| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.08.2012, 17:48
| #1 |
 |  TR/ATRAPS.Gen2 gefunden Hallo liebes Forum, mir meldet seit gestern Avira Antivir, dass mein Rechner vom TR/ATRAPS.Gen2 befallen ist. Habe diesen bereits mehrmals von Antivir entfernen lassen, doch die Meldung erscheint nach wenigen Minuten dann wieder. Habe auch schon mehrmals Malwarebytes Anti-Malware durchlaufen lassen und die Funde entfernt. Nach dem Neustart bleibt das Problem aber weiterhin bestehen. Bin nun die Anleitung durchgegangen und habe nach der Benutzung von defogger, OTL und Malwarebytes Log-Datein erstellen lassen. Wäre super, wenn mir einer von Euch helfen könnte! Vielen Dank Gruß Alex OTL.Txt. Code:
ATTFilter OTL logfile created on: 08.08.2012 18:20:39 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = E:\DOWNLOADS 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,15% Memory free 8,16 Gb Paging File | 6,99 Gb Available in Paging File | 85,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 7,54 Gb Free Space | 12,87% Space Free | Partition Type: NTFS Drive D: | 358,33 Gb Total Space | 145,16 Gb Free Space | 40,51% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 8,10 Gb Free Space | 16,59% Space Free | Partition Type: NTFS Computer Name: ***** | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.08 18:20:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\DOWNLOADS\OTL.exe PRC - [2012.05.09 08:58:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 08:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 08:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.01.10 14:49:52 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe PRC - [2009.02.18 19:20:07 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2012.08.07 20:31:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.05 10:37:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2012.05.09 08:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 08:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.01.12 10:44:32 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.01.10 14:49:52 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.18 19:20:07 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2007.12.20 01:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.09 08:58:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 08:58:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.01.10 14:51:40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan) DRV:64bit: - [2010.11.09 18:59:09 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.06.29 17:33:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009.06.29 17:33:29 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) DRV:64bit: - [2008.11.18 17:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys -- (gtstusbser_64) DRV:64bit: - [2008.02.14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2008.01.21 04:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007.04.23 14:15:48 | 000,031,016 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt) DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2006.09.18 23:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2006.07.11 09:32:40 | 000,052,120 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfsync03.sys -- (sfsync03) DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2012.02.01 14:24:02 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.02.04 12:59:34 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2008.11.18 17:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys -- (gtstusbser_64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{65008CED-E5F6-4583-92DF-63632298B982}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: E:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.14 10:13:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Besitzer\AppData\Roaming\5025 [2011.09.14 15:58:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Programme\Firefox\components [2012.08.05 10:37:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Programme\Firefox\plugins [2012.03.05 14:45:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.14 10:13:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Besitzer\AppData\Roaming\5025 [2011.09.14 15:58:22 | 000,000,000 | ---D | M] [2009.02.06 18:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2012.08.04 20:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions [2010.06.14 16:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.21 16:49:27 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.08.01 21:16:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.01.23 16:59:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\firefox@tvunetworks.com [2010.05.26 22:06:19 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\illimitux@illimitux.net [2010.02.14 18:38:25 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\searchrecs@veoh.com [2012.08.04 20:09:22 | 000,000,907 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\searchplugins\conduit.xml [2011.09.14 15:58:22 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BESITZER\APPDATA\ROAMING\5025 O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8:64bit: - Extra context menu item: &Download by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: &Download by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EAE83B7-8094-4692-A9E6-3A97A46A9E38}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B58B8DD-8186-42F4-B143-79CB626579D5}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EFDA025-EAD5-4794-8B5F-26A3AF6E4D2B}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D43118-0F76-4CE2-8698-5585CB5C8AB5}: DhcpNameServer = 10.0.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAF0B3C3-A88A-4957-8ADF-B13D20A35A6F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\Shell - "" = AutoRun O33 - MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\Diablo III Setup.exe" O33 - MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\Shell - "" = AutoRun O33 - MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\Shell\AutoRun\command - "" = J:\QsSetup.exe O33 - MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\Shell - "" = AutoRun O33 - MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\Shell\AutoRun\command - "" = c2e.exe O33 - MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\Shell\open\Command - "" = c2e.exe O33 - MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\Shell - "" = AutoRun O33 - MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\Shell\AutoRun\command - "" = G:\QsSetup.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\QsSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Macromedia [2012.08.06 22:12:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.08.05 22:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games [2012.08.04 22:36:01 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\AirportMadness4 [2012.08.04 22:34:38 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Airpo [2012.08.04 22:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartdl [2012.08.04 20:18:35 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Documents\TowerSim [2012.08.04 20:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airport-Tower-Simulator 2012 [2012.08.04 20:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.08.04 20:09:09 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Conduit [2012.08.04 20:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winload ========== Files - Modified Within 30 Days ========== [2012.08.08 18:24:52 | 001,418,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.08 18:24:52 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.08 18:24:52 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.08 18:24:52 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.08 18:24:52 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.08 18:18:03 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.08 18:18:02 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.08 18:18:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.08 18:17:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.08 18:16:22 | 000,000,020 | ---- | M] () -- C:\Users\Besitzer\defogger_reenable [2012.08.07 21:36:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.07 21:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.05 10:38:58 | 000,000,606 | ---- | M] () -- C:\Users\Public\Desktop\AirportMadness4.lnk [2012.08.04 20:09:20 | 000,000,009 | ---- | M] () -- C:\END ========== Files Created - No Company Name ========== [2012.08.08 18:16:21 | 000,000,020 | ---- | C] () -- C:\Users\Besitzer\defogger_reenable [2012.08.08 18:08:30 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000032.@ [2012.08.08 18:08:29 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000008.@ [2012.08.08 18:08:27 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\000000cb.@ [2012.08.08 17:57:17 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000064.@ [2012.08.06 22:12:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.06 21:22:35 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000000.@ [2012.08.06 21:22:05 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\L\00000004.@ [2012.08.05 21:06:00 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000004.@ [2012.08.04 22:35:14 | 000,000,606 | ---- | C] () -- C:\Users\Public\Desktop\AirportMadness4.lnk [2012.08.04 22:35:14 | 000,000,606 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirportMadness4.lnk [2012.08.04 20:09:18 | 000,000,009 | ---- | C] () -- C:\END [2012.05.15 10:14:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.05.15 10:14:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.05.15 10:13:27 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.05.09 18:26:11 | 001,368,464 | ---- | C] () -- C:\Windows\gdfdata.dll [2012.05.09 18:26:11 | 000,034,753 | ---- | C] () -- C:\Windows\data2.bin [2012.05.09 18:26:08 | 001,771,424 | ---- | C] () -- C:\Windows\SH_NClient.dll [2012.05.09 18:26:08 | 000,992,168 | ---- | C] () -- C:\Windows\MissionTerrain.dll [2012.05.09 18:26:08 | 000,736,160 | ---- | C] () -- C:\Windows\SimData.dll [2012.05.09 18:26:08 | 000,419,752 | ---- | C] () -- C:\Windows\grannyloader.dll [2012.05.09 18:26:08 | 000,362,904 | ---- | C] () -- C:\Windows\kernel.dll [2012.05.09 18:26:08 | 000,300,440 | ---- | C] () -- C:\Windows\Utils.dll [2012.05.09 18:26:08 | 000,181,664 | ---- | C] () -- C:\Windows\GDSScene.dll [2012.05.09 18:26:08 | 000,135,072 | ---- | C] () -- C:\Windows\DrawLib.dll [2012.05.09 18:26:08 | 000,133,544 | ---- | C] () -- C:\Windows\MissionEngine.dll [2012.05.09 18:26:08 | 000,124,328 | ---- | C] () -- C:\Windows\Plug_Behavior.dll [2012.05.09 18:26:08 | 000,117,672 | ---- | C] () -- C:\Windows\AIFramework.dll [2012.05.09 18:26:08 | 000,114,600 | ---- | C] () -- C:\Windows\GDSViewerCtrl.dll [2012.05.09 18:26:08 | 000,095,672 | ---- | C] () -- C:\Windows\PropertyUserInterface.dll [2012.05.09 18:26:08 | 000,083,368 | ---- | C] () -- C:\Windows\StateMachine.dll [2012.05.09 18:26:08 | 000,081,320 | ---- | C] () -- C:\Windows\FileManager.dll [2012.05.09 18:26:08 | 000,074,144 | ---- | C] () -- C:\Windows\MessageNet.dll [2012.05.09 18:26:08 | 000,073,136 | ---- | C] () -- C:\Windows\GoblinEditorApp.exe [2012.05.09 18:26:08 | 000,069,040 | ---- | C] () -- C:\Windows\MisTerrViewCtrl.dll [2012.05.09 18:26:08 | 000,067,000 | ---- | C] () -- C:\Windows\ScriptManagerNative.dll [2012.05.09 18:26:08 | 000,065,432 | ---- | C] () -- C:\Windows\zlib1.dll [2012.05.09 18:26:08 | 000,051,624 | ---- | C] () -- C:\Windows\SH_NProtocol.dll [2012.05.09 18:26:08 | 000,039,328 | ---- | C] () -- C:\Windows\property.dll [2012.05.09 18:26:08 | 000,033,696 | ---- | C] () -- C:\Windows\Plug_Zones.dll [2012.05.09 18:26:08 | 000,031,656 | ---- | C] () -- C:\Windows\Plug_Commons.dll [2012.05.09 18:26:08 | 000,023,464 | ---- | C] () -- C:\Windows\LowLevelUtils.dll [2012.05.09 18:26:08 | 000,014,240 | ---- | C] () -- C:\Windows\TuningTool.dll [2012.04.01 12:06:24 | 000,000,366 | ---- | C] () -- C:\Windows\XIIIHooligans.ini [2012.03.16 18:40:45 | 000,000,680 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.16 10:39:12 | 000,150,816 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL [2012.01.16 10:39:11 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini [2011.10.19 15:10:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\@ [2011.09.14 15:58:18 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\blckdom.res [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.27 21:45:55 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.01.10 14:49:52 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll [2010.09.30 16:46:08 | 000,122,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.08.24 12:27:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.21 16:46:18 | 000,000,600 | ---- | C] () -- C:\Users\Besitzer\PUTTY.RND [2009.02.06 20:14:00 | 000,049,664 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2011.09.14 15:58:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\5025 [2012.08.04 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\AirportMadness4 [2011.05.04 16:38:10 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Amazon [2012.08.05 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Azureus [2009.02.08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools [2010.11.09 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Lite [2009.02.08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Pro [2012.08.08 18:08:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Dropbox [2011.10.01 23:48:44 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft [2011.10.01 23:48:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.06 11:33:23 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\GrabPro [2009.02.22 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Helios [2012.02.23 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ [2011.09.14 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\kock [2010.03.13 20:09:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech [2010.09.29 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LolClient [2012.03.05 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org [2012.05.27 13:58:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Orbit [2012.01.16 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\PDF Writer [2009.02.20 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Red Alert 3 [2012.02.16 20:48:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sony [2011.08.14 13:59:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\SpeedSim [2012.08.06 00:05:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Spotify [2010.10.11 14:35:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\temp [2011.02.27 16:29:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly [2009.02.10 17:09:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Thunderbird [2012.03.14 00:05:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Tropico 3 [2012.06.27 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client [2012.02.23 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TuneUp Software [2009.06.29 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft [2012.08.08 18:08:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\uTorrent [2011.06.22 22:00:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\wargaming.net [2010.01.05 03:06:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WordToPDF [2012.05.14 17:12:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WOTModInstaller [2012.05.14 17:12:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WoT_StartPack [2011.09.14 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\xmldm [2012.08.08 18:16:33 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.10.19 17:40:16 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D31A6BA-0F1A-4645-9F5B-77B0634D8E33}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.08.2012 18:20:39 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = E:\DOWNLOADS
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,15% Memory free
8,16 Gb Paging File | 6,99 Gb Available in Paging File | 85,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 7,54 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive D: | 358,33 Gb Total Space | 145,16 Gb Free Space | 40,51% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 8,10 Gb Free Space | 16,59% Space Free | Partition Type: NTFS
Computer Name: ***** | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = CF 5D 18 51 78 32 CD 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{80D3CFFD-4CB5-47A1-8779-11A720A9ADB2}" = HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1338
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Shop for HP Supplies" = Shop for HP Supplies
"Win2PDF_is1" = Win2PDF 7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1" = Update &1 für Spiel Men of War
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1A9C3B2E-360E-4353-8E17-312342E24194}" = Speed-Link SL-6535 USB Pad
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{203E564A-51E6-44E5-9DF9-8D0AD66E401D}" = DJ_SF_05_D2600_Software_Min
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2CBE667E-1193-47DC-852E-2CB4747C12E3}" = Blazing Angels Squadrons of WWII
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775290AD-C54E-418C-9564-A10836F42C1C}" = D2600
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D085D60-7F9B-FA8C-EA39-A4558BF7CBE9}" = AirportMadness4
"{81224655-3922-439F-BBFE-51D9D46C6F5D}" = NETGEAR MA111v2 802.11b Wireless USB Adapter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94240445-6D61-4985-B240-9027DCA7193E}_is1" = Men of War: Red Tide (Remove Only)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D58206-7E8F-41F2-BD94-85009F3AEA28}" = NWZ-E460 WALKMAN Guide
"{A89FDE8E-91B5-4A09-AB00-5F4B5207B6D9}_is1" = Airport-Tower-Simulator 2012 Version 1.0
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B89933C8-E38D-44BE-B3DB-96657D11338F}" = Hooligans - Storm over Europe
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF3E420F-2DCF-4C24-8E37-896801901031}" = Nero 7 Essentials
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.30
"AirportMadness4" = AirportMadness4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BH - RT" = Blitzkrieg Anthology: BH - RT
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DokanLibrary" = Dokan Library 0.6.0
"EA Download Manager" = EA Download Manager
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"heroes in the sky" = heroes in the sky
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"InstallShield_{81224655-3922-439F-BBFE-51D9D46C6F5D}" = NETGEAR MA111v2 802.11b Wireless USB Adapter
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"La Plata SP Gold. for Anthology" = La Plata SP Gold. for Anthology 1.00a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Natural Selection_is1" = Natural Selection 3.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"S4Uninst" = Die Siedler IV
"SopCast" = SopCast 3.2.4
"SpeedSim" = SpeedSim
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10500" = Empire: Total War
"Steam App 10600" = Empire: Total War - Special Forces Unit
"Steam App 10601" = Empire: Total War - Dahomey Amazons Unit
"Steam App 30" = Day of Defeat
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 50130" = Mafia II
"Steam App 70" = Half-Life
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tropico3" = Tropico 3 1.00
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Veoh Web Player Beta" = Veoh Web Player
"Vuze" = Vuze
"Winamp" = Winamp
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"WordToPDF_is1" = WordToPDF 2.4
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.08.2012 12:09:35 | Computer Name = Brocks | Source = WinMgmt | ID = 10
Description =
Error - 08.08.2012 12:12:59 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x7549a57d, Prozess-ID 0xea8, Anwendungsstartzeit
01cd7580aa132412.
Error - 08.08.2012 12:14:09 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x7549a57d, Prozess-ID 0xa48, Anwendungsstartzeit
01cd7580d783d4d2.
Error - 08.08.2012 12:15:14 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x7549a57d, Prozess-ID 0x304, Anwendungsstartzeit
01cd7580fe0836a2.
Error - 08.08.2012 12:16:19 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x7549a57d, Prozess-ID 0xfa0, Anwendungsstartzeit
01cd758124bfb662.
Error - 08.08.2012 12:18:27 | Computer Name = Brocks | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 08.08.2012 12:19:41 | Computer Name = Brocks | Source = WinMgmt | ID = 10
Description =
Error - 08.08.2012 12:23:05 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x7531a57d, Prozess-ID 0xf98, Anwendungsstartzeit
01cd7582135cf274.
Error - 08.08.2012 12:24:18 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x7531a57d, Prozess-ID 0xd30, Anwendungsstartzeit
01cd7582425b57b4.
Error - 08.08.2012 12:25:23 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x7531a57d, Prozess-ID 0xe78, Anwendungsstartzeit
01cd758268ded6f4.
Error - 08.08.2012 12:26:32 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x7531a57d, Prozess-ID 0xefc, Anwendungsstartzeit
01cd7582926cb7d4.
[ System Events ]
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7023
Description =
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7026
Description =
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7023
Description =
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.05.07 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 7.0.6002.18005 Besitzer :: **** [Administrator] 08.08.2012 18:39:38 mbam-log-2012-08-08 (18-42-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 220101 Laufzeit: 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000032.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) |
| Themen zu TR/ATRAPS.Gen2 gefunden |
| antivir, avira, besitzer, bho, black, conduit, converter, desktop, downloader, entfernen, error, excel, firefox, flash player, helper, home, install.exe, jdownloader, log-datei, logfile, mp3, nvidia update, plug-in, problem, realtek, registry, scan, security, server, software, storm, super, svchost.exe, teamspeak, vista, winload toolbar |
Baum-Darstellung