Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.07.2012, 13:46   #1
efixx
 
Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Standard

Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2



Hallo zusammen!

Am Freitag schlug mein Antivir im Minutentakt da mein Laptop mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 befallen ist. Hatte einen kompletten Systemscan mit Antivir und auch Ad-Aware durchgeführt und danach erst einmal Ruhe. Allerdings ist das Problem heute wieder da.

Habe einen Quick-Scan mit Malwarebytes Anti-Malware 1.62 durchgeführt und würde gerne wissen, was ich weiterhin tun muß um die Trojaner endgültig zu entfernen. Das System komplett neu aufsetzen möchte ich ungerne, nicht zuletzt weil ich für meinen Lenovo-Laptop keine Windows7-CD habe.

Edit: Ganz vergessen, bekomme auch regelmäßig die Aufforderung mich mit dem Breitbandnetz zu verbinden, obwohl WLAN-Verbindung ins Internet ja schon besteht.

Hier das Logfile:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Efixx :: EES [Administrator]

Schutz: Aktiviert

29.07.2012 13:18:50
mbam-log-2012-07-29 (13-18-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228782
Laufzeit: 13 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\3ETECE6I8G (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CE8SIIFGSU (Trojan.FakeAlert) -> Daten: C:\Users\Efixx\AppData\Local\Temp\Tqi.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Sorry, wollte eigentlich mit der Editierfunktion das untenstehende in den Thread kopieren, aber irgendwie sehe ich nirgends ein Button o.ä. um Beiträge zu bearbeiten.

Also...

Habe den Quick-Scan mit OTL durchgeführt, hier der Inhalt der OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.07.2012 14:51:22 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Efixx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 50,91% Memory free
5,73 Gb Paging File | 3,98 Gb Available in Paging File | 69,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296,92 Gb Total Space | 23,80 Gb Free Space | 8,02% Space Free | Partition Type: NTFS
 
Computer Name: EES | User Name: Efixx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 14:50:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Efixx\Downloads\OTL.exe
PRC - [2012.07.19 09:43:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.07.12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.02 18:21:13 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010.09.17 18:52:56 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010.09.17 18:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010.09.17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010.09.17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.15 14:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009.09.28 09:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.08.28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.08.20 02:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.08.07 06:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.08.04 22:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
PRC - [2009.08.04 22:33:12 | 000,244,208 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
PRC - [2009.08.04 22:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
PRC - [2009.08.04 22:28:38 | 000,018,928 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
PRC - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2009.07.01 19:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009.03.13 10:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.03.05 10:23:28 | 000,052,600 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009.03.05 09:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2009.02.02 11:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 09:43:19 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 10:39:08 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
MOD - [2012.06.14 09:23:23 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 09:22:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 09:22:19 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 18:48:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 18:48:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 18:48:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 18:47:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.06.10 03:06:10 | 000,219,632 | ---- | M] () -- C:\Program Files (x86)\Roxio\SonicHDDemuxer.dll
MOD - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2005.02.22 18:55:02 | 000,081,920 | -HS- | M] () -- C:\Windows\SysWOW64\aac_parser.ax
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 14:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.06.29 14:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2012.07.19 09:43:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.02.01 13:07:35 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010.09.17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010.09.17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 14:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.03.02 20:20:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.08.28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.08.04 22:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.04 22:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.08.04 22:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009.08.04 22:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009.08.04 22:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.07.29 10:11:46 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2009.07.29 10:11:46 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.08 22:17:57 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2010.04.22 10:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.02 20:20:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.18 14:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009.08.13 07:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.09 23:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.29 14:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009.06.29 14:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 07:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.04.07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.05.12 11:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010.05.07 21:52:20 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D267909B-1EA3-4595-B6E9-E2B57000C8D8}
IE:64bit: - HKLM\..\SearchScopes\{D267909B-1EA3-4595-B6E9-E2B57000C8D8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{97B7C155-8B11-427B-A3D8-DC410DDD2693}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ixquick.com/deu/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.ftp: "208.110.220.133"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "208.110.220.133"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "208.110.220.133"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "208.110.220.133"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.02.02 18:21:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 09:43:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 19:13:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 09:43:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 19:13:38 | 000,000,000 | ---D | M]
 
[2011.01.21 18:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Efixx\AppData\Roaming\mozilla\Extensions
[2012.07.25 08:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Efixx\AppData\Roaming\mozilla\Firefox\Profiles\je1uwrlc.default\extensions
[2011.09.19 22:51:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Efixx\AppData\Roaming\mozilla\Firefox\Profiles\je1uwrlc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.20 15:13:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Efixx\AppData\Roaming\mozilla\Firefox\Profiles\je1uwrlc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.03.24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Users\Efixx\AppData\Roaming\Mozilla\Firefox\Profiles\je1uwrlc.default\searchplugins\conduit.xml
[2012.03.18 13:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 09:43:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.11 12:57:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.30 18:46:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 18:46:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 18:46:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 18:46:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 18:46:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 18:46:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Efixx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Efixx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Efixx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Efixx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Efixx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDDE042C-3F60-4BDB-B4F4-E81C5306CDBC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{f09c6752-eb6e-11df-9d51-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f09c6752-eb6e-11df-9d51-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 13:04:12 | 000,000,000 | ---D | C] -- C:\Users\Efixx\AppData\Roaming\Malwarebytes
[2012.07.29 13:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.29 13:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 13:03:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.29 13:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.25 08:32:59 | 000,000,000 | ---D | C] -- C:\Users\Efixx\AppData\Local\adaware
[2012.07.25 08:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.07.25 08:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.07.25 08:31:13 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.07.25 08:31:12 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.07.25 08:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.07.25 08:30:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.25 08:27:53 | 000,000,000 | ---D | C] -- C:\Users\Efixx\AppData\Roaming\Ad-Aware Antivirus
[2012.07.24 04:25:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 15:00:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.07.29 14:54:33 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 14:54:33 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 14:46:31 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.29 14:45:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 14:45:33 | 2309,640,192 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 13:59:41 | 000,659,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.29 13:59:41 | 000,620,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.29 13:59:41 | 000,132,970 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.29 13:59:41 | 000,108,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.29 13:59:39 | 001,513,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.29 13:03:47 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 12:35:01 | 000,501,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.27 15:31:48 | 000,000,000 | ---- | M] () -- C:\Users\Efixx\defogger_reenable
[2012.07.25 17:58:57 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012.07.21 09:18:28 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.07.21 09:18:28 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.07.19 21:39:04 | 000,031,534 | ---- | M] () -- C:\Users\Efixx\Documents\GEMA-Artikel.odt
[2012.07.14 10:21:51 | 000,001,413 | ---- | M] () -- C:\Users\Efixx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.14 10:21:51 | 000,001,254 | ---- | M] () -- C:\Users\Efixx\Desktop\DVDVideoSoft Free Studio.lnk
[2012.07.12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.10 01:59:48 | 000,025,578 | ---- | M] () -- C:\Users\Efixx\Documents\GEMA_FB-GEMAdialog_Dj-Mamboloco Jens Fiala.odt
[2012.07.04 16:55:55 | 000,001,317 | ---- | M] () -- C:\Users\Efixx\Desktop\Free YouTube Download.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.29 14:46:18 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{c35e4c28-9810-543c-91e0-cc81271e2df1}\U\800000cb.@
[2012.07.29 14:35:59 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{c35e4c28-9810-543c-91e0-cc81271e2df1}\U\80000000.@
[2012.07.29 13:03:47 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 21:24:14 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{c35e4c28-9810-543c-91e0-cc81271e2df1}\U\00000001.@
[2012.07.27 15:31:48 | 000,000,000 | ---- | C] () -- C:\Users\Efixx\defogger_reenable
[2012.07.25 17:58:57 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012.07.25 08:32:32 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.10 00:50:26 | 000,025,578 | ---- | C] () -- C:\Users\Efixx\Documents\GEMA_FB-GEMAdialog_Dj-Mamboloco Jens Fiala.odt
[2012.07.10 00:36:36 | 000,304,938 | ---- | C] () -- C:\Users\Efixx\Documents\gema2013-beispielrechnungen-niggels-de.jpg
[2012.07.03 07:41:22 | 000,031,534 | ---- | C] () -- C:\Users\Efixx\Documents\GEMA-Artikel.odt
[2012.01.11 21:32:48 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c35e4c28-9810-543c-91e0-cc81271e2df1}\@
[2012.01.11 21:32:48 | 000,002,048 | -HS- | C] () -- C:\Users\Efixx\AppData\Local\{c35e4c28-9810-543c-91e0-cc81271e2df1}\@
[2011.10.16 16:30:38 | 000,000,275 | ---- | C] () -- C:\Users\Efixx\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.06.02 14:08:48 | 000,000,000 | ---- | C] () -- C:\Users\Efixx\AppData\Local\rx_image32.Cache
[2011.05.31 17:22:48 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.05.31 17:22:46 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011.05.13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2011.04.21 18:16:09 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.21 18:16:09 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.03.14 13:38:54 | 000,002,006 | ---- | C] () -- C:\Users\Efixx\AppData\Roaming\dvdae.config
[2011.02.24 14:32:37 | 000,000,522 | ---- | C] () -- C:\Users\Efixx\.jalbum-recent-projects.properties
[2011.02.24 14:32:32 | 000,000,463 | ---- | C] () -- C:\Users\Efixx\.jalbum-ftp-accounts.xml
[2011.02.24 13:59:25 | 000,000,915 | ---- | C] () -- C:\Users\Efixx\.jalbum-defaults.jap
[2011.02.19 17:40:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011.02.19 17:40:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011.02.19 17:39:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.02.17 11:34:54 | 000,006,656 | ---- | C] () -- C:\Users\Efixx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.14 17:15:58 | 001,541,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.31 09:44:30 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2011.01.28 18:28:48 | 000,000,000 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.01.20 17:10:41 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll
[2011.01.20 16:33:31 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011.01.20 16:33:17 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011.01.20 16:33:09 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
 
========== LOP Check ==========
 
[2011.02.17 11:32:56 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\ACD Systems
[2012.07.26 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\Ad-Aware Antivirus
[2011.02.22 10:50:28 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\Amazon
[2011.05.10 21:58:44 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\Ashampoo
[2012.07.14 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\Audacity
[2011.01.28 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\Canneverbe Limited
[2011.12.15 20:37:11 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\CBL-Electronics
[2012.07.13 12:35:19 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\Dropbox
[2012.07.14 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\DVDVideoSoft
[2012.05.09 11:08:08 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.29 10:07:36 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\EPSON
[2011.03.14 12:54:50 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\InterVideo
[2011.11.06 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\IrfanView
[2011.05.13 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\jAlbum
[2011.05.29 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\Lexware
[2011.11.26 16:07:52 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\mp3DirectCut
[2011.02.15 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\Music Wizard
[2011.01.31 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\OpenOffice.org
[2012.03.24 18:38:09 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\SoftGrid Client
[2012.07.29 14:32:04 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\The Bat!
[2011.02.14 17:17:08 | 000,000,000 | ---D | M] -- C:\Users\Efixx\AppData\Roaming\TP
[2012.03.01 22:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.17 13:31:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.29 15:00:00 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_Stadtwerke.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_Stadtwerke2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_StadtwerkeMuenster_01.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey012.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey011.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey010.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey009.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey008.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey007.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey006.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey005.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey004.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey003.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_ey001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\Scan_Laptop_Hansea001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_DEVK_Ren03.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_DEVK_Ren02.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\scan_DEVK_Ren01.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\Scan_AU_02.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Efixx\Documents\Scan_AU_01.jpg:Roxio EMC Stream

< End of report >
         
--- --- ---

Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.07.2012 14:51:22 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Efixx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 50,91% Memory free
5,73 Gb Paging File | 3,98 Gb Available in Paging File | 69,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296,92 Gb Total Space | 23,80 Gb Free Space | 8,02% Space Free | Partition Type: NTFS
 
Computer Name: EES | User Name: Efixx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"EPSON SX100 Series" = Druckerdeinstallation für EPSON SX100 Series
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"W7DevOR" =  Registry Patch to arrange icons in Device and Printers folder of Windows 7
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{229A9797-2EE6-4B96-9CEC-3E4710F611E0}" = Lexware Abschreibungsrechner
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{41102DB9-776E-40FA-9085-4554C93A3719}" = Lexware Elster
"{4451CEE8-8904-44B4-BADD-90878F269063}" = Lexware büro easy 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59053A1A-25BA-4824-A360-1787918F5997}" = jAlbum
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6BC4DC1E-3798-4CF4-9088-A6864DFAE1B2}" = Lexware online banking
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}" = Mobile Broadband
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CF6B3A5A-0C24-4F04-846B-2B63AECD42EC}" = TheBat! Home v4.2.42
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA36757F-EF60-499D-8568-1A6249405B6A}" = Jalbum
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Corel Applications" = Corel Applications
"DS-MP3 Source" = DS-MP3 Source 1.30
"DVD Audio Extractor_is1" = DVD Audio Extractor 5.2.3
"EPSON Scanner" = EPSON Scan
"Feurio" = Feurio! CD-Writer
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.1.30.627
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RealPlayer 12.0" = RealPlayer
"Soulseek2" = SoulSeek 157 NS 13e
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2012 11:34:10 | Computer Name = EES | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 03.05.2012 02:31:51 | Computer Name = EES | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: HTTP-Status 304: Die Serverantwort ist ungültig. Der Server
 verwendet nicht das definierte Protokoll. Setzen Sie den Auftrag fort. Der Vorgang
 wird von BITS wiederholt.  
 
Error - 03.05.2012 04:18:02 | Computer Name = EES | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 03.05.2012 04:22:30 | Computer Name = EES | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 03.05.2012 11:04:47 | Computer Name = EES | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.05.2012 07:10:58 | Computer Name = EES | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 04.05.2012 14:28:51 | Computer Name = EES | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: burningstudio2010adv.exe, Version:
 9.24.0.11, Zeitstempel: 0x4bded965  Name des fehlerhaften Moduls: bswx.dll, Version:
 0.0.0.0, Zeitstempel: 0x4b6ffc48  Ausnahmecode: 0xc000000d  Fehleroffset: 0x001976e1
ID
 des fehlerhaften Prozesses: 0x1e90  Startzeit der fehlerhaften Anwendung: 0x01cd2a1cf571c10a
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio
 2010 Advanced\burningstudio2010adv.exe  Pfad des fehlerhaften Moduls: C:\Program 
Files (x86)\Ashampoo\Ashampoo Burning Studio 2010 Advanced\bswx.dll  Berichtskennung:
 fe77ef0e-9616-11e1-81f3-60eb698acbbd
 
Error - 05.05.2012 05:12:04 | Computer Name = EES | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: HTTP-Status 304: Die Serverantwort ist ungültig. Der Server
 verwendet nicht das definierte Protokoll. Setzen Sie den Auftrag fort. Der Vorgang
 wird von BITS wiederholt.  
 
Error - 06.05.2012 06:19:51 | Computer Name = EES | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 06.05.2012 09:02:00 | Computer Name = EES | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 07.05.2012 10:40:19 | Computer Name = EES | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige
 XML-Syntax.
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 17.01.2012 18:46:01 | Computer Name = EES | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: Der Prozess kann nicht auf die Datei
 "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin" zugreifen,
 da sie von einem anderen Prozess verwendet wird.
 
[ Media Center Events ]
Error - 04.06.2011 04:47:54 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 10:47:54 - Fehler beim Herstellen der Internetverbindung.  10:47:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.06.2011 04:48:26 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 10:48:13 - Fehler beim Herstellen der Internetverbindung.  10:48:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.06.2011 04:53:12 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 10:53:12 - Fehler beim Herstellen der Internetverbindung.  10:53:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.06.2011 04:53:46 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 10:53:42 - Fehler beim Herstellen der Internetverbindung.  10:53:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2011 05:46:49 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 11:46:47 - Fehler beim Herstellen der Internetverbindung.  11:46:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2011 05:47:50 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 11:46:59 - Fehler beim Herstellen der Internetverbindung.  11:46:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.08.2011 09:13:27 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 15:13:27 - Fehler beim Herstellen der Internetverbindung.  15:13:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.08.2011 09:14:00 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 15:13:56 - Fehler beim Herstellen der Internetverbindung.  15:13:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.08.2011 01:41:56 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 07:41:56 - Fehler beim Herstellen der Internetverbindung.  07:41:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.08.2011 01:42:43 | Computer Name = EES | Source = MCUpdate | ID = 0
Description = 07:42:26 - Fehler beim Herstellen der Internetverbindung.  07:42:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 29.07.2012 08:27:26 | Computer Name = EES | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 29.07.2012 08:29:20 | Computer Name = EES | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 29.07.2012 08:29:20 | Computer Name = EES | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 29.07.2012 08:45:51 | Computer Name = EES | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 29.07.2012 08:45:57 | Computer Name = EES | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 29.07.2012 08:45:58 | Computer Name = EES | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 29.07.2012 08:46:12 | Computer Name = EES | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 29.07.2012 08:47:26 | Computer Name = EES | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 29.07.2012 08:47:26 | Computer Name = EES | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 29.07.2012 08:48:59 | Computer Name = EES | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von efixx (29.07.2012 um 14:11 Uhr)

Alt 30.07.2012, 15:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Standard

Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2



Zitat:
nicht zuletzt weil ich für meinen Lenovo-Laptop keine Windows7-CD habe.
Wenn's nur darum geht => http://www.trojaner-board.de/100776-...tml#post676887
__________________

__________________

Alt 30.07.2012, 17:54   #3
efixx
 
Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Standard

Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2



Ah, schon mal ein guter Tipp! Aber es gibt noch andere Gründe, warum ich ungern das System neu aufsetzen möchte. Vielleicht werde ich die Trojaner auch ohne los...
__________________

Alt 30.07.2012, 21:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Standard

Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.07.2012, 14:01   #5
efixx
 
Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Standard

Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2



Malware hat nix gefunden!?


Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Efixx :: EES [Administrator]

Schutz: Deaktiviert

31.07.2012 10:37:52
mbam-log-2012-07-31 (10-37-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|R:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438524
Laufzeit: 3 Stunde(n), 17 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 31.07.2012, 19:51   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Standard

Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2



Oh na und? Dafür hat es doch schon im Quickscan was gefunden!
Was ist mit ESET?
__________________
--> Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2

Antwort

Themen zu Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2
ad-aware, administrator, anti-malware, antivir, appdata, aufsetzen, auftrag, autostart, bingbar, breitband, dateien, explorer, gelöscht, install.exe, laptop, laptop befallen, logfile, malwarebytes, microsoft, microsoft office starter 2010, msvcrt, neu, neu aufsetzen, problem, pwmtr64v.dll, quarantäne, richtlinie, saving, searchscopes, software, speicher, temp, test, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, trojan.fakealert, trojaner, windows



Ähnliche Themen: Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2


  1. Windows 8 x64 mit tr/atraps.gen - tr/atraps.gen2 befallen
    Log-Analyse und Auswertung - 17.01.2014 (50)
  2. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  3. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  4. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  5. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  6. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  7. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  8. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 28.07.2012 (25)
  9. System von TR/ATRAPS.Gen, TR/ATRAPS.Gen2 befallen
    Log-Analyse und Auswertung - 16.07.2012 (2)
  10. Auch ich bin befallen: TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (22)
  11. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  12. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  13. Laptop von Trojaner Virus atraps.gen 2 / TR/Small.FI befallen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (18)
  14. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  15. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  16. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  17. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)

Zum Thema Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Hallo zusammen! Am Freitag schlug mein Antivir im Minutentakt da mein Laptop mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 befallen ist. Hatte einen kompletten Systemscan mit Antivir und auch Ad-Aware durchgeführt und danach - Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2...
Archiv
Du betrachtest: Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.