Sun Aug 22 2010 13:47:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758924", "Sun Aug 22 2010 13:47:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758930", "Sun Aug 22 2010 13:47:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758936", "Sun Aug 22 2010 13:47:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758942", "Sun Aug 22 2010 13:47:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758948", "Sun Aug 22 2010 13:47:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758954", "Sun Aug 22 2010 13:47:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129255180214758960", "Sun Aug 22 2010 13:47:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedTTL129076850596400916", 5);
Deleted : user_pref("CT2475029.FeedTTL129076850791868756", 5);
Deleted : user_pref("CT2475029.FeedTTL129076855068438037", 2);
Deleted : user_pref("CT2475029.FeedTTL129076856723281882", 5);
Deleted : user_pref("CT2475029.FeedTTL129076857229219583", 30);
Deleted : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Deleted : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Deleted : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Deleted : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Deleted : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Deleted : user_pref("CT2475029.FeedTTL129137419319063373", 40);
Deleted : user_pref("CT2475029.FeedTTL129137419319063374", 40);
Deleted : user_pref("CT2475029.FeedTTL129137435445312162", 40);
Deleted : user_pref("CT2475029.FeedTTL129137435445312163", 40);
Deleted : user_pref("CT2475029.FeedTTL129137435445312164", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Deleted : user_pref("CT2475029.FeedTTL129255180214602500", 15);
Deleted : user_pref("CT2475029.FeedTTL129255180214602512", 30);
Deleted : user_pref("CT2475029.FeedTTL129255180214602518", 5);
Deleted : user_pref("CT2475029.FeedTTL129255180214602524", 5);
Deleted : user_pref("CT2475029.FeedTTL129255180214603416", 15);
Deleted : user_pref("CT2475029.FeedTTL129255180214603428", 60);
Deleted : user_pref("CT2475029.FeedTTL129255180214603482", 60);
Deleted : user_pref("CT2475029.FeedTTL129255180214603488", 15);
Deleted : user_pref("CT2475029.FeedTTL129255180214603494", 2);
Deleted : user_pref("CT2475029.FeedTTL129255180214758786", 5);
Deleted : user_pref("CT2475029.FeedTTL129255180214758798", 30);
Deleted : user_pref("CT2475029.FeedTTL129255180214758804", 30);
Deleted : user_pref("CT2475029.FeedTTL129255180214758828", 15);
Deleted : user_pref("CT2475029.FeedTTL129255180214758840", 15);
Deleted : user_pref("CT2475029.FeedTTL129255180214758846", 15);
Deleted : user_pref("CT2475029.FeedTTL129255180214758852", 15);
Deleted : user_pref("CT2475029.FeedTTL129255180214758870", 1440);
Deleted : user_pref("CT2475029.FeedTTL129255180214758900", 10);
Deleted : user_pref("CT2475029.FeedTTL129255180214758918", 5);
Deleted : user_pref("CT2475029.FirstServerDate", "22-8-2010");
Deleted : user_pref("CT2475029.FirstTime", true);
Deleted : user_pref("CT2475029.FirstTimeFF3", true);
Deleted : user_pref("CT2475029.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2475029.GroupingLastCheckTime", "Sat Aug 28 2010 18:37:18 GMT+0200");
Deleted : user_pref("CT2475029.GroupingLastErrorCode", "");
Deleted : user_pref("CT2475029.GroupingLastResponse", true);
Deleted : user_pref("CT2475029.GroupingLastServerUpdateTime", "129255305901670000");
Deleted : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2475029.Initialize", true);
Deleted : user_pref("CT2475029.InitializeCommonPrefs", true);
Deleted : user_pref("CT2475029.InstalledDate", "Sun Aug 22 2010 13:47:21 GMT+0200");
Deleted : user_pref("CT2475029.InvalidateCache", false);
Deleted : user_pref("CT2475029.IsGrouping", true);
Deleted : user_pref("CT2475029.IsMulticommunity", true);
Deleted : user_pref("CT2475029.IsOpenThankYouPage", false);
Deleted : user_pref("CT2475029.IsOpenUninstallPage", true);
Deleted : user_pref("CT2475029.LanguagePackLastCheckTime", "Sun Aug 22 2010 13:47:23 GMT+0200");
Deleted : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2475029.LastLogin_2.5.6.0", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2475029.Locale", "en");
Deleted : user_pref("CT2475029.LoginCache", 4);
Deleted : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2475029.RadioIsPodcast", false);
Deleted : user_pref("CT2475029.RadioLastCheckTime", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2475029.RadioMediaID", "9962");
Deleted : user_pref("CT2475029.RadioMediaType", "Media Player");
Deleted : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT24750299962");
Deleted : user_pref("CT2475029.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2475029.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2475029.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2475029.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2475029.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Deleted : user_pref("CT2475029.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Sun Aug 22 2010 13:47:22 GMT+0200");
Deleted : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2475029.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2475029.SettingsLastCheckTime", "Sun Aug 22 2010 13:47:20 GMT+0200");
Deleted : user_pref("CT2475029.SettingsLastUpdate", "1281049790");
Deleted : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Sun Aug 22 2010 13:47:19 GMT+0200");
Deleted : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2475029.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2475029.Uninstall", true);
Deleted : user_pref("CT2475029.UserID", "UN64815417730878615");
Deleted : user_pref("CT2475029.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2475029.WeatherNetwork", "");
Deleted : user_pref("CT2475029.WeatherPollDate", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.WeatherUnit", "C");
Deleted : user_pref("CT2475029.clientLogIsEnabled", true);
Deleted : user_pref("CT2475029.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 772);
Deleted : user_pref("CT2475029.ct2481020.FeedLastCount129137419315157090", 250);
Deleted : user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false);
Deleted : user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Sat Aug 28 2010 18:37:18 GMT+0200");
Deleted : user_pref("CT2475029.ct2481020.GroupingLastErrorCode", "");
Deleted : user_pref("CT2475029.ct2481020.GroupingLastResponse", true);
Deleted : user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129255876733100000");
Deleted : user_pref("CT2475029.ct2481020.InvalidateCache", false);
Deleted : user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Sat Aug 28 2010 18:37:20 GMT+0200");
Deleted : user_pref("CT2475029.ct2481020.Locale", "de");
Deleted : user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Sat Aug 28 2010 18:37:19 GMT+0200");
Deleted : user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2475029.ct2481020.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Sat Aug 28 2010 18:37:18 GMT+0200");
Deleted : user_pref("CT2475029.ct2481020.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Sat Aug 28 2010 18:37:18 GMT+0200");
Deleted : user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1281106873");
Deleted : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Sun Aug 22 2010 13:47:21 GMT+0200");
Deleted : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2475029.myStuffEnabled", true);
Deleted : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2475029.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT3031783..clientLogIsEnabled", false);
Deleted : user_pref("CT3031783..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3031783..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3031783.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3031783.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3031783.AppTrackingLastCheckTime", "Sun Sep 04 2011 13:42:13 GMT+0200");
Deleted : user_pref("CT3031783.BrowserCompStateIsOpen_8610255194464392783", true);
Deleted : user_pref("CT3031783.CTID", "CT3031783");
Deleted : user_pref("CT3031783.CurrentServerDate", "8-2-2012");
Deleted : user_pref("CT3031783.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3031783.DialogsGetterLastCheckTime", "Tue Feb 07 2012 17:52:30 GMT+0100");
Deleted : user_pref("CT3031783.DownloadReferralCookieData", "");
Deleted : user_pref("CT3031783.EMailNotifierPollDate", "Wed Feb 08 2012 00:05:27 GMT+0100");
Deleted : user_pref("CT3031783.FirstServerDate", "31-8-2011");
Deleted : user_pref("CT3031783.FirstTime", true);
Deleted : user_pref("CT3031783.FirstTimeFF3", true);
Deleted : user_pref("CT3031783.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3031783.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3031783.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3031783.HasUserGlobalKeys", true);
Deleted : user_pref("CT3031783.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3031783.HomepageBeforeUnload", "hxxp://www.google.at/");
Deleted : user_pref("CT3031783.Initialize", true);
Deleted : user_pref("CT3031783.InitializeCommonPrefs", true);
Deleted : user_pref("CT3031783.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3031783.InstallationId", "CT3031783_Softonic-Austria_.exe");
Deleted : user_pref("CT3031783.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT3031783.InstalledDate", "Wed Aug 31 2011 12:04:29 GMT+0200");
Deleted : user_pref("CT3031783.InvalidateCache", false);
Deleted : user_pref("CT3031783.IsAlertDBUpdated", true);
Deleted : user_pref("CT3031783.IsGrouping", false);
Deleted : user_pref("CT3031783.IsInitSetupIni", true);
Deleted : user_pref("CT3031783.IsMulticommunity", false);
Deleted : user_pref("CT3031783.IsOpenThankYouPage", false);
Deleted : user_pref("CT3031783.IsOpenUninstallPage", true);
Deleted : user_pref("CT3031783.LanguagePackLastCheckTime", "Tue Feb 07 2012 20:27:54 GMT+0100");
Deleted : user_pref("CT3031783.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3031783.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3031783.LastLogin_3.6.0.10", "Tue Sep 27 2011 20:47:32 GMT+0200");
Deleted : user_pref("CT3031783.LastLogin_3.7.0.6", "Mon Nov 07 2011 22:10:11 GMT+0100");
Deleted : user_pref("CT3031783.LastLogin_3.8.0.8", "Wed Dec 28 2011 22:08:18 GMT+0100");
Deleted : user_pref("CT3031783.LastLogin_3.8.1.0", "Tue Jan 31 2012 21:26:47 GMT+0100");
Deleted : user_pref("CT3031783.LastLogin_3.9.0.3", "Tue Feb 07 2012 22:10:28 GMT+0100");
Deleted : user_pref("CT3031783.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT3031783.Locale", "de");
Deleted : user_pref("CT3031783.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3031783.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3031783.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3031783.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3031783.OriginalFirstVersion", "3.6.0.10");
Deleted : user_pref("CT3031783.RadioIsPodcast", false);
Deleted : user_pref("CT3031783.RadioLastCheckTime", "Tue Feb 07 2012 20:28:04 GMT+0100");
Deleted : user_pref("CT3031783.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3031783.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3031783.RadioMediaID", "9962");
Deleted : user_pref("CT3031783.RadioMediaType", "Media Player");
Deleted : user_pref("CT3031783.RadioMenuSelectedID", "EBRadioMenu_CT30317839962");
Deleted : user_pref("CT3031783.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3031783.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3031783.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3031783.SearchEngineBeforeUnload", "Search the web (Babylon)");
Deleted : user_pref("CT3031783.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3031783.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT303[...]
Deleted : user_pref("CT3031783.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3031783.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3031783.SearchInNewTabLastCheckTime", "Tue Feb 07 2012 20:27:54 GMT+0100");
Deleted : user_pref("CT3031783.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3031783.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3031783.SearchProtectorEnabled", false);
Deleted : user_pref("CT3031783.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3031783.ServiceMapLastCheckTime", "Tue Feb 07 2012 20:27:55 GMT+0100");
Deleted : user_pref("CT3031783.SettingsLastCheckTime", "Tue Feb 07 2012 22:10:27 GMT+0100");
Deleted : user_pref("CT3031783.SettingsLastUpdate", "1326635813");
Deleted : user_pref("CT3031783.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3031783.ThirdPartyComponentsLastCheck", "Tue Jan 31 2012 21:26:42 GMT+0100");
Deleted : user_pref("CT3031783.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT3031783.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3031783.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3031783");
Deleted : user_pref("CT3031783.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3031783.UserID", "UN73065455011559953");
Deleted : user_pref("CT3031783.alertChannelId", "1423362");
Deleted : user_pref("CT3031783.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3031783.globalFirstTimeInfoLastCheckTime", "Tue Jan 31 2012 21:26:47 GMT+0100");
Deleted : user_pref("CT3031783.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3031783.initDone", true);
Deleted : user_pref("CT3031783.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3031783.isFirstRadioInstallation", false);
Deleted : user_pref("CT3031783.myStuffEnabled", true);
Deleted : user_pref("CT3031783.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3031783.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3031783.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3031783.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3031783.oldAppsList", "129524549382877183,129524549383316610,111,978563551247984904,217[...]
Deleted : user_pref("CT3031783.revertSettingsEnabled", false);
Deleted : user_pref("CT3031783.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3031783.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3031783.testingCtid", "");
Deleted : user_pref("CT3031783.toolbarAppMetaDataLastCheckTime", "Tue Feb 07 2012 20:27:54 GMT+0100");
Deleted : user_pref("CT3031783.toolbarContextMenuLastCheckTime", "Tue Jan 31 2012 21:26:47 GMT+0100");
Deleted : user_pref("CT3031783.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3031783/CT3031783[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1423362/1419017/AT", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/AT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DEFAULT", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3031783", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3031783",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3031783&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT2431245&octid=CT[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/Newtab/Softonic/CT2431245.xml", "\"07ba0[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"420[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2431245");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Bertl\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2475029,CT2431245,ConduitEngine,CT3031783");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029,CT2431245,CT3031783");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3031783");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 09 2011 22:01:01 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 11:13:24 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 16:38:31 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "acb579a7-7b4c-44c8-91ee-c6b711398db3");
Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "2.2pppw9MzK6Rb07ZmPVqd9A__.86400.1292594400-10000[...]
Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "3bHGzZECMAu4QfEE92SSLQ__");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Dec 28 2010 18:14:41 GMT+0100");
Deleted : user_pref("CommunityToolbar.facebook.userId", "100001671677037");
Deleted : user_pref("CommunityToolbar.globalUserId", "d404a7d7-9307-4254-930a-07bd46f56f13");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3031783");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Feb 07 2012 21:26:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 07 2012 20:28:02 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 07 2012 20:27:54 GMT+0100");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "aa0a6801-500e-45ee-9324-0257bbafaa03");
Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Sun Aug 22 2010 13:47:21 GMT+0200"[...]
Deleted : user_pref("CommunityToolbar.twitter.user_19345231.LastCheckTime", "Sat Aug 28 2010 18:37:19 GMT+0200[...]
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 08 2011 20:03:08 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 26 2011 16:38:33 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "11/25/2010 19");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Nov 25 2010 18:31:30 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jun 26 2011 16:38:33 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Fri Dec 31 2010 18:20:08 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Jun 26 2011 16:38:33 GMT+0200");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Jun 26 2011 16:38:33 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN69376157110948959");
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 26 2011 16:38:33 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jun 26 2011 16:38:33 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "e03ecf7f000000000000001e2aac4342");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15217");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1012:02:41");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 67216037);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1012:02:41");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B0e9c05a9-a91c-42ec-8e77-0b1fc2b2143b%[...]

Profile name : default
File : C:\Users\Schatzi\AppData\Roaming\Mozilla\Firefox\Profiles\zx4la13v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v19.0.1084.56

File : C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "name": "Babylon Chrome Plugin",
Deleted : "path": "C:\\Users\\Bertl\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\[...]
Deleted : "name": "Babylon Chrome Plugin"

*************************

AdwCleaner[S1].txt - [58194 octets] - [28/06/2012 17:01:05]

########## EOF - C:\AdwCleaner[S1].txt - [58323 octets] ##########

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-28.01 - Bertl 28.06.2012  17:12:19.3.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3006.1836 [GMT 2:00]
ausgeführt von:: c:\users\Bertl\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bertl\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --> c:\windows\system32\services.exe
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-28  ))))))))))))))))))))))))))))))
.
.
2012-06-28 15:19 . 2012-06-28 15:19	--------	d-----w-	c:\users\Schatzi\AppData\Local\temp
2012-06-28 15:19 . 2012-06-28 15:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-28 15:19 . 2012-06-28 15:19	--------	d-----w-	c:\users\Bertl\AppData\Local\temp
2012-06-26 15:01 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{11E8DBC0-EA8F-4239-A16F-0665A0DCB00B}\mpengine.dll
2012-06-21 15:16 . 2012-06-21 15:16	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-21 15:00 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 15:00 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 15:00 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 15:00 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 15:00 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 15:00 . 2012-06-02 22:19	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-21 15:00 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 15:00 . 2012-06-02 22:19	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-21 15:00 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 15:00 . 2012-06-02 22:12	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-21 14:59 . 2012-06-02 13:19	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-21 14:59 . 2012-06-02 13:12	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-06-21 14:59 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 14:59 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 14:59 . 2012-06-19 15:34	--------	d-----w-	C:\sh4ldr
2012-06-19 14:59 . 2012-06-19 14:59	--------	d-----w-	c:\program files\Enigma Software Group
2012-06-19 14:58 . 2012-06-19 15:34	--------	d-----w-	c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-19 14:45 . 2012-06-19 14:45	--------	d-----w-	c:\users\Bertl\AppData\Roaming\SpeedyPC Software
2012-06-19 14:45 . 2012-06-19 14:45	--------	d-----w-	c:\users\Bertl\AppData\Roaming\DriverCure
2012-06-19 14:45 . 2012-06-19 15:31	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-06-18 15:42 . 2012-06-18 15:42	--------	d-----w-	C:\_OTL
2012-06-17 11:34 . 2012-06-17 11:34	--------	d-----w-	c:\program files (x86)\ESET
2012-06-16 14:13 . 2012-06-16 14:13	--------	d-----w-	c:\users\Bertl\AppData\Roaming\Malwarebytes
2012-06-16 14:12 . 2012-06-16 14:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-16 14:12 . 2012-06-18 15:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-16 14:12 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-16 14:10 . 2012-05-29 11:09	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2012-06-16 14:10 . 2012-05-29 11:09	25952	----a-w-	c:\windows\system32\authuitu.dll
2012-06-16 14:10 . 2012-05-29 11:09	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-06-16 14:07 . 2012-06-16 14:07	--------	d-----w-	c:\users\Bertl\AppData\Roaming\TuneUp Software
2012-06-16 14:07 . 2012-06-16 14:10	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2012-06-16 14:04 . 2012-06-16 14:11	--------	d-----w-	c:\programdata\TuneUp Software
2012-06-16 14:04 . 2012-06-16 14:04	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-16 14:04 . 2012-06-16 14:04	--------	d-----w-	c:\programdata\Common Files
2012-06-14 15:04 . 2012-05-01 14:29	209920	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 15:04 . 2012-05-15 20:15	2767360	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 15:04 . 2012-04-23 16:25	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-14 15:04 . 2012-04-23 16:25	1267200	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 15:04 . 2012-04-23 16:00	984064	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-14 15:04 . 2012-04-23 16:25	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 15:04 . 2012-04-23 16:00	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-14 15:04 . 2012-04-23 16:00	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-10 15:15 . 2012-06-10 15:15	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 15:15 . 2012-06-10 15:15	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-10 14:32 . 2012-06-10 14:32	--------	d-----w-	c:\users\Bertl\dwhelper
2012-06-09 16:13 . 2012-06-09 16:13	--------	d-----w-	c:\users\Bertl\AppData\Local\Macromedia
2012-05-29 19:36 . 2012-06-23 16:43	--------	d-----w-	c:\program files (x86)\Diablo III
2012-05-29 19:36 . 2012-05-29 19:59	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-05-29 19:34 . 2012-05-29 19:34	--------	d-----w-	c:\programdata\Battle.net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 16:07 . 2012-04-14 15:07	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 16:07 . 2011-06-08 18:02	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:46 . 2011-12-28 21:27	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 17:46 . 2011-12-28 21:27	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 16:41 . 2012-05-05 16:41	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-07 16:05 . 2012-04-07 16:05	777488	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 08:22 . 2012-05-08 22:05	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-26 22:22 . 2012-03-26 22:22	3993600	----a-w-	c:\program files (x86)\GUT3F09.tmp
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-21_16.13.00   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-06-28 15:17	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-06-21 15:10	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-06-21 15:10	98304              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-06-28 15:17	98304              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-06-28 15:17	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-06-21 15:10	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-06-28 15:04	78164              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-28 15:04	78408              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-09 16:44 . 2012-06-28 15:04	22958              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1266670936-2579149240-1289076800-1000_UserData.bin
- 2009-01-29 07:53 . 2012-06-16 14:11	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-01-29 07:53 . 2012-06-26 14:52	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-04-09 16:43 . 2012-06-21 15:33	81920              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-09 16:43 . 2012-06-28 14:47	81920              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-05 19:36 . 2012-06-15 16:06	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-05 19:36 . 2012-06-24 15:23	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-05 19:36 . 2012-06-15 16:06	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-05 19:36 . 2012-06-24 15:23	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-05 19:36 . 2012-06-24 15:23	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-05 19:36 . 2012-06-15 16:06	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-23 17:57 . 2012-06-16 11:28	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-23 17:57 . 2012-06-24 15:23	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-23 17:57 . 2012-06-24 15:23	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-23 17:57 . 2012-06-16 11:28	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-28 15:02 . 2012-06-28 15:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 16:12 . 2012-06-21 16:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-28 15:02 . 2012-06-28 15:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-21 16:12 . 2012-06-21 16:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-30 16:03 . 2012-06-24 22:00	217202              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-04-09 16:43 . 2012-06-21 15:33	786432              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-09 16:43 . 2012-06-28 14:47	786432              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-09 16:43 . 2012-06-28 14:47	114688              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-09 16:43 . 2012-06-21 15:33	114688              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-11 15:34 . 2012-06-28 15:01	238948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-06-11 15:34 . 2012-06-21 16:11	238948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-20 17:22 . 2012-06-26 16:45	475244              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1266670936-2579149240-1289076800-1000-12288.dat
- 2010-06-20 17:22 . 2012-06-17 21:42	475244              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1266670936-2579149240-1289076800-1000-12288.dat
+ 2010-06-12 17:16 . 2012-06-28 15:01	1081952              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1266670936-2579149240-1289076800-1000-8192.dat
- 2010-06-12 17:16 . 2012-06-21 16:11	1081952              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1266670936-2579149240-1289076800-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-04 1242448]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Sony Ericsson PC Suite"="c:\program files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-15 57344]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Tele2 LiveUpdate"="c:\program files (x86)\Tele2\LiveUpdate\LiveupdateClient.exe" [2010-06-18 4553080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-27 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-21 27648]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-23 19:24]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 16:53]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 16:53]
.
2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{35305DF5-FA23-4540-B1EF-651FF0A50A46}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{5F3B6BE1-C64C-4942-836B-F12F7DEA0B8B}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{7F306578-A669-4BB9-9C62-2D4B2C9D6E80}.job
- c:\windows\system32\msfeedssync.exe [2009-01-28 10:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 1381208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 1460096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 15934496]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 82464]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1266670936-2579149240-1289076800-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bc,fe,85,ce,9b,6f,fc,b1,fb,78,84,fd,5f,96,59,50,f7,8b,09,c8,fe,65,ca,
   e4,4a,f6,98,e4,4f,81,62,1b,9e,2e,84,af,65,0e,92,63,80,73,5b,cf,10,59,22,ea,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1266670936-2579149240-1289076800-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,39,42,0c,e4,91,13,89,38,1c,e7,23,3c,43,ba,4f,2d,10,ef,cb,c4,
   82,4b,c2,61,4c,aa,2c,54,dd,bc,68,4e,1c,15,90,d5,11,50,73,cb,2f,27,8b,8f,89,\
"rkeysecu"=hex:47,0d,d1,31,38,1b,3d,6b,51,be,cd,8b,c6,24,8a,c1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-06-28  17:21:49
ComboFix-quarantined-files.txt  2012-06-28 15:21
ComboFix2.txt  2012-06-21 16:19
.
Vor Suchlauf: 24 Verzeichnis(se), 31.679.873.024 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 31.106.224.128 Bytes frei
.
- - End Of File - - 5C928649B4615E62534CB71DE2F7228A
         
--- --- ---

Alt 29.06.2012, 07:30   #12
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Schritt 1: Fix mit adwCleaner


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2: Neues OTL-Log


Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 29.06.2012, 15:50   #13
Bertibert
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Hi Marius,

nachstehend die Ergebnisse:

# AdwCleaner v1.700 - Logfile created 06/29/2012 at 16:25:24
# Updated 26/06/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Bertl - BERTL-PC
# Running from : C:\Users\Bertl\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18372

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Schatzi\AppData\Roaming\Mozilla\Firefox\Profiles\zx4la13v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v19.0.1084.56

File : C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [58323 octets] - [28/06/2012 17:01:05]
AdwCleaner[S2].txt - [1057 octets] - [29/06/2012 16:25:24]

########## EOF - C:\AdwCleaner[S2].txt - [1185 octets] ##########OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.06.2012 16:36:27 - Run 3
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Bertl\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 60,37% Memory free
6,09 Gb Paging File | 4,67 Gb Available in Paging File | 76,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 28,75 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive D: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BERTL-PC | User Name: Bertl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bertl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files (x86)\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll ()
MOD - C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ISPwdSvc) -- C:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMIDS) -- C:\Windows\SysNative\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV:64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV:64bit: - (SYMDNS) -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (s816mdm) -- C:\Windows\SysNative\DRIVERS\s816mdm.sys (MCCI Corporation)
DRV:64bit: - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\SysNative\DRIVERS\s816unic.sys (MCCI)
DRV:64bit: - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s816mgmt.sys (MCCI Corporation)
DRV:64bit: - (s816obex) -- C:\Windows\SysNative\DRIVERS\s816obex.sys (MCCI Corporation)
DRV:64bit: - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\SysNative\DRIVERS\s816nd5.sys (MCCI Corporation)
DRV:64bit: - (s816mdfl) -- C:\Windows\SysNative\DRIVERS\s816mdfl.sys (MCCI Corporation)
DRV:64bit: - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s816bus.sys (MCCI Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\wg111v3.sys (NETGEAR Inc.                           )
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\DRIVERS\point64k.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\DRIVERS\JGOGO.sys (JMicron )
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080513.001\IDSviA64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = hxxp://www.zumie.com/?prt=ZUMIE136&keywords={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}&Form=IE8SRC
IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = hxxp://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 18:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:51:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 18:05:59 | 000,000,000 | ---D | M]
 
[2009.03.07 14:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Extensions
[2009.03.07 14:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.06.28 17:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions
[2011.06.02 11:12:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.04.07 14:20:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.20 23:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.05.16 17:10:22 | 000,000,000 | ---D | M] (WordSearch) -- C:\Program Files (x86)\mozilla firefox\extensions\{32A8BD73-1A5E-4a89-9939-AE6244253795}
[2008.05.16 17:09:13 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Program Files (x86)\mozilla firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2012.06.18 16:51:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 17:50:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.10 19:03:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.10 19:03:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.10 19:03:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.10 19:03:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.10 19:03:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.10 19:03:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DealPly = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Google Mail = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.06.21 18:10:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [Tele2 LiveUpdate] C:\Program Files (x86)\Tele2\LiveUpdate\LiveupdateClient.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AF0B599-BB18-465E-8F32-C296665C488A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A6C986-EF78-47F5-BDD5-66E75D2CEE69}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bertl\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bertl\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.01 20:44:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 16:34:25 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Bertl\Desktop\OTL.exe
[2012.06.29 16:19:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.28 17:21:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.28 17:21:51 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Local\temp
[2012.06.28 17:07:08 | 004,570,589 | R--- | C] (Swearware) -- C:\Users\Bertl\Desktop\ComboFix.exe
[2012.06.21 18:00:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.21 18:00:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.21 18:00:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.21 17:16:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.06.21 17:03:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.21 17:02:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.21 17:00:49 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 17:00:49 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 17:00:48 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 17:00:05 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 17:00:05 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.06.21 17:00:05 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 17:00:05 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.06.21 17:00:05 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 17:00:05 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.06.21 16:59:40 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.06.21 16:59:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012.06.21 16:59:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 16:59:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.20 16:39:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Bertl\Desktop\aswMBR.exe
[2012.06.19 17:34:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.06.19 16:59:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.06.19 16:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.06.19 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\SpeedyPC Software
[2012.06.19 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\DriverCure
[2012.06.19 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.06.18 17:42:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.17 14:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.06.17 14:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.06.17 13:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.16 16:13:20 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\Malwarebytes
[2012.06.16 16:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.16 16:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.16 16:12:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.16 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.16 16:10:48 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.06.16 16:10:39 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.06.16 16:10:39 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.06.16 16:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.06.16 16:07:36 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\TuneUp Software
[2012.06.16 16:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.06.16 16:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.16 16:04:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.16 16:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012.06.14 17:04:07 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 17:04:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.10 16:32:10 | 000,000,000 | ---D | C] -- C:\Users\Bertl\dwhelper
[2012.06.09 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Local\Macromedia
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 16:40:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{35305DF5-FA23-4540-B1EF-651FF0A50A46}.job
[2012.06.29 16:40:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7F306578-A669-4BB9-9C62-2D4B2C9D6E80}.job
[2012.06.29 16:40:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F3B6BE1-C64C-4942-836B-F12F7DEA0B8B}.job
[2012.06.29 16:34:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bertl\Desktop\OTL.exe
[2012.06.29 16:31:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.29 16:30:57 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 16:30:57 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 16:30:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 16:27:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.28 17:07:17 | 004,570,589 | R--- | M] (Swearware) -- C:\Users\Bertl\Desktop\ComboFix.exe
[2012.06.28 17:00:19 | 000,609,365 | ---- | M] () -- C:\Users\Bertl\Desktop\adwcleaner.exe
[2012.06.23 12:41:11 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.06.21 18:10:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.20 16:40:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Bertl\Desktop\aswMBR.exe
[2012.06.20 16:34:13 | 000,458,240 | ---- | M] () -- C:\Users\Bertl\Desktop\CKScanner.exe
[2012.06.19 17:49:41 | 000,000,000 | ---- | M] () -- C:\Users\Bertl\defogger_reenable
[2012.06.18 17:45:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.17 15:06:15 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft-Tastatur.lnk
[2012.06.17 15:06:15 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft-Maus.lnk
[2012.06.17 15:06:15 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.06.17 15:06:12 | 000,001,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.06.16 16:10:33 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.16 16:10:33 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.15 17:35:19 | 000,261,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 17:26:13 | 001,699,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 17:26:13 | 000,714,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 17:26:13 | 000,668,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 17:26:13 | 000,163,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 17:26:13 | 000,133,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.12 17:30:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.09 18:07:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.09 18:07:51 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.28 17:00:18 | 000,609,365 | ---- | C] () -- C:\Users\Bertl\Desktop\adwcleaner.exe
[2012.06.21 18:00:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.21 18:00:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.21 18:00:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.21 18:00:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.21 18:00:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.20 16:34:12 | 000,458,240 | ---- | C] () -- C:\Users\Bertl\Desktop\CKScanner.exe
[2012.06.19 17:49:41 | 000,000,000 | ---- | C] () -- C:\Users\Bertl\defogger_reenable
[2012.06.17 14:34:27 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.06.17 14:34:24 | 000,001,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.06.16 16:12:31 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.16 16:10:33 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.16 16:10:33 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.16 16:10:31 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.01.31 22:27:38 | 000,002,048 | -HS- | C] () -- C:\Users\Bertl\AppData\Local\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\@
[2011.10.27 18:56:50 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2011.02.10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010.12.29 02:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.24 14:21:18 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe
[2009.04.23 12:58:35 | 000,000,680 | RHS- | C] () -- C:\Users\Bertl\ntuser.pol
[2009.03.09 20:16:17 | 000,007,592 | ---- | C] () -- C:\Users\Bertl\AppData\Local\d3d9caps.dat
[2008.10.25 16:57:24 | 000,024,226 | ---- | C] () -- C:\Users\Bertl\AppData\Roaming\UserTile.png
[2008.10.21 20:41:07 | 000,001,074 | ---- | C] () -- C:\Users\Bertl\AppData\Local\8DA1D22E.il
[2008.10.21 20:41:07 | 000,000,280 | ---- | C] () -- C:\Users\Bertl\AppData\Local\IndexIE_8DA1D22E.il
[2008.05.21 12:27:18 | 000,001,024 | ---- | C] () -- C:\Users\Bertl\.rnd
[2008.05.16 17:10:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.04.20 16:56:36 | 000,137,728 | ---- | C] () -- C:\Users\Bertl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.12 12:24:19 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.04.09 21:31:13 | 000,000,093 | ---- | C] () -- C:\Users\Bertl\AppData\Local\fusioncache.dat
[2008.04.09 18:42:24 | 000,000,732 | ---- | C] () -- C:\Users\Bertl\AppData\Local\d3d9caps64.dat

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.06.2012 16:36:27 - Run 3
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Bertl\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 60,37% Memory free
6,09 Gb Paging File | 4,67 Gb Available in Paging File | 76,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 28,75 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive D: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BERTL-PC | User Name: Bertl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = F4 73 94 E5 89 3F CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{65056977-B89E-431E-9F3A-41B718B8719D}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{6ECD0A38-207B-41B3-815C-68BFF37520C6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{E25645D0-4EA8-4FB4-BA26-B70F9069FA6E}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{12CC744A-0B07-45A6-B47E-51D82F2762F7}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{98EB4912-CC5D-4EDA-A5C7-894E9F5EF5A3}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{C3863116-1FDB-47A7-8DC0-E3583443AE9A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23368BEC-C396-4A52-B2DD-2C847586ACAE}" = ccCommon64
"{A927737F-8C1C-46BE-A85B-E4246CF75D0D}" = Microsoft IntelliType Pro 6.1
"{AD5BAA95-657F-4D81-8E07-D0882C2E8985}" = Microsoft IntelliPoint 6.1
"{BEA7E82C-CEC9-4027-A4A3-C6ADBD8D69D0}" = SymNet x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F0309609-E415-42C8-8C61-2483EBA338E9}" = Sony Ericsson PC Suite x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33917C92-900D-4F37-9017-3929FFA5619F}" = CableLink InfoCenter
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD05E71-618C-4494-A2BD-9C0B2FC6ADEE}" = Tele2 Internet
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AllDup_is1" = AllDup 2.0.10
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira Free Antivirus
"CableLink InfoCenter" = CableLink InfoCenter
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"Free Download Manager_is1" = Free Download Manager 3.0
"FrostWire" = FrostWire 4.21.8
"FrostWire 5" = FrostWire 5.1.4
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Patch-Master" = Patch-Master
"Revo Uninstaller" = Revo Uninstaller 1.92
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SystemRequirementsLab" = System Requirements Lab
"Tele2 Internet" = Tele2 Internet
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VideoLAN VLC media player 0.8.6e
"WordSearcher" = WordSearcher
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2012 08:57:40 | Computer Name = Bertl-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_257.exe, Version 
11.3.300.257, Zeitstempel 0x4fc82063, fehlerhaftes Modul NPSWF32_11_3_300_257.dll,
 Version 11.3.300.257, Zeitstempel 0x4fc821fc, Ausnahmecode 0xc0000005, Fehleroffset
 0x0016b4bd,  Prozess-ID 0x25f4, Anwendungsstartzeit 01cd513f52800eb0.
 
Error - 24.06.2012 18:01:41 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.06.2012 11:22:27 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.06.2012 11:22:28 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Bertl\Downloads\esetsmartinstaller_deu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 26.06.2012 11:52:59 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2012 10:54:51 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2012 11:04:58 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2012 11:06:15 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2012 11:22:46 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.06.2012 10:31:41 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 26.06.2012 11:02:21 | Computer Name = Bertl-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 26.06.2012 11:39:53 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 26.06.2012 11:43:34 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.06.2012 13:49:40 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.06.2012 10:44:51 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.06.2012 11:03:27 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.06.2012 11:16:01 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 28.06.2012 11:19:33 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 29.06.2012 10:19:49 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 29.06.2012 10:31:16 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---


Hi Marius,

nachstehend die Ergebnisse:

# AdwCleaner v1.700 - Logfile created 06/29/2012 at 16:25:24
# Updated 26/06/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Bertl - BERTL-PC
# Running from : C:\Users\Bertl\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18372

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Bertl\AppData\Roaming\Mozilla\Firefox\Profiles\ngiqbin7.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Schatzi\AppData\Roaming\Mozilla\Firefox\Profiles\zx4la13v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v19.0.1084.56

File : C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [58323 octets] - [28/06/2012 17:01:05]
AdwCleaner[S2].txt - [1057 octets] - [29/06/2012 16:25:24]

########## EOF - C:\AdwCleaner[S2].txt - [1185 octets] ##########
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.06.2012 16:36:27 - Run 3
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Bertl\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 60,37% Memory free
6,09 Gb Paging File | 4,67 Gb Available in Paging File | 76,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 28,75 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive D: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BERTL-PC | User Name: Bertl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bertl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files (x86)\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll ()
MOD - C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ISPwdSvc) -- C:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMIDS) -- C:\Windows\SysNative\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV:64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV:64bit: - (SYMDNS) -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (s816mdm) -- C:\Windows\SysNative\DRIVERS\s816mdm.sys (MCCI Corporation)
DRV:64bit: - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\SysNative\DRIVERS\s816unic.sys (MCCI)
DRV:64bit: - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s816mgmt.sys (MCCI Corporation)
DRV:64bit: - (s816obex) -- C:\Windows\SysNative\DRIVERS\s816obex.sys (MCCI Corporation)
DRV:64bit: - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\SysNative\DRIVERS\s816nd5.sys (MCCI Corporation)
DRV:64bit: - (s816mdfl) -- C:\Windows\SysNative\DRIVERS\s816mdfl.sys (MCCI Corporation)
DRV:64bit: - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s816bus.sys (MCCI Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\wg111v3.sys (NETGEAR Inc.                           )
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\DRIVERS\point64k.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\DRIVERS\JGOGO.sys (JMicron )
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080513.001\IDSviA64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = hxxp://www.zumie.com/?prt=ZUMIE136&keywords={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}&Form=IE8SRC
IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = hxxp://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 18:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:51:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 18:05:59 | 000,000,000 | ---D | M]
 
[2009.03.07 14:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Extensions
[2009.03.07 14:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.06.28 17:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions
[2011.06.02 11:12:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.04.07 14:20:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bertl\AppData\Roaming\mozilla\Firefox\Profiles\ngiqbin7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.20 23:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.05.16 17:10:22 | 000,000,000 | ---D | M] (WordSearch) -- C:\Program Files (x86)\mozilla firefox\extensions\{32A8BD73-1A5E-4a89-9939-AE6244253795}
[2008.05.16 17:09:13 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Program Files (x86)\mozilla firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2012.06.18 16:51:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 17:50:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.10 19:03:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.10 19:03:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.10 19:03:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.10 19:03:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.10 19:03:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.10 19:03:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DealPly = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Google Mail = C:\Users\Bertl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.06.21 18:10:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [Tele2 LiveUpdate] C:\Program Files (x86)\Tele2\LiveUpdate\LiveupdateClient.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AF0B599-BB18-465E-8F32-C296665C488A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A6C986-EF78-47F5-BDD5-66E75D2CEE69}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bertl\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bertl\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.01 20:44:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 16:34:25 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Bertl\Desktop\OTL.exe
[2012.06.29 16:19:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.28 17:21:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.28 17:21:51 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Local\temp
[2012.06.28 17:07:08 | 004,570,589 | R--- | C] (Swearware) -- C:\Users\Bertl\Desktop\ComboFix.exe
[2012.06.21 18:00:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.21 18:00:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.21 18:00:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.21 17:16:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.06.21 17:03:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.21 17:02:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.21 17:00:49 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 17:00:49 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 17:00:48 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 17:00:05 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 17:00:05 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.06.21 17:00:05 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 17:00:05 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.06.21 17:00:05 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 17:00:05 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.06.21 16:59:40 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.06.21 16:59:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012.06.21 16:59:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 16:59:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.20 16:39:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Bertl\Desktop\aswMBR.exe
[2012.06.19 17:34:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.06.19 16:59:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.06.19 16:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.06.19 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\SpeedyPC Software
[2012.06.19 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\DriverCure
[2012.06.19 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.06.18 17:42:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.17 14:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.06.17 14:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.06.17 13:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.16 16:13:20 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\Malwarebytes
[2012.06.16 16:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.16 16:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.16 16:12:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.16 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.16 16:10:48 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.06.16 16:10:39 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.06.16 16:10:39 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.06.16 16:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.06.16 16:07:36 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Roaming\TuneUp Software
[2012.06.16 16:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.06.16 16:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.16 16:04:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.16 16:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012.06.14 17:04:07 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 17:04:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.10 16:32:10 | 000,000,000 | ---D | C] -- C:\Users\Bertl\dwhelper
[2012.06.09 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Bertl\AppData\Local\Macromedia
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 16:40:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{35305DF5-FA23-4540-B1EF-651FF0A50A46}.job
[2012.06.29 16:40:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7F306578-A669-4BB9-9C62-2D4B2C9D6E80}.job
[2012.06.29 16:40:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F3B6BE1-C64C-4942-836B-F12F7DEA0B8B}.job
[2012.06.29 16:34:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bertl\Desktop\OTL.exe
[2012.06.29 16:31:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.29 16:30:57 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 16:30:57 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 16:30:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 16:27:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.28 17:07:17 | 004,570,589 | R--- | M] (Swearware) -- C:\Users\Bertl\Desktop\ComboFix.exe
[2012.06.28 17:00:19 | 000,609,365 | ---- | M] () -- C:\Users\Bertl\Desktop\adwcleaner.exe
[2012.06.23 12:41:11 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.06.21 18:10:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.20 16:40:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Bertl\Desktop\aswMBR.exe
[2012.06.20 16:34:13 | 000,458,240 | ---- | M] () -- C:\Users\Bertl\Desktop\CKScanner.exe
[2012.06.19 17:49:41 | 000,000,000 | ---- | M] () -- C:\Users\Bertl\defogger_reenable
[2012.06.18 17:45:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.17 15:06:15 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft-Tastatur.lnk
[2012.06.17 15:06:15 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft-Maus.lnk
[2012.06.17 15:06:15 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.06.17 15:06:12 | 000,001,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.06.16 16:10:33 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.16 16:10:33 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.15 17:35:19 | 000,261,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 17:26:13 | 001,699,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 17:26:13 | 000,714,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 17:26:13 | 000,668,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 17:26:13 | 000,163,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 17:26:13 | 000,133,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.12 17:30:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.09 18:07:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.09 18:07:51 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.28 17:00:18 | 000,609,365 | ---- | C] () -- C:\Users\Bertl\Desktop\adwcleaner.exe
[2012.06.21 18:00:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.21 18:00:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.21 18:00:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.21 18:00:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.21 18:00:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.20 16:34:12 | 000,458,240 | ---- | C] () -- C:\Users\Bertl\Desktop\CKScanner.exe
[2012.06.19 17:49:41 | 000,000,000 | ---- | C] () -- C:\Users\Bertl\defogger_reenable
[2012.06.17 14:34:27 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.06.17 14:34:24 | 000,001,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.06.16 16:12:31 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.16 16:10:33 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.16 16:10:33 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.16 16:10:31 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.01.31 22:27:38 | 000,002,048 | -HS- | C] () -- C:\Users\Bertl\AppData\Local\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\@
[2011.10.27 18:56:50 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2011.02.10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010.12.29 02:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.24 14:21:18 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe
[2009.04.23 12:58:35 | 000,000,680 | RHS- | C] () -- C:\Users\Bertl\ntuser.pol
[2009.03.09 20:16:17 | 000,007,592 | ---- | C] () -- C:\Users\Bertl\AppData\Local\d3d9caps.dat
[2008.10.25 16:57:24 | 000,024,226 | ---- | C] () -- C:\Users\Bertl\AppData\Roaming\UserTile.png
[2008.10.21 20:41:07 | 000,001,074 | ---- | C] () -- C:\Users\Bertl\AppData\Local\8DA1D22E.il
[2008.10.21 20:41:07 | 000,000,280 | ---- | C] () -- C:\Users\Bertl\AppData\Local\IndexIE_8DA1D22E.il
[2008.05.21 12:27:18 | 000,001,024 | ---- | C] () -- C:\Users\Bertl\.rnd
[2008.05.16 17:10:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.04.20 16:56:36 | 000,137,728 | ---- | C] () -- C:\Users\Bertl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.12 12:24:19 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.04.09 21:31:13 | 000,000,093 | ---- | C] () -- C:\Users\Bertl\AppData\Local\fusioncache.dat
[2008.04.09 18:42:24 | 000,000,732 | ---- | C] () -- C:\Users\Bertl\AppData\Local\d3d9caps64.dat

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.06.2012 16:36:27 - Run 3
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Bertl\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 60,37% Memory free
6,09 Gb Paging File | 4,67 Gb Available in Paging File | 76,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 28,75 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive D: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BERTL-PC | User Name: Bertl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = F4 73 94 E5 89 3F CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{65056977-B89E-431E-9F3A-41B718B8719D}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{6ECD0A38-207B-41B3-815C-68BFF37520C6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{E25645D0-4EA8-4FB4-BA26-B70F9069FA6E}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{12CC744A-0B07-45A6-B47E-51D82F2762F7}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{98EB4912-CC5D-4EDA-A5C7-894E9F5EF5A3}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{C3863116-1FDB-47A7-8DC0-E3583443AE9A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23368BEC-C396-4A52-B2DD-2C847586ACAE}" = ccCommon64
"{A927737F-8C1C-46BE-A85B-E4246CF75D0D}" = Microsoft IntelliType Pro 6.1
"{AD5BAA95-657F-4D81-8E07-D0882C2E8985}" = Microsoft IntelliPoint 6.1
"{BEA7E82C-CEC9-4027-A4A3-C6ADBD8D69D0}" = SymNet x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F0309609-E415-42C8-8C61-2483EBA338E9}" = Sony Ericsson PC Suite x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33917C92-900D-4F37-9017-3929FFA5619F}" = CableLink InfoCenter
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD05E71-618C-4494-A2BD-9C0B2FC6ADEE}" = Tele2 Internet
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AllDup_is1" = AllDup 2.0.10
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira Free Antivirus
"CableLink InfoCenter" = CableLink InfoCenter
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"Free Download Manager_is1" = Free Download Manager 3.0
"FrostWire" = FrostWire 4.21.8
"FrostWire 5" = FrostWire 5.1.4
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Patch-Master" = Patch-Master
"Revo Uninstaller" = Revo Uninstaller 1.92
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SystemRequirementsLab" = System Requirements Lab
"Tele2 Internet" = Tele2 Internet
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VideoLAN VLC media player 0.8.6e
"WordSearcher" = WordSearcher
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2012 08:57:40 | Computer Name = Bertl-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_257.exe, Version 
11.3.300.257, Zeitstempel 0x4fc82063, fehlerhaftes Modul NPSWF32_11_3_300_257.dll,
 Version 11.3.300.257, Zeitstempel 0x4fc821fc, Ausnahmecode 0xc0000005, Fehleroffset
 0x0016b4bd,  Prozess-ID 0x25f4, Anwendungsstartzeit 01cd513f52800eb0.
 
Error - 24.06.2012 18:01:41 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.06.2012 11:22:27 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.06.2012 11:22:28 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Bertl\Downloads\esetsmartinstaller_deu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 26.06.2012 11:52:59 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2012 10:54:51 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2012 11:04:58 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2012 11:06:15 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.06.2012 11:22:46 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.06.2012 10:31:41 | Computer Name = Bertl-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 26.06.2012 11:02:21 | Computer Name = Bertl-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 26.06.2012 11:39:53 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 26.06.2012 11:43:34 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.06.2012 13:49:40 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.06.2012 10:44:51 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.06.2012 11:03:27 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.06.2012 11:16:01 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 28.06.2012 11:19:33 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 29.06.2012 10:19:49 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 29.06.2012 10:31:16 | Computer Name = Bertl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 03.07.2012, 08:09   #14
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Schritt 1: Fix mit OTL


  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll
O3 - HKLM\..\Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No CLSID value found.
:COMMANDS
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 3: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 03.07.2012, 21:16   #15
Bertibert
 
TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Standard

TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@



Hi Marius,

nachstehend die Ergebnisse, ESET hat was gefunden, aber von den ursprünglichen ist keine Spur mehr (für mich zumindest):

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}\ not found.
Prefs.js: engine@conduit.com:3.2.1.3 removed from extensions.enabledItems
Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3 removed from extensions.enabledItems
File C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Bertl
->Temp folder emptied: 146018 bytes
->Temporary Internet Files folder emptied: 117044907 bytes
->Java cache emptied: 40955890 bytes
->FireFox cache emptied: 832727543 bytes
->Google Chrome cache emptied: 16448504 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 161484 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Schatzi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 640007 bytes
->FireFox cache emptied: 119704084 bytes
->Flash cache emptied: 5418 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1714131 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35640 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 23609489 bytes
RecycleBin emptied: 5304 bytes

Total Files Cleaned = 1.100,00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 07032012_185754

Files\Folders moved on Reboot...
C:\Windows\temp\MpSigStub.log moved successfully.

PendingFileRenameOperations files...
File C:\Windows\temp\MpSigStub.log not found!

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18372
Bertl :: BERTL-PC [Administrator]

03.07.2012 19:16:55
mbam-log-2012-07-03 (19-16-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 394217
Laufzeit: 1 Stunde(n), 18 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


C:\Qoobox\Quarantine\C\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\00000001.@.vir Win64/Sirefef.AI trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@.vir Win64/Sirefef.AH trojan

Antwort

Themen zu TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
800000cb.@, antivir, avg secure search, avg security toolbar, avira, bho, bonjour, cdburnerxp, cid, conduit, dealply, desktop, downloader, enigma, error, firefox, firefox 13.0.1, free download, google earth, home, kaspersky, logfile, mozilla, neu aufsetzen, object, plug-in, realtek, registry, scan, search the web, searchscopes, secure search, security, security scan, software, super, svchost.exe, symantec, trojaner, vista, vtoolbarupdater, windows



Ähnliche Themen: TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@


  1. TR/ATRAPS.Gen2 / Datei 800000cb@ / Windows 7
    Log-Analyse und Auswertung - 19.09.2013 (18)
  2. TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC
    Log-Analyse und Auswertung - 27.07.2013 (23)
  3. TR/ATRAPS.Gen2 gefunden in Windows\installer
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (53)
  4. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  5. Avira: TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer...
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (9)
  6. "TR/ATRAPS.Gen2 in C:\Windows\Installer\{8cf887ed-840d-0eaa-7d51-11911c07a980}\U\80000032.@"
    Log-Analyse und Auswertung - 13.10.2012 (16)
  7. Antivirmeldung 800000cb.@ in C:\WINDOWS\Installer\{7b027913-c83f-e51b-ea80-5e1cd310cd67}\U\800000cb.@
    Log-Analyse und Auswertung - 13.09.2012 (11)
  8. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  9. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  10. TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  11. Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (1)
  12. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...}
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (5)
  13. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\WINDOWS\Installer\...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  14. TR/ATRAPS GEN2 in Windows Installer und Lokale Einstellungen
    Log-Analyse und Auswertung - 11.07.2012 (1)
  15. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...} und JAVA/Dldr.Lamar.CI
    Mülltonne - 09.07.2012 (2)
  16. TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (14)
  17. TR/ATRAPS.Gen2 und TR/Sirefef.AG.35 in C:Windows\Installer\
    Log-Analyse und Auswertung - 14.06.2012 (3)

Zum Thema TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ - Hallo, leider habe auch ich mir den Trojaner eingefangen und bitte um Eure Hilfe, damit ich diesen wieder wegbekomme. Neu aufsetzen will ich eigentlich nicht, außer es geht wirklich nicht - TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@...
Archiv
Du betrachtest: TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.