Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.08.2012, 07:06   #1
derlucky
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN



Einen schönen guten Abend!

Auch ich bin neu hier und hoffe, dass ich nicht allzuviel falsch mache. Man möge es mir verzeihen, ich tu mein bestes.

Eine kurze Schilderung meines Problems:
Vor ein paar Tagen hat Antivir (einzige Antivirensoftware meines Notebooks) in ziemlich rascher Frequenz die gleichen Fundmeldungen gebracht. Einmal war es der TR/ATRAPS.GEN und ein anderes mal war es der TR/ATRAPS.GEN. Ich habe beide immer wieder von Antivir in die Quarantäne legen lassen, leder vergebens, das Ganze tauchte immer wieder auf.
Nun taucht es nicht mehr auf - jedoch nicht weil es erfolgreich besiegt wurde sondern weil der Echtzeit-Scanner von Antivir einfach lahm gelegt wurde. Der Schirm ist geschlossen und ich habe keine Möglichkeit diesen wieder aufzubekommen.

Ich habe mich schon erkundigt und die kuriosesten Hinweise gefunden. Der beste Hinweis kam von hier und zwar dass man einfach Logfiles posten soll, genauso wie ESET durchlaufen lassen soll.

Dies hab ich mal beides gemacht und hier ist zu Erst die Logfile von Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lukas :: NOTEBOOK_LUKAS [Administrator]

03.08.2012 21:46:15
mbam-log-2012-08-03 (21-46-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 523613
Laufzeit: 1 Stunde(n), 57 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\Installer\{006C1A57-AFDF-52F5-DC42-D8D3BC0B91DD}\syshost.exe (Trojan.Dropper.Necurs) -> 2200 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\syshost32 (Trojan.Dropper.Necurs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Windows\Installer\{006C1A57-AFDF-52F5-DC42-D8D3BC0B91DD}\syshost.exe (Trojan.Dropper.Necurs) -> Löschen bei Neustart.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\H@tKeysH@@k.DLL (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Löschen bei Neustart.

(Ende)
         
Logfile von ESET:
Code:
ATTFilter
C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe	a variant of Win32/HackTool.CheatEngine.AB application
C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS0YIQUW\JDownloaderSetup_CH5[1].exe	a variant of Win32/InstallCore.AF application
C:\Users\Lukas\AppData\Local\Temp\262183938.exe	a variant of Win32/Kryptik.AJIK trojan
C:\Users\Lukas\AppData\Local\Temp\jar_cache142006909864784727.tmp	a variant of Java/Exploit.CVE-2012-0507.DD trojan
C:\Users\Lukas\AppData\Local\Temp\SetupDataMngr_BearShare.exe	Win32/Toolbar.SearchSuite application
C:\Users\Lukas\AppData\Local\Temp\is1070216317\MyBabylonTB.exe	Win32/Toolbar.Babylon application
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\53a71556-25203a53	multiple threats
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\6afb725f-4c83d32c	Java/Exploit.Agent.NAY trojan
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\74de1e68-778b9874	Java/Exploit.CVE-2012-0507.BT trojan
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\115675fa-613d814a	Java/Exploit.Agent.AB trojan
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\70fb8ffb-5bfc06d3	Java/TrojanDownloader.Agent.NDR trojan
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\556badbd-29bd3721	Java/Exploit.Agent.NAY trojan
C:\Windows\Installer\{006C1A57-AFDF-52F5-DC42-D8D3BC0B91DD}\syshost.exe	a variant of Win32/Kryptik.AJFW trojan
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\n	Win64/Sirefef.W trojan
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\80000000.@	Win64/Sirefef.AL trojan
C:\Windows\System32\H@tKeysH@@k.DLL	Win32/HackTool.HotKeysHook application
C:\Windows\SysWOW64\H@tKeysH@@k.DLL	Win32/HackTool.HotKeysHook application
Operating memory	a variant of Win32/Wigon.PB trojan
         
Ich hoffe Ihr könnt mir helfen.
Noch eine gute Nacht,
Lukas

Alt 05.08.2012, 01:41   #2
t'john
/// Helfer-Team
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 05.08.2012, 10:31   #3
derlucky
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN



Hi!
Erst einmal danke für die weiterführenden Schritte.
Ich habe OTL mal durchlaufenlassen.

Was neu ist, Windows zeigt ständig Fehlermeldungen, dass irgendwelche Dateien nicht mehr existieren oder fehlerhaft sind. So kann ich den Taskmanager auch nicht mehr starten weil "pcwum.dll" nicht zu finden.

Nunja wie dem auch sei, folgende Logfiles hat's gegeben:

Logfile 1(OTL)
Code:
ATTFilter
OTL logfile created on: 05.08.2012 11:21:16 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Lukas\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,29% Memory free
15,90 Gb Paging File | 13,67 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 387,54 Gb Total Space | 117,35 Gb Free Space | 30,28% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK_LUKAS | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lukas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Users\Lukas\lapqeteazore.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Lukas\Documents\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Users\Lukas\Documents\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Users\Lukas\Documents\xampp\filezillaftp\filezillaserver.exe (FileZilla Project)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (738ee479cdefbaee) -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Apache2.2) -- C:\Users\Lukas\Documents\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- C:\Users\Lukas\Documents\xampp\mysql\bin\mysqld.exe ()
SRV - (FileZilla Server) -- C:\Users\Lukas\Documents\xampp\filezillaftp\filezillaserver.exe (FileZilla Project)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys ()
DRV:64bit: - (738ee479cdefbaee) -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys ()
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys ()
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys ()
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\Drivers\uim_vimx64.sys ()
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\DRIVERS\IntcDAud.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys ()
DRV:64bit: - (ak1avs) -- C:\Windows\SysNative\Drivers\ak1avs.sys ()
DRV:64bit: - (ak1usb_svc) -- C:\Windows\SysNative\Drivers\ak1usb.sys ()
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys ()
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\tsusbflt.sys ()
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys ()
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\synth3dvsc.sys ()
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys ()
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys ()
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys ()
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys ()
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\DRIVERS\HECIx64.sys ()
DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\DRIVERS\InputFilter_FlexDef2b.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys ()
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys ()
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys ()
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys ()
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys ()
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys ()
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys ()
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys ()
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 34 9E D1 D9 DA CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2012.05.01 19:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.03 21:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.03 21:35:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\l1ehoxqn.default\extensions\mail@gutscheinrausch.de
 
[2012.01.29 10:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2012.08.04 17:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\l1ehoxqn.default\extensions
[2012.08.03 21:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.03 21:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.02.18 20:59:10 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.08.02 16:21:41 | 000,013,136 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\INFO@ELIME.BE.XPI
[2012.07.19 21:42:07 | 000,017,492 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\NEWTABMOD@BYTEDISORDER.COM.XPI
[2012.03.22 23:58:49 | 000,129,384 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\SCILORSGROOVEUNLOCKER@SCILOR.COM.XPI
[2012.08.03 21:35:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.26 15:06:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.09 17:50:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.20 16:05:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.09 17:50:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.09 17:50:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.09 17:50:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.09 17:50:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.06.02 02:11:36 | 000,003,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 71 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [lapqeteazore] C:\Users\Lukas\lapqeteazore.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{870D15D3-C4C2-41E7-A5D0-442D5253584F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{928B21E6-80B6-4A09-B62F-9BDF205AAF96}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\Shell - "" = AutoRun
O33 - MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\Shell - "" = AutoRun
O33 - MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\Shell - "" = AutoRun
O33 - MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\Shell - "" = AutoRun
O33 - MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.04 23:06:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{E6A1A833-67B5-4859-8B6E-98149C1CB260}
[2012.08.04 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{581EFE1A-DB46-4D11-B00E-3FEAA8BA3920}
[2012.08.04 10:21:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{2BCE4CC4-5E8A-4A4F-B1C2-B3B3E0964A79}
[2012.08.04 10:21:21 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{62C426EA-18BA-4D04-8F3D-7C4583736989}
[2012.08.03 22:20:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{72524609-C62E-4334-8C66-D8CC90F3EC3F}
[2012.08.03 22:20:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{12AAB31E-ED88-47F2-AF6A-DA128B085057}
[2012.08.03 21:45:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2012.08.03 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.03 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.03 21:45:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.03 21:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.03 21:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.03 21:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.08.03 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{129BD54F-1ABA-48A4-B303-56C174971084}
[2012.08.03 10:19:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3AABCFF9-28A6-4E10-9347-276329299A11}
[2012.08.02 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{0E7E3E8C-372B-4EE3-A508-1390D54579F3}
[2012.08.02 20:06:55 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{B14AEE14-A799-46D9-A59B-111A7320F369}
[2012.08.02 16:03:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\workspace
[2012.08.02 16:02:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\eclipse
[2012.08.02 08:06:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{759016A8-A494-40B6-BDDF-910EF9E4FE47}
[2012.08.02 08:06:17 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{718F61F3-B2D1-4C0B-ABEF-2259D01D0E90}
[2012.08.01 11:13:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{04285DDD-99F2-403D-9A48-055D277B390E}
[2012.08.01 11:13:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{4ADB0A6D-64ED-4E3C-B1DC-39B0A9E87CD1}
[2012.07.31 21:35:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{F30C7FBA-1AA1-4D23-8E31-D3AD3FFE7C99}
[2012.07.31 21:34:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{5F60641C-D475-4446-BC09-E59286C0EA95}
[2012.07.31 09:34:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{78D7BDEB-F19D-4394-99CA-019F5CB863BD}
[2012.07.31 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3BCAEB0B-D1CA-4400-B9D6-C888F9593A00}
[2012.07.30 19:51:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{D74EE2BC-1273-4759-ABD3-7CA145912AC8}
[2012.07.30 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{556AC4E3-94DA-4173-A61B-8FADF4EB49F0}
[2012.07.30 06:15:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{822FE345-12CB-4525-BD42-05104B1F3B31}
[2012.07.30 06:15:02 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C0D91DEA-8ACC-4EC3-9272-26EB01C61473}
[2012.07.29 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{6F96333C-4018-4D28-8705-62AE94E7C62C}
[2012.07.29 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{00EDB114-582C-49C5-AA95-08CFAF3FF218}
[2012.07.29 13:58:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{EDCCD211-1681-4F24-97F2-300FBD7F8BD4}
[2012.07.29 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C8F84DA0-D550-47CD-BCD2-F4D8D53F0D30}
[2012.07.29 00:01:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{D7EB7009-E53F-44CF-B488-CAC6D3C828A9}
[2012.07.29 00:00:55 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{5BD7DAA7-0550-487E-B355-8611052FE9EB}
[2012.07.28 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{04A29FB5-63B8-44A9-A3CC-E5B1C528B572}
[2012.07.28 10:46:30 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C9D09AB7-9C69-475C-8078-D13C0E8E3773}
[2012.07.27 08:39:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C5009F04-0C6D-4F67-8BED-BF7C510D7154}
[2012.07.27 08:39:23 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1196D46D-40FA-4C06-B0D7-90012C97348B}
[2012.07.26 20:38:57 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{BB5A5EB4-C91A-4CD7-B515-360294FD89C6}
[2012.07.26 20:38:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{7F3714B2-A4C1-4706-9B2C-282E19145F00}
[2012.07.26 08:38:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{718A6A70-EE12-4571-B89D-4DFB1CB5819B}
[2012.07.26 08:38:08 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3536EB19-266E-4692-889F-99716FF5C698}
[2012.07.25 20:13:02 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{49223E55-FD97-457E-86C3-19BE3C5651FF}
[2012.07.25 20:12:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{8FCCD218-E9FA-4A14-9F50-804B40DB2EC6}
[2012.07.25 08:12:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{65BD8A7E-AAAE-443F-9202-3C85648EB5AE}
[2012.07.25 08:12:13 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{7232195A-E579-4ED0-86AA-F1D603D3E011}
[2012.07.24 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{F47B9CEA-71DC-461D-AAD4-82F48344402E}
[2012.07.24 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{39B05986-9BCD-424A-8A7B-63EFC2271FB4}
[2012.07.24 01:23:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{0FFF76CF-391B-419B-A666-D83B900574DB}
[2012.07.24 01:22:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{52E7C5FE-65AF-4DC1-A201-F8FAD49CD603}
[2012.07.23 13:22:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1BCE81D5-AA69-46D0-B9DE-00F034FBA3EB}
[2012.07.23 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{9C880A9C-F5EA-4FF2-ACCD-632B6A61C29A}
[2012.07.22 10:27:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{13476589-F464-4616-A87C-1105F032A5EC}
[2012.07.22 10:26:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3BEB1EA8-34EA-4E58-A4FC-6AC7354C2EC3}
[2012.07.21 21:01:55 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{7A020665-F9C9-40E5-B91E-A8FA875D38D4}
[2012.07.21 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{017CF8F4-DB47-4E96-9478-472AF6DB5D01}
[2012.07.21 09:01:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{515B148A-4DCA-4B60-9B20-0326A23114E0}
[2012.07.21 09:00:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1E03AAF5-254E-4219-8DC8-7A833B874420}
[2012.07.20 21:00:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{9829D301-43E7-4C4F-B9D6-1A968FE6814C}
[2012.07.20 20:59:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{ABDC4C02-4B66-43E6-A22F-649B4819B7F1}
[2012.07.20 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{4FDC1E79-A49C-4A6E-B6DE-82ACCE03EA77}
[2012.07.20 08:59:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{87D94C98-01AF-49AB-9294-650C570797D1}
[2012.07.19 20:58:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{098D84CC-CD23-4B49-B2C4-73C1C2047729}
[2012.07.19 20:58:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{0A77D450-90D8-4EBB-81F6-E4DE0E63D7EB}
[2012.07.19 08:57:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{2B29211A-FB42-4DC7-8DE8-376BE5520B73}
[2012.07.19 08:56:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{B0CD3E0B-779D-4A21-827A-46FDFBA0D99C}
[2012.07.18 20:56:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{56019E05-FF5F-49A2-8652-D41341B912FA}
[2012.07.18 20:55:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{A01DC020-83AD-484A-BE02-AF5D058565D1}
[2012.07.18 08:55:41 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{E4CA43A9-8D86-42D3-AE1C-000D10D10DD6}
[2012.07.18 08:55:19 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{55A4E710-18E3-4168-8297-2A09267FEDB5}
[2012.07.17 20:48:47 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{39AFFE83-9D1A-4D56-BABA-83377CA2B920}
[2012.07.17 20:48:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{5F7CEED3-9F0E-46D9-9833-5B522BD3E9C3}
[2012.07.17 08:48:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3A16DF7D-EB51-4F80-912F-0E4C2B4ACB21}
[2012.07.17 08:47:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{CDEBACFE-CC39-4301-B028-7B688B3AC9C1}
[2012.07.16 19:47:03 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{8F8EF716-C8A4-42B4-8CBF-9A9C6109C746}
[2012.07.16 19:44:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{E062145F-82F2-4914-8A09-55684B574C82}
[2012.07.16 07:43:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{2EC456B0-B388-455C-AB38-563E95DC6EA4}
[2012.07.16 07:43:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{F27C71A8-0BEE-4C92-BFE8-64E656C2DBA1}
[2012.07.15 19:43:26 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{4E81E0CE-135B-4035-BB3C-8F0E89827F40}
[2012.07.15 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{AF8C7AC6-E61B-4630-A751-1614F4AB225F}
[2012.07.14 22:07:00 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{CDCB0FC7-B0C5-4215-A974-11488EDB4077}
[2012.07.14 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3EF88E5A-222A-4B30-AF44-476C34A96D44}
[2012.07.14 10:06:22 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{0644D0F1-95A1-4AAF-A56C-E9CBBE84274B}
[2012.07.14 10:06:09 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{41D0A550-7CB4-4531-BA2F-A0C013B77C23}
[2012.07.13 09:42:47 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{929042B4-CCF8-43C9-9750-68A236934A37}
[2012.07.13 09:42:35 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{F2FD00B7-041D-46FE-AD57-FE4AFA9A6478}
[2012.07.12 21:42:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{02DD909C-5188-4520-8DE4-67579D99DB7D}
[2012.07.12 21:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{92BD13E5-1988-4647-8DFA-E18148EB3C3D}
[2012.07.12 09:41:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{E6ED21C7-1AB4-4D73-9CEE-58751D56882B}
[2012.07.12 09:41:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{659ADFA2-0A6C-4CC1-94ED-64E249F99293}
[2012.07.11 00:23:41 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1C379E1C-C17C-4907-934B-F669A5E08AA2}
[2012.07.11 00:23:30 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3EC773CF-7F18-4A6A-B1D3-BED26CAE3ED4}
[2012.07.10 12:23:04 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{809FEE29-95A7-491B-B453-B30222B6C1D5}
[2012.07.10 12:22:52 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{D665E085-726D-4410-BDF3-73A55A585ACD}
[2012.07.09 21:42:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{68737564-B661-49F5-AD5E-3AAEE629D471}
[2012.07.09 21:42:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1252D90F-FD16-4A0D-95E5-A68B5B6AF090}
[2012.07.09 09:42:21 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{95B9D38D-453A-4B2C-9150-AD0A5FFBBC08}
[2012.07.09 09:42:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{8271BEAC-EB2C-4CB9-B73B-E9E51AE36B44}
[2012.07.08 13:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{62C5A8C4-FCBA-4980-A0C7-C2EF84594C9B}
[2012.07.08 13:25:12 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{4AB9461B-A78D-4B53-9579-48C9D39C58FE}
[2012.07.07 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{505D0D58-1C84-4451-966F-274E79E222AF}
[2012.07.07 16:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{B0F8BCC0-3592-4184-8C23-62E173ADAA74}
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.05 11:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 10:41:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.04 20:41:41 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.04 20:41:41 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 20:41:41 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 20:41:41 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 20:41:41 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 20:40:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.04 20:37:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 20:37:11 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 14:01:52 | 000,132,832 | ---- | M] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.04 14:01:52 | 000,027,760 | ---- | M] () -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.03 21:45:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.03 00:17:13 | 000,000,132 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.08.02 22:12:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.02 22:12:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.02 08:32:00 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.08.01 16:07:38 | 000,205,524 | ---- | M] () -- C:\Users\Lukas\Documents\ver4.pdf
[2012.08.01 16:07:31 | 000,221,133 | ---- | M] () -- C:\Users\Lukas\Documents\ver3.pdf
[2012.08.01 16:07:26 | 000,419,018 | ---- | M] () -- C:\Users\Lukas\Documents\ver2.pdf
[2012.08.01 16:07:22 | 000,841,321 | ---- | M] () -- C:\Users\Lukas\Documents\ver.pdf
[2012.08.01 15:14:28 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 15:14:28 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 14:47:42 | 000,083,912 | ---- | M] () -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys
[2012.08.01 14:45:03 | 000,090,584 | ---- | M] () -- C:\Users\Lukas\lapqeteazore.exe
[2012.07.23 21:37:50 | 000,002,037 | ---- | M] () -- C:\Users\Lukas\Desktop\JDownloader.lnk
[2012.07.18 08:27:50 | 004,998,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.17 09:40:02 | 000,000,132 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.04 14:02:02 | 000,027,760 | ---- | C] () -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.04 14:02:01 | 000,132,832 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.03 21:45:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.01 16:23:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\800000cb.@
[2012.08.01 16:22:57 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\80000000.@
[2012.08.01 16:07:38 | 000,205,524 | ---- | C] () -- C:\Users\Lukas\Documents\ver4.pdf
[2012.08.01 16:07:31 | 000,221,133 | ---- | C] () -- C:\Users\Lukas\Documents\ver3.pdf
[2012.08.01 16:07:26 | 000,419,018 | ---- | C] () -- C:\Users\Lukas\Documents\ver2.pdf
[2012.08.01 16:07:22 | 000,841,321 | ---- | C] () -- C:\Users\Lukas\Documents\ver.pdf
[2012.08.01 14:47:42 | 000,083,912 | ---- | C] () -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys
[2012.08.01 14:45:29 | 000,090,584 | ---- | C] () -- C:\Users\Lukas\lapqeteazore.exe
[2012.08.01 14:45:14 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\00000001.@
[2012.07.29 13:57:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.23 21:37:50 | 000,002,037 | ---- | C] () -- C:\Users\Lukas\Desktop\JDownloader.lnk
[2012.07.17 09:40:02 | 000,000,132 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.06.02 15:18:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@
[2012.06.02 15:18:18 | 000,002,048 | -HS- | C] () -- C:\Users\Lukas\AppData\Local\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@
[2012.05.02 22:25:26 | 000,000,132 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.03.02 20:39:39 | 000,000,473 | ---- | C] () -- C:\Windows\zelscope.ini
[2012.02.27 07:10:49 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.02.18 18:52:12 | 000,000,700 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.07 08:53:31 | 000,003,584 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.29 10:25:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.01.26 01:21:57 | 000,078,717 | ---- | C] () -- C:\Windows\hpqins05.dat
[2012.01.26 00:45:59 | 000,184,150 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012.01.26 00:45:59 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012.01.25 23:26:16 | 000,211,056 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2012.01.25 14:15:32 | 000,217,119 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012.01.25 14:15:32 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012.01.25 11:56:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.01.24 23:00:32 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.01.24 22:36:19 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.01.24 22:33:20 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.26 12:54:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.26 12:53:54 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.26 12:53:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.26 12:53:48 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.26 12:53:48 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Lukas\Downloads:Shareaza.GUID

< End of report >
         
Logfile 2
Code:
ATTFilter
OTL Extras logfile created on: 05.08.2012 11:21:16 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Lukas\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,29% Memory free
15,90 Gb Paging File | 13,67 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 387,54 Gb Total Space | 117,35 Gb Free Space | 30,28% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK_LUKAS | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2380258265-3006174749-279724184-1001]
"EnableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{82E3FBCE-9BA2-44E3-9FF9-EFE9E8B70131}" = Oracle VM VirtualBox 4.0.4
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SpeedCommander 13 (x64)" = SpeedCommander 13 (x64)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{59E13EA0-9604-47DF-BEB7-3651E6E09221}" = Scope
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B91D6B0B-296F-421D-B697-EE5F4F09AB18}" = Zelscope
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BDD94A53-3F42-48ED-BB61-B3F85AE93EEE}_is1" = Chicken Invaders 4 Osteredition Version 4.13int
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C9BEFDFB-A2DD-4D88-881C-3B303CCE384E}" = ActiveState Komodo Edit 7.0.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4911E92-A059-4901-8AB3-8638B6D96456}_is1" = Groovedown Version 0.84
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1&1 SoftPhone" = 1&1 SoftPhone
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blend_4.0.20525.0" = Microsoft Expression Blend 4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Debut" = Debut Video Capture Software
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Emperor" = Emperor - Schlacht um Dune
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader 5.1
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"ID3-TagIT 3_is1" = ID3-TagIT 3
"ImgBurn" = ImgBurn
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Service Center" = Native Instruments Service Center
"Nvu_is1" = Nvu 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"Verbindungsassistent" = Verbindungsassistent
"VGEE" = Vista Game Explorer Editor
"Virtual Guitarist" = Steinberg Virtual Guitarist
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"World of Warcraft" = World of Warcraft
"X - Beyond the Frontier" = X - Beyond the Frontier
"xampp" = XAMPP 1.7.7
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.7.9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VirtuaGirl_is1" = VirtuaGirl Version 1.1.0.12
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2012 22:25:34 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0xfb8  Startzeit der fehlerhaften Anwendung: 0x01cd72b198075cdd
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: d5b8aa7e-dea4-11e1-8584-ec9a743e8b9e
 
Error - 04.08.2012 22:45:30 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x4ec  Startzeit der fehlerhaften Anwendung: 0x01cd72b460611263
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 9e14c164-dea7-11e1-8584-ec9a743e8b9e
 
Error - 04.08.2012 22:45:30 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0xfe4  Startzeit der fehlerhaften Anwendung: 0x01cd72b4606a97e4
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 9e1e46e5-dea7-11e1-8584-ec9a743e8b9e
 
Error - 04.08.2012 23:06:33 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x544  Startzeit der fehlerhaften Anwendung: 0x01cd72b7514d944e
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 8f03a4af-deaa-11e1-8584-ec9a743e8b9e
 
Error - 04.08.2012 23:06:33 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x1094  Startzeit der fehlerhaften Anwendung: 0x01cd72b7515719cf
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 8f0ac8d0-deaa-11e1-8584-ec9a743e8b9e
 
Error - 04.08.2012 23:21:10 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x1294  Startzeit der fehlerhaften Anwendung: 0x01cd72b95c1cecf5
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 99d2fd56-deac-11e1-8584-ec9a743e8b9e
 
Error - 04.08.2012 23:21:10 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x4b4  Startzeit der fehlerhaften Anwendung: 0x01cd72b95c267276
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 99da2177-deac-11e1-8584-ec9a743e8b9e
 
Error - 05.08.2012 00:16:31 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x1258  Startzeit der fehlerhaften Anwendung: 0x01cd72c1179d54f2
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 55536553-deb4-11e1-8584-ec9a743e8b9e
 
Error - 05.08.2012 00:16:31 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x1100  Startzeit der fehlerhaften Anwendung: 0x01cd72c117a6da73
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 555a8974-deb4-11e1-8584-ec9a743e8b9e
 
Error - 05.08.2012 00:37:41 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x10a0  Startzeit der fehlerhaften Anwendung: 0x01cd72c40c85b50e
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 4a39640f-deb7-11e1-8584-ec9a743e8b9e
 
Error - 05.08.2012 00:37:41 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0xde0  Startzeit der fehlerhaften Anwendung: 0x01cd72c40c8cd92f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 4a408830-deb7-11e1-8584-ec9a743e8b9e
 
[ System Events ]
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 08.05.2012 05:36:58 | Computer Name = Notebook_Lukas | Source = Service Control Manager | ID = 7030
Description = Der Dienst "FileZilla Server FTP server" ist als interaktiver Dienst
 gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
 nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 09.05.2012 11:57:57 | Computer Name = Notebook_Lukas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 10.05.2012 00:43:34 | Computer Name = Notebook_Lukas | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
 
< End of report >
         
__________________

Alt 05.08.2012, 11:59   #4
t'john
/// Helfer-Team
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - C:\Users\Lukas\lapqeteazore.exe () 
SRV:64bit: - (738ee479cdefbaee) -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} 
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..network.proxy.type: 4 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found 
[2012.07.19 21:42:07 | 000,017,492 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\NEWTABMOD@BYTEDISORDER.COM.XPI 
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found 
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found 
O4 - HKLM..\Run: [NPSStartup] File not found 
O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O4 - HKCU..\Run: [lapqeteazore] C:\Users\Lukas\lapqeteazore.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\Shell - "" = AutoRun 
O33 - MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\Shell - "" = AutoRun 
O33 - MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\Shell - "" = AutoRun 
O33 - MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\Startme.exe 
O33 - MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\Shell - "" = AutoRun 
O33 - MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\Shell\AutoRun\command - "" = F:\start.exe 
O33 - MountPoints2\E\Shell - "" = AutoRun 
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe 
 
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.08.01 14:45:03 | 000,090,584 | ---- | M] () -- C:\Users\Lukas\lapqeteazore.exe 
 
@Alternate Data Stream - 16 bytes -> C:\Users\Lukas\Downloads:Shareaza.GUID 

[2012.08.05 11:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.08.05 10:41:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.04 20:40:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
 
[2012.08.01 14:45:14 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\00000001.@ 
[2012.08.01 16:23:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\800000cb.@ 
[2012.08.01 16:22:57 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\80000000.@ 
[2012.07.29 13:58:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{EDCCD211-1681-4F24-97F2-300FBD7F8BD4} 
[2012.07.29 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C8F84DA0-D550-47CD-BCD2-F4D8D53F0D30} 
[2012.06.02 15:18:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@ 
[2012.06.02 15:18:18 | 000,002,048 | -HS- | C] () -- C:\Users\Lukas\AppData\Local\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@ 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.08.2012, 14:59   #5
derlucky
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN



Hi!
Taskmanager lässt sich wieder öffnen, Antivir Echtzeit-Scanner geht nach wie vor nicht - leider. Dennoch schonmal vielen Dank für die wirkungsvolle Hilfe!

Hier der Logfile vom Fixen im OTL:
Code:
ATTFilter
All processes killed
========== OTL ==========
Unable to kill active process lapqeteazore.exe!
Error: No service named 738ee479cdefbaee was found to stop!
Service\Driver key 738ee479cdefbaee not found.
File  C:\Windows\SysNative\drivers\738ee479cdefbaee.sys  not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: 4 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00\ deleted successfully.
C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\NEWTABMOD@BYTEDISORDER.COM.XPI moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lapqeteazore deleted successfully.
File C:\Users\Lukas\lapqeteazore.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\ not found.
File E:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbd20e35-4734-11e1-945d-94503fe858b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbd20e35-4734-11e1-945d-94503fe858b6}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
C:\Windows\SysWow64\REN8759.tmp deleted successfully.
C:\Windows\SysWow64\REN875A.tmp deleted successfully.
C:\Windows\SysWow64\REN875B.tmp deleted successfully.
File C:\Users\Lukas\lapqeteazore.exe not found.
Unable to delete ADS C:\Users\Lukas\Downloads:Shareaza.GUID .
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\00000001.@ moved successfully.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\80000000.@ moved successfully.
C:\Users\Lukas\AppData\Local\{EDCCD211-1681-4F24-97F2-300FBD7F8BD4} folder moved successfully.
C:\Users\Lukas\AppData\Local\{C8F84DA0-D550-47CD-BCD2-F4D8D53F0D30} folder moved successfully.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@ moved successfully.
C:\Users\Lukas\AppData\Local\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lukas\Downloads\cmd.bat deleted successfully.
C:\Users\Lukas\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
 
User: Lukas
->Temp folder emptied: 3197976507 bytes
->Temporary Internet Files folder emptied: 445485213 bytes
->Java cache emptied: 2432235 bytes
->FireFox cache emptied: 1117782774 bytes
->Google Chrome cache emptied: 7658869 bytes
->Flash cache emptied: 61986 bytes
 
User: Public
 
User: Silvia
->Temp folder emptied: 34655 bytes
->Temporary Internet Files folder emptied: 824206 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83872264 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66647883 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 758 bytes
RecycleBin emptied: 16096460753 bytes
 
Total Files Cleaned = 20.046,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Lukas
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Silvia
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08052012_154511

Files\Folders moved on Reboot...
File\Folder C:\Users\Lukas\AppData\Local\Temp\etilqs_63I2Wso1E6w2zcE not found!
C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Lukas\AppData\Local\Temp\~DF96DC2F3D7933B121.TMP not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\~DFEA6804C92BC69DD2.TMP not found!
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\urlclassifier3.sqlite moved successfully.

PendingFileRenameOperations files...
File C:\Users\Lukas\AppData\Local\Temp\etilqs_63I2Wso1E6w2zcE not found!
File C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Lukas\AppData\Local\Temp\~DF96DC2F3D7933B121.TMP not found!
File C:\Users\Lukas\AppData\Local\Temp\~DFEA6804C92BC69DD2.TMP not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\startupCache\startupCache.4.little not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_001_ not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_002_ not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_003_ not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_MAP_ not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\urlclassifier3.sqlite not found!

Registry entries deleted on Reboot...
         


Alt 05.08.2012, 20:36   #6
t'john
/// Helfer-Team
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN



Sehr gut!


1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN

Alt 06.08.2012, 06:19   #7
derlucky
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN



Hab'ick jemacht!

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lukas :: NOTEBOOK_LUKAS [Administrator]

06.08.2012 02:30:33
mbam-log-2012-08-06 (02-30-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 502817
Laufzeit: 53 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ADWCleaner:
Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/06/2012 at 02:29:45
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Lukas - NOTEBOOK_LUKAS
# Running from : C:\Users\Lukas\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Lukas\AppData\Local\vghd
Folder Found : C:\Users\Lukas\AppData\Roaming\QuickStoresToolbar
Folder Found : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\l1ehoxqn.default\extensions\plugin@yontoo.com
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
File Found : C:\Users\Lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Found : C:\Users\Lukas\Desktop\QuickStores.url

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (de)

Profile name : default 
File : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\l1ehoxqn.default\prefs.js

Found : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Found : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,SciLorsGrooveUnlocker@scilor[...]
Found : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5688 octets] - [06/08/2012 02:29:45]

########## EOF - C:\AdwCleaner[R1].txt - [5816 octets] ##########
         

Alt 06.08.2012, 15:23   #8
t'john
/// Helfer-Team
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.08.2012, 00:01   #9
t'john
/// Helfer-Team
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN
administrator, anti-malware, antivir, appdata, autostart, blockiert, code, dateien, echtzeit-scanner, explorer, falsch, gelöscht, java/exploit.cve-2012-0507.dd, lahm, logfiles, löschen, malwarebytes, microsoft, neu, nicht mehr, services, software, speicher, syshost.exe, syshost32, system32, tr/atraps.gen, trojan.agent, variant, win32/hacktool.cheatengine.ab



Ähnliche Themen: Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN


  1. Avira Echtzeit-Scanner: Zugriff auf Registry wurde blockiert - die Zweite -
    Plagegeister aller Art und deren Bekämpfung - 26.05.2015 (21)
  2. Avira Echtzeit-Scanner: Zugriff auf Registry wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 07.05.2015 (28)
  3. Avira Antivir wird blockiert
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (31)
  4. Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167
    Log-Analyse und Auswertung - 09.07.2014 (35)
  5. Windows 8.1 - McAfee - Echtzeit-Scanner deaktiviert sich von selbst
    Log-Analyse und Auswertung - 13.02.2014 (7)
  6. AntiVir Echtzeit Scanner meldete Trojaner, findet jetzt aber nichts mehr
    Log-Analyse und Auswertung - 23.11.2012 (16)
  7. AVIRA Echtzeit-Scanner meldet ständig einen TR/ATRAPS.Gen2 Virus
    Log-Analyse und Auswertung - 14.09.2012 (1)
  8. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  9. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  10. Avira Echtzeit Scanner - TR/Crypt.ZPACK.Gen - nur false positive?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (2)
  11. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  12. Antivir zeigt stänidg Fund von TR/ATRAPS.Gen2, TR/Sirefef.AG.35 und TR/Small.FI an
    Plagegeister aller Art und deren Bekämpfung - 02.06.2012 (1)
  13. Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (10)
  14. sinowal e nach antivir scanner
    Plagegeister aller Art und deren Bekämpfung - 14.12.2009 (1)
  15. gmer-Fund nach Antivir Update
    Antiviren-, Firewall- und andere Schutzprogramme - 20.03.2009 (15)
  16. Antivir wird blockiert
    Log-Analyse und Auswertung - 23.12.2008 (2)
  17. Was tun nach Fund? (antivir)
    Plagegeister aller Art und deren Bekämpfung - 21.07.2006 (5)

Zum Thema Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN - Einen schönen guten Abend! Auch ich bin neu hier und hoffe, dass ich nicht allzuviel falsch mache. Man möge es mir verzeihen, ich tu mein bestes. Eine kurze Schilderung meines - Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN...
Archiv
Du betrachtest: Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.