Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2

W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2


Plagegeister aller Art und deren Bekämpfung: W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.06.2012, 23:39   #1
Asmodhan
 
W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2 - Standard

W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2


Guten Abend an alle,

auch ich habe mir irgendwie die o.g. Trojaner eingefangen. Angefangen hat es heute gg. 21:30 und jetzt kommt so im 5 Minuten-Takt eine Meldung vom AVIRA.

Die lauten dann entweder

"In der Datei 'C:\Users\Birgit\AppData\Roaming\desktop.ini'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden."

oder

"In der Datei 'C:\Windows\System32\services.exe'
wurde ein Virus oder unerwünschtes Programm 'W32/Patched.UA' [virus] gefunden."

oder

"In der Datei 'C:\Users\Birgit\AppData\Local\{b53ec942-7642-b27c-3883-d397782c0e05}\n'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden."

Die allererste Meldung und die Quarantäneverschiebung habe ich betätigt, aber das war ein naiver Versuch...

Nun bitte ich Euch Fachleute um Mithilfe bei der Säuberung meines Laptops.

Was habe ich gemacht inzwischen:
1. Avira Vollscan - Logfile anbei
2. defogger ausgeführt - Logfile anbei
3. OTL ausgeführt - Logfiles anbei
4. Malwarebytes Anti-Malware Scan durchgeführt - Logfile anbei

Hoffentlich reichen die darin enthaltenen Infos aus für einen Schlachtplan...

LG und Dank im Voraus!
Mark

Gehe jetzt erstmal ins Bett. Bin erst morgen abend ab 18:00 wieder daheim und kann dann die nächsten Schritte unternehmen. Bis dahin haben Kind und GöGa Lappi-Verbot...

Ergänzung:
Habe gerade in folgendem Thread http://www.trojaner-board.de/117738-...angezeigt.html gelesen, dass der Befall wohl recht zeitgleich mit dem Adobe Flash-Player-Update losging. Das war bei mir genaus so: GöGa hatte auch dieses Updatefenster vor der Nase und bestätigte dies und dann ging der Mist los...
Geändert von Asmodhan (25.06.2012 um 23:45 Uhr) Grund: Ergänzung der Fehlerbeschreibung

Alt 26.06.2012, 08:00   #2
Asmodhan
 
W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2 - Standard

W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2


Sorry, die Logfiles sollen doch direkt gepostet werden - bitteschöön:

AVIRA-Vollscan:
- ist leider mit 180k Zeichen zu lang

defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:48 on 25/06/2012 (Birgit)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.06.2012 23:49:22 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Birgit\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,68% Memory free
8,00 Gb Paging File | 6,36 Gb Available in Paging File | 79,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 25,69 Gb Free Space | 34,47% Space Free | Partition Type: NTFS
Drive D: | 208,92 Gb Total Space | 144,85 Gb Free Space | 69,33% Space Free | Partition Type: NTFS
Drive H: | 3,68 Gb Total Space | 3,45 Gb Free Space | 93,53% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.25 22:53:59 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Birgit\Desktop\otl.exe
PRC - [2012.05.09 19:41:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 19:41:43 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 19:41:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.12.14 23:01:50 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.09.25 19:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.09.24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.09.16 03:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.08.17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.06.24 22:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.04.20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.07.19 05:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.09.16 03:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2008.08.28 02:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 19:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.09.08 13:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.09.17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012.06.25 21:15:02 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.17 00:24:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 19:41:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 19:41:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.09.15 03:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 19:41:44 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 19:41:44 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.07.28 20:07:42 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.07.28 20:07:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.06.27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.01 08:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.01 08:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.12.14 23:00:40 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.17 08:00:11 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.17 08:00:11 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 10:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.06.18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.06.12 13:41:55 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.05.20 18:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.05.13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.05.05 16:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.12.08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008.03.17 12:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007.07.24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2010.05.01 08:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.02.12 03:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bfturboh.sys -- (bfturboh)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2004.06.22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {B0E047CC-6526-4160-AD64-63783CEE7CA3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B0E047CC-6526-4160-AD64-63783CEE7CA3}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: twoD@firefox.theme:1.04
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 00:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.21 21:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firwefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firwefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 00:24:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.21 21:54:37 | 000,000,000 | ---D | M]
 
[2010.01.17 15:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Extensions
[2012.06.25 20:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\gfqkecdd.default\extensions
[2011.03.26 20:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\gfqkecdd.default\extensions\nostmp
[2012.02.26 17:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.23 13:49:55 | 000,084,634 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GFQKECDD.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012.06.25 20:44:49 | 000,012,596 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GFQKECDD.DEFAULT\EXTENSIONS\{B9BFAF1C-A63F-47CD-8B9A-29526CED9060}.XPI
[2012.01.21 14:30:54 | 000,057,900 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GFQKECDD.DEFAULT\EXTENSIONS\SERVICE@TOUCHPDF.COM.XPI
[2012.06.07 21:27:26 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GFQKECDD.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012.06.17 00:24:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.18 22:53:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.26 17:35:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.26 17:35:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.26 17:35:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 17:35:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 17:35:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 17:35:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [Microsoft Firewall 2.9] C:\Users\Birgit\AppData\Roaming\WMPRWISE.EXE (McAfee, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B7A8302-D9B0-4A5B-BC37-29774816FF88}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5f826279-5e4b-11e1-bb44-e0cb4e415afe}\Shell - "" = AutoRun
O33 - MountPoints2\{5f826279-5e4b-11e1-bb44-e0cb4e415afe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5f82630c-5e4b-11e1-bb44-e0cb4e415afe}\Shell - "" = AutoRun
O33 - MountPoints2\{5f82630c-5e4b-11e1-bb44-e0cb4e415afe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.25 23:49:04 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Birgit\Desktop\otl.exe
[2012.06.25 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\trojanerboard
[2012.06.25 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Malwarebytes
[2012.06.25 22:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 22:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 22:09:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.25 21:10:34 | 000,127,488 | -H-- | C] (McAfee, Inc.) -- C:\Users\Birgit\AppData\Roaming\WMPRWISE.EXE
[2012.06.22 16:21:20 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Local\Macromedia
[2012.06.17 16:37:47 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Documents\godmode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012.06.13 19:50:26 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Local\Orbmu2k
[2012.06.13 19:50:14 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\OrbMT
[2012.06.11 20:08:11 | 000,000,000 | ---D | C] -- C:\Users\Birgit\.gnubg
[2008.08.12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012.06.25 23:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.25 23:48:00 | 000,000,000 | ---- | M] () -- C:\Users\Birgit\defogger_reenable
[2012.06.25 22:53:59 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Birgit\Desktop\otl.exe
[2012.06.25 22:09:29 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 21:10:27 | 000,127,488 | -H-- | M] (McAfee, Inc.) -- C:\Users\Birgit\AppData\Roaming\WMPRWISE.EXE
[2012.06.25 20:01:23 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 20:01:23 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 19:53:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.25 19:52:58 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.15 20:27:28 | 000,499,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 17:53:32 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 17:53:32 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 17:53:32 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 17:53:32 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 17:53:32 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.29 09:38:50 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012.06.25 23:48:00 | 000,000,000 | ---- | C] () -- C:\Users\Birgit\defogger_reenable
[2012.06.25 22:09:29 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 21:13:39 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{b53ec942-7642-b27c-3883-d397782c0e05}\U\800000cb.@
[2012.06.25 21:13:39 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b53ec942-7642-b27c-3883-d397782c0e05}\U\80000000.@
[2012.06.25 21:13:38 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{b53ec942-7642-b27c-3883-d397782c0e05}\U\00000001.@
[2012.02.04 23:17:33 | 000,000,218 | ---- | C] () -- C:\Users\Birgit\.recently-used.xbel
[2012.01.11 21:38:09 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b53ec942-7642-b27c-3883-d397782c0e05}\@
[2012.01.11 21:38:09 | 000,002,048 | -HS- | C] () -- C:\Users\Birgit\AppData\Local\{b53ec942-7642-b27c-3883-d397782c0e05}\@
[2011.07.31 20:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.07.19 21:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.19 21:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.07.19 21:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.07.19 21:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.07.19 21:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.07.19 21:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.07.19 21:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.07.19 21:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.07.19 21:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.07.19 21:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.07.16 13:11:00 | 000,003,584 | ---- | C] () -- C:\Users\Birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010.10.01 17:16:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.10.01 17:10:06 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2010.07.04 13:41:42 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.07.04 13:41:21 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.01.22 20:15:43 | 000,007,610 | ---- | C] () -- C:\Users\Birgit\AppData\Local\resmon.resmoncfg
[2009.12.14 22:41:45 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.04.08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2010.01.17 13:35:09 | 000,000,000 | -HSD | M] -- C:\Users\Birgit\AppData\Roaming\.#
[2010.01.16 19:13:07 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Asus WebStorage
[2012.01.19 13:56:27 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\DAEMON Tools Lite
[2012.03.01 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\elsterformular
[2012.06.24 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\foobar2000
[2011.01.08 15:54:07 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Foxit Software
[2010.01.16 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\GameConsole
[2011.08.07 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\gamigoGr
[2011.01.23 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\GetRightToGo
[2012.02.04 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\gtk-2.0
[2010.05.18 19:31:55 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\ID3-TagIT 3
[2010.12.21 12:40:12 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Imaxel
[2012.03.29 19:31:08 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\JAM Software
[2011.08.07 21:44:15 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Launcher
[2010.07.04 13:42:33 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\MAGIX
[2011.08.07 21:44:15 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Martial Empires Launcher
[2010.01.17 22:25:33 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\OpenOffice.org
[2011.04.15 21:33:07 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\PC Suite
[2011.07.31 00:32:46 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Rovio
[2012.04.28 22:29:19 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\runic games
[2011.04.15 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Samsung
[2012.04.06 21:55:40 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Temp
[2012.02.23 20:31:59 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Vodafone
[2012.04.15 13:47:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >
--- --- ---


Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.06.2012 23:49:22 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Birgit\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,68% Memory free
8,00 Gb Paging File | 6,36 Gb Available in Paging File | 79,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 25,69 Gb Free Space | 34,47% Space Free | Partition Type: NTFS
Drive D: | 208,92 Gb Total Space | 144,85 Gb Free Space | 69,33% Space Free | Partition Type: NTFS
Drive H: | 3,68 Gb Total Space | 3,45 Gb Free Space | 93,53% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{3D42871F-4A1E-82E5-9494-3012BA3084F2}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6FCA487B-89F0-4378-E1BC-91B81BCD8C98}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E249010E-76D3-EABE-2B77-2D65533E69E1}" = AMD Fuel
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{ED96A4F2-C990-0C70-33FA-AE213E8697C0}" = AMD Media Foundation Decoders
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Asus WebStorage" = Asus WebStorage
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B247BF7-D393-1855-C8B3-66DED90DCCB6}" = AMD VISION Engine Control Center
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{15219EE8-4DCC-C6C5-CB04-351D4DD72ACF}" = Catalyst Control Center InstallProxy
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B673C6F-BDEA-48AE-AB59-7479BF04EF6E}" = Nail'd
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{442CB906-7844-E2F5-A2EB-90D44C0BF2DF}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{593ED299-14EF-4C0F-92B4-B262E7CD5C2B}_is1" = framily Gestaltungs-Software 4.80
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE78D9-2859-A192-F416-1D3E93370ACA}" = Catalyst Control Center InstallProxy
"{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}" = Carcassonne
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5E19D0AA-D95B-456C-ADE9-B046D86EAA24}" = TQVault
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{67D30650-3501-66ED-265A-20870A20A689}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{810AC1C1-CB19-45EA-B5C9-77B654F9CA07}" = TQ Defiler.NET
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B3EADE8F-0157-4337-9825-29034B69E300}" = Boulder Remake
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FB8BEF4C-E2B8-725E-F84A-AF6D1E4C8960}" = Catalyst Control Center Graphics Previews Common
"071592D0-6A2A-41B8-A86F-25977C29DAED" = Mandelbulber 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular-Update
"foobar2000" = foobar2000 v1.1.11
"Foxit Reader" = Foxit Reader
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20100816 code)
"ID3-TagIT 3_is1" = ID3-TagIT 3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"MAGIX Slideshow Maker D" = MAGIX Slideshow Maker 1.0.1.3 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Moorhuhn Juwel der Finsternis" = Moorhuhn Juwel der Finsternis
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars.net" = PokerStars.net
"TreeSize Free_is1" = TreeSize Free V2.7
"UN070618" = BUFFALO TurboUSB for FLASH/HDD
"VLC media player" = VLC media player 1.1.11
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR archiver
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.03.2012 16:16:52 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.0.3091, 
Zeitstempel: 0x4d00b3a0  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056b1d  ID des fehlerhaften
 Prozesses: 0xdd0  Startzeit der fehlerhaften Anwendung: 0x01cd0eb2013bdb84  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 4987192d-7aa5-11e1-853f-e0cb4e415afe
 
Error - 30.03.2012 16:17:14 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.0.3091, 
Zeitstempel: 0x4d00b3a0  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056b1d  ID des fehlerhaften
 Prozesses: 0x11b8  Startzeit der fehlerhaften Anwendung: 0x01cd0eb21128d5db  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 56980313-7aa5-11e1-853f-e0cb4e415afe
 
Error - 30.03.2012 17:20:57 | Computer Name = Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\fotokalender\framily
 gestaltungs-software\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei 
"d:\fotokalender\framily gestaltungs-software\DelZip179.dll" in Zeile 8.  Der Wert
 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 01.04.2012 07:45:43 | Computer Name = Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\fotokalender\framily
 gestaltungs-software\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei 
"d:\fotokalender\framily gestaltungs-software\DelZip179.dll" in Zeile 8.  Der Wert
 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 01.04.2012 15:33:47 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.0.3091, 
Zeitstempel: 0x4d00b3a0  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056b1d  ID des fehlerhaften
 Prozesses: 0xf70  Startzeit der fehlerhaften Anwendung: 0x01cd103e4daf7dbd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 992b3494-7c31-11e1-94d3-e0cb4e415afe
 
Error - 01.04.2012 15:35:34 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.0.3091, 
Zeitstempel: 0x4d00b3a0  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056b1d  ID des fehlerhaften
 Prozesses: 0x10e8  Startzeit der fehlerhaften Anwendung: 0x01cd103e92b7a8f7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 d9080aa3-7c31-11e1-94d3-e0cb4e415afe
 
Error - 06.04.2012 15:21:21 | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 7dc    Startzeit: 01cd1423dba992fc    Endzeit: 827    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: ad87ecb0-801d-11e1-9136-e0cb4e415afe  
 
Error - 14.04.2012 04:29:15 | Computer Name = Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\fotokalender\framily
 gestaltungs-software\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei 
"d:\fotokalender\framily gestaltungs-software\DelZip179.dll" in Zeile 8.  Der Wert
 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.04.2012 14:43:56 | Computer Name = Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\fotokalender\framily
 gestaltungs-software\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei 
"d:\fotokalender\framily gestaltungs-software\DelZip179.dll" in Zeile 8.  Der Wert
 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 24.04.2012 14:35:27 | Computer Name = Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\fotokalender\framily
 gestaltungs-software\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei 
"d:\fotokalender\framily gestaltungs-software\DelZip179.dll" in Zeile 8.  Der Wert
 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 24.04.2012 15:05:52 | Computer Name = Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\fotokalender\framily
 gestaltungs-software\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei 
"d:\fotokalender\framily gestaltungs-software\DelZip179.dll" in Zeile 8.  Der Wert
 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 03.08.2011 13:56:03 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:56:03 - Fehler beim Herstellen der Internetverbindung.  19:56:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.08.2011 13:56:11 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:56:08 - Fehler beim Herstellen der Internetverbindung.  19:56:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.08.2011 06:18:56 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:18:56 - Fehler beim Herstellen der Internetverbindung.  12:18:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.08.2011 06:19:07 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:19:02 - Fehler beim Herstellen der Internetverbindung.  12:19:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.08.2011 07:19:15 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:19:15 - Fehler beim Herstellen der Internetverbindung.  13:19:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.08.2011 07:19:26 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:19:20 - Fehler beim Herstellen der Internetverbindung.  13:19:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.08.2011 13:38:18 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:38:18 - Fehler beim Herstellen der Internetverbindung.  19:38:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.08.2011 13:38:30 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:38:23 - Fehler beim Herstellen der Internetverbindung.  19:38:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.08.2011 08:47:09 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 14:47:09 - Fehler beim Herstellen der Internetverbindung.  14:47:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.08.2011 08:47:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 14:47:15 - Fehler beim Herstellen der Internetverbindung.  14:47:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 23.06.2012 07:19:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.06.2012 14:44:00 | Computer Name = Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 23.06.2012 14:45:20 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.06.2012 06:52:56 | Computer Name = Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 24.06.2012 06:54:08 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.06.2012 15:21:35 | Computer Name = Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 24.06.2012 15:22:51 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25.06.2012 13:52:56 | Computer Name = Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 25.06.2012 13:54:15 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25.06.2012 14:37:09 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
--- --- ---


MAM-Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.25.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Birgit :: LAPTOP [Administrator]

Schutz: Aktiviert

26.06.2012 00:10:35
mbam-log-2012-06-26 (00-27-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221190
Laufzeit: 9 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent) -> Daten: C:\Users\Birgit\AppData\Roaming\WMPRWISE.EXE -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{b53ec942-7642-b27c-3883-d397782c0e05}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Birgit\AppData\Roaming\WMPRWISE.EXE (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
LG
Mark



mfg
Mark

Kann zu. Machen REchner komplett neu.
Mark
__________________
Alt 26.08.2012, 02:09   #3
t'john
/// Helfer-Team
 
W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2 - Standard

W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2




Zitat:
Kann zu. Machen REchner komplett neu.
Mark
Immer die Partition loeschen, neu erstellen und formatieren.
__________________
__________________
Antwort

Themen zu W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
'tr/atraps.gen2', anti-malware, appdata, c:\windows, datei, desktop.ini, durchgeführt, guten, heute, infos, logfile, logfiles, malwarebytes, meldung, minute, morgen, programm, roaming, services.exe, system, system32, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, trojaner, unerwünschtes programm, virus, windows


« Nach Trojaner-Entfernung: Fehler mit deo0_sar.exe | Tr/dropper,gen »

Ähnliche Themen: W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2


  1. TR/ATRAPS.Gen - TR/ATRAPS.Gen2 - W32/Patched.UA - BDS/ZeroAccess.Gen
    Log-Analyse und Auswertung - 20.09.2013 (5)
  2. Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@
    Log-Analyse und Auswertung - 10.08.2013 (5)
  3. Virus ATRAPS.Gen2 sowie "services.exe" infiziert
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (17)
  4. TR/ATRAPS.Gen2 in der "services.exe" und in "C:\Windows\Installer.."
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  5. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  6. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  7. services.exe mit "W32/Patched.UC" infiziert || TR/ATRAPS.GEN2 und TR/Sirefref.W.16896 gefunden
    Log-Analyse und Auswertung - 18.10.2012 (1)
  8. "TR/ATRAPS.Gen2 in C:\Windows\Installer\{8cf887ed-840d-0eaa-7d51-11911c07a980}\U\80000032.@"
    Log-Analyse und Auswertung - 13.10.2012 (16)
  9. "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (14)
  10. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  11. AVIRA meldet "W32/Patched.ZA", "TR/ATRAPS.Gen2", "TR/ATRAPS.Gen", "ZR/sirefe.P.487"
    Log-Analyse und Auswertung - 30.07.2012 (9)
  12. Virusfund WR32/Patched.UA in "C:\Windows\System32\Services.exe"
    Log-Analyse und Auswertung - 11.07.2012 (4)
  13. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  14. Problem mit TR/ATRAPS.Gen, TR/ATRAPS.Gen 2; TR/Small.FI; W32/Patched.UA
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (5)
  15. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  16. Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI
    Log-Analyse und Auswertung - 27.06.2012 (29)
  17. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2 - Guten Abend an alle, auch ich habe mir irgendwie die o.g. Trojaner eingefangen. Angefangen hat es heute gg. 21:30 und jetzt kommt so im 5 Minuten-Takt eine Meldung vom AVIRA. - W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2...
Archiv
Du betrachtest: W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129