Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe

TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe


Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.08.2012, 21:01   #1
Markus__
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe


Hallo User,

ich habe mir offensichtlich beim Surfen einige Trojaner eingefangen und erhalte ständig Meldungen von Avira, dass ich mit TR/ATRAPS.Gen und TR.ATRAPS.Gen2 infiziert sei. Seit ganz Kurzem habe ich auch Meldungen erhalten von den Trojanern TR/Kazy.86117.1 und TR/Rogue.KD.694391.1 von Avira, mit den anderen beiden Meldungen werd ich nun in Ruhe gelassen, seltsamerweise und hab jetzt relativ lange (ca. eine Stunde) überhaupt keine Meldung mehr bekommen. Ich habe auch mal einen schnellen Scan mit Malwarebytes gemacht und als Ergebnis stand leider was von ZeroAccess und wie ich hier gelesen hab, würde das wohl heißen: System neu aufsetzen. Das nur im Vorraus, trotzdem wäre es nett, wenn ihr euch die Logs anschaut, vllt. könnt ihr mir dazu ja doch noch was Anderes sagen. Bevor ich die Logs poste, erstmal einige Sachen zum Verlauf.

Verlauf
Also, anscheinend hab ich mir die Schadsoftware beim Surfen eingefangen. Ich erhielt eigentlich zeitgleich sogar zwei Meldungen, einmal von Avira (kostenlose Version) und einmal vom systeminternen Windows Defender. Avira hat die beiden Trojaner ATRAPS/Gen und ATRAPS/Gen.2 gemeldet, vom Windows Defender weiß ich nicht mehr ganz genau, ob er diese Trojaner auch benannt hat, zumindest hat er eine "schwerwiegende" Bedrohung gemeldet. Als ich diese Meldungen bekommen hab, öffnete sich das UAC-Fenster, als ausführendes Programm gab sich Adobe aus (Flash, wenn ich mich richtig erinnere). Ich habe dies nicht zugelassen, weil es mir verdächtig vorkam. Das entsprechende UAC-Fenster tauchte allerdings immer wieder auf, ich habe aber abgelehnt. Aber permanent aufklappende UAC-Fenster stören halt, weswegen ich mich vom Benutzerkonto abgemeldet habe und wieder angemeldet habe. Windows Defender mit seinem Fenster hat da leider nicht reagiert und ich hab es beim Abmelden "gewaltsam" beendet. Tatsächlich, nach Ab- und Wiederanmeldung tauchte das Adobe-UAC-Fenster nicht mehr auf. Bei der Wiederanmeldung hat Windows Defender mich gefragt, ob einige Funktionen von explorer.exe (wohl der Windows-Explorer?) blockiert werden sollen und ich habe zugestimmt. Avira meldete allerdings immer wieder, etwa im Fünf-Minuten-Takt, die beiden Trojaner. Wenn ich mich recht erinnere, meldete Avira auch Probleme in Zusammenhang mit der explorer.exe, ein Scan der Datei hat allerdings nix ergeben (angeblich ist die Datei nicht infiziert lt. Avira). Ich habe es auch mit Neustarts versucht, Problem blieb bestehen. Jetzt habe ich, um die Logs zu erhalten, die Programme ausgeführt, die bei euch in der Anleitung stehen. Seit Kurzem meldete Avira nun die zwei weiteren Trojaner.


Weitere Auffälligkeiten
Ich habe die Meldungen auffälligerweise dann bekommen, wenn ich eine W-Lan-Verbindung hatte (aller paar Minuten). Hatte ich die Verbindung getrennt, kam iirc keine Meldung (oder viel weniger), beim Start einer Verbindung kam gleich wieder eine Meldung. Momentan hab ich trotz Verbindung schon recht lange keine Meldung mehr erhalten, das scheint zeitlich zusammenzufallen mit den neuen Trojanermeldungen (Kazy und Rogue).

Ich weiß nicht, ob das irgendeine Bewandnis hat und poste es einfach hier mal. Im Windows-Defender/Software-Explorer bei "zur Zeit ausgeführte Programme" haben die meisten Prozesse unter dem Namen "Betriebssystem Microsoft®" so ein Icon, das aussieht wie ein Fenster; bei explorer.exe findet sich hingegen ein Icon, dass dem Computer-Icon (vormals "Arbeitsplatz") ähnelt. Habe den Prozess auch einfach mal beendet, um laienhaft zu schauen, was passiert, einige Sachen, die mit diesem Prozess zusammenhingen verschwanden (z. B. Taskleiste) und tauchten wieder auf, nachdem sich der Prozess neugestartet hat. Meldungen von Avira blieben bestehen.

Logs
So, nachdem ich euch jetzt vielleicht ermüdet hab, nun die Logs.

OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.08.2012 20:24:52 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,37 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 54,71% Memory free
4,98 Gb Paging File | 3,69 Gb Available in Paging File | 74,19% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 77,38 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 352,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 20:06:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.29 15:13:46 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.11 14:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2011.07.28 23:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.17 08:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.09.19 05:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.28 22:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010.01.03 19:28:02 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll
MOD - [2010.01.03 19:28:02 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll
MOD - [2010.01.03 19:28:02 | 000,012,936 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll
MOD - [2010.01.03 19:28:00 | 000,018,056 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll
MOD - [2010.01.03 19:28:00 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll
MOD - [2010.01.03 19:28:00 | 000,013,960 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll
MOD - [2010.01.03 19:28:00 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll
MOD - [2010.01.03 19:28:00 | 000,010,376 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll
MOD - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
MOD - [2010.01.03 19:27:58 | 000,011,912 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll
MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.09 12:04:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 18:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2011.09.22 18:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.02.08 21:47:48 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.10.04 05:09:02 | 000,069,632 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.02.29 21:47:53 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.07.28 22:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.01.07 23:46:28 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.08 11:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008.10.08 11:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2008.10.01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.08.26 21:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.05.28 18:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.03 15:05:36 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE366
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE366&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=rSYXg_eRnikxcsKZWHKq1vIEWKQ?q={searchTerms}
IE - HKCU\..\SearchScopes\{F7103568-793E-4058-8BEA-7762A862D1DB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE366
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M]
 
[2010.06.08 16:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012.04.29 12:50:06 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions
[2012.04.29 12:30:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.04.29 12:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\staged
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [StrokeIt] C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24B3E122-C6A0-4BA5-87B6-4D097E6230A1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1997.04.10 00:55:32 | 000,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.12 20:06:35 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.12 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.12 19:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.12 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.12 19:59:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.12 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012.07.22 10:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2012.07.22 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\***\D-Fend Reloaded
[2012.07.22 10:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2012.07.22 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eddy und Co
[2012.07.18 20:32:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Boven de Wolken_data
[2012.07.15 16:08:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skat-Online
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 20:23:58 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.08.12 20:21:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.12 20:07:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\04d9n2x1.exe
[2012.08.12 20:06:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.12 20:06:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.12 19:59:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.12 19:47:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 19:47:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.12 19:46:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 19:46:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 19:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 19:46:14 | 2548,350,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.10 18:29:31 | 000,001,367 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.08.07 12:08:02 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\SCANIA Truck Driving Simulator.lnk
[2012.08.05 11:54:31 | 000,000,868 | ---- | M] () -- C:\Users\***\Desktop\Notepad++.lnk
[2012.08.04 12:37:10 | 000,002,673 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.07.31 17:22:34 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2012.07.22 10:46:14 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2012.07.18 20:32:24 | 000,003,723 | ---- | M] () -- C:\Users\***\Documents\Boven de Wolken.aup
 
========== Files Created - No Company Name ==========
 
[2012.08.12 20:21:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.12 20:07:06 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\04d9n2x1.exe
[2012.08.12 20:06:13 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.12 19:59:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 13:47:26 | 000,001,712 | ---- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\00000001.@
[2012.08.10 18:29:31 | 000,001,367 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.08.05 11:54:31 | 000,000,868 | ---- | C] () -- C:\Users\***\Desktop\Notepad++.lnk
[2012.07.22 10:46:14 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2012.07.18 20:32:24 | 000,003,723 | ---- | C] () -- C:\Users\***\Documents\Boven de Wolken.aup
[2012.06.13 19:32:33 | 000,000,054 | ---- | C] () -- C:\Windows\WELTALL.INI
[2012.01.11 20:19:34 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@
[2011.10.07 17:39:58 | 000,029,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2011.09.18 15:30:51 | 000,000,306 | ---- | C] () -- C:\Windows\FANGT.INI
[2011.08.01 10:21:01 | 000,000,116 | -H-- | C] () -- C:\Users\***\kvirc4.ini
[2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.07.03 11:51:31 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.06.01 14:10:25 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.05.08 20:05:27 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.05.08 20:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREU1.DLL
[2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREL1.DLL
[2010.12.27 11:11:47 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.25 22:19:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.25 22:19:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.11.28 12:41:18 | 000,001,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\EasyToolz.ini
[2010.10.03 12:57:15 | 000,000,000 | -H-- | C] () -- C:\Users\***\tkcon.hst
[2010.03.08 19:53:38 | 000,008,512 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.02.14 19:31:07 | 000,000,736 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.02.09 14:54:04 | 000,014,336 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.02.08 21:53:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.11.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.02.21 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2010.05.31 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\apm
[2010.04.06 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.02.08 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2011.08.13 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader
[2012.08.08 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.03.15 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.02.15 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.05.29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM
[2011.12.27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magnet's Story
[2010.05.11 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2012.08.05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.08.03 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.06.28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.25 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.02.09 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2010.05.11 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrimoPDF
[2010.12.25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.05.26 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand
[2010.02.09 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2011.05.16 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.08.09 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.02.14 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.05.31 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.02.21 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.02.10 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.07.08 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
[2012.08.11 15:45:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.08.2012 20:24:52 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,37 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 54,71% Memory free
4,98 Gb Paging File | 3,69 Gb Available in Paging File | 74,19% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 77,38 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 352,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00491F72-326D-486A-B59B-6C42742CE30C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{02D41DA6-9371-4FB9-91B8-E2AC8363BD74}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0B920991-1C35-4F3B-B14D-0926929DECE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{19FBF757-D8C7-4CF4-BF16-1E8EDDACF0C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1EDFA460-E536-40BA-93D6-92F74447FFF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2794B89D-8A51-4744-9AF0-7F9299A0BFDA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3B44C8DE-BE8E-498E-870C-A5A8BA80244C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{41A9F118-9612-4CE0-9135-22426F8888A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5F56DD90-686D-42DF-9BBC-818357A82C3E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{68E5C90F-1D42-4DFC-9A64-E7EB72CCD7C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B0FF415-2D83-4C72-8968-EFB1C21DBC77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7305B40B-F62F-443D-9BC2-9BDA1F6782A3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{86A7F893-107B-472A-9564-C3BF3BDE3217}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8B74243B-67CF-47CE-9FBF-1B30C3BAB295}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8C199A1F-05DD-4F9D-85BD-86E6D0BEFDDA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A85693B2-93AD-48B3-8C58-1A4B0BC78F9C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A97173BE-FBD7-44E4-A096-B1F5656964B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AD5B04C2-04A3-4D29-AA28-DBE9630EA330}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{B5E1ABFD-402A-4190-8247-96C7CCEA7EDB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B819FF43-4914-465B-83EE-9CF84C1C9DDD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BDB1543A-B2A6-4AA3-BAA2-74B6D7582680}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C92C3AEB-2E7F-4AFF-8DFB-BA4184A2CFE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9DC56A0-D51E-46AF-9514-FECF5BC61D86}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CD097476-2B18-4516-B98D-26299A6888E2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DAAF3E71-6E16-4AED-B4BF-8B07D6AF5B2D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E7297A5D-9973-4A10-8198-FB81DBB9DDCE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EF05170C-065E-497F-9CFE-B1A367305EB0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{F1C5E518-B6F9-4263-8568-B54320FF359F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F1E6B836-8C59-4615-B74A-C063588793A7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004AA9AB-42C8-4F3D-9256-6A7F96DD69B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{074D0620-D90E-4127-B797-0FFD8F6762C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{12A8DE98-1AD0-4C61-912A-4E76CB0F7F54}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{144B8537-F57A-49CE-BB9E-057019EACB6E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{17E3FFCF-1592-4E2B-BFD5-14DBFA6BDA7D}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{22489136-AA07-4C74-8B42-BF98F8F887E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{2707B312-68C0-4A37-8A7C-5EC2EE2494FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{29E725B3-3A92-43F4-AFAA-74EE4B37857D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{2DA67581-A7DA-4F65-B9E3-463E8042309D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{4BAAA90A-FE21-489C-8FEB-AD98F54E0F14}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{53A17D13-8E50-44ED-AC60-6C4D0F896E93}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{58C570CE-3EC4-47F8-BFC8-C2710D830DAF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6066D1BC-E83D-453C-9A13-F783C89EA3BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{62867A75-0D33-4511-A598-22E039039866}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{69738652-6541-4EF2-9D7B-E87F6CC23655}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{76A15512-CDB2-4E56-965B-E840E979EC72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7771613F-E604-45F1-9D9C-CFEEE5358ED6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{83591B4F-7440-4BF9-A322-BA6F768C3640}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{953491EB-5A23-41A0-996E-D4CC2E73A76E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{9EBB30FD-6109-4DCE-8C38-7D6285327DB5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{AAC4B0ED-56C5-428B-A5C5-3CB4A85A358C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{B9DC143B-6364-4F7E-A4D3-C43EF9EC2D6F}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{BB0E7FC6-7232-4523-915C-FF52EEC2EBDD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{C9F1ED27-7BF4-4431-B590-9DFCEA5DC605}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{DCC1AA4A-6CC6-4CA4-B2D2-667BB747B280}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{E5804014-10BC-43D9-AA51-D42DAFB56F18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EACC7E42-99F6-488E-B981-75222DCA8941}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{EDCF72F0-7279-4A6A-8E38-C1F9FA28187B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F5691DEB-18BA-4A46-82F3-DC446BD85431}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{FBBE2271-E2CD-4454-8E69-A02F6B5355E9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"TCP Query User{008C73F6-42CC-49DA-8056-2DFD0F92FA21}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{6A1E4700-F0E3-4349-9A13-54E3D77B1201}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{AC39B74B-BEDD-41B0-9F7F-653535B1B8CC}C:\users\***\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\usmt\migwiz.exe | 
"TCP Query User{D41B2A3A-EC74-4C9C-A898-C11A4F37555C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{DF0340A8-7E6C-4C71-887F-41FA86C751E6}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe | 
"UDP Query User{4D9DBE6D-3020-41B4-88AF-A77D472116B3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{913EEFFE-8126-4E2C-ACF0-E1BDB7F808BB}C:\users\***\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\usmt\migwiz.exe | 
"UDP Query User{9DB93350-D455-4B83-A9D4-3EF6D2124D52}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C9ABAD9F-378F-489E-AB43-22F0FDCA5D14}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{FE844324-1CED-4502-AD50-BAD591BDE12B}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BACCCD-A20A-B42D-94FD-97E58A7E82EF}" = ccc-utility
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}" = Gtk# for .Net 2.12.9
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{549DEC06-C480-280A-6286-8C93409A933F}" = AMD Fuel
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6989007F-5785-44C3-BD8E-BEEEF58BB304}" = Deutsch (erweitert I)  
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A180ABF7-A88F-FEB2-E94D-ED459821B86B}" = AMD Catalyst Install Manager
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = AMD VISION Engine Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DFC40BAA-67F8-4578-84FB-C6077D22BBC2}" = Deutsch (erweitert)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F737C2B0-0B9C-45F9-AEF1-BBA54AECC215}" = Deutsch (erweitert II)  
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cities XL 2011" = Cities XL 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Defraggler" = Defraggler
"D-Fend Reloaded" = D-Fend Reloaded 1.3.1 (deinstallieren)
"FeedReader_is1" = FeedReader
"Fraps" = Fraps
"GIF Animator" = Microsoft GIF Animator
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"Inkscape" = Inkscape 0.47
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Little Piano_is1" = Little Piano
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDefrag v4.2.8_is1" = MyDefrag v4.2.8
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Notepad++" = Notepad++
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Opera 11.51.1087" = Opera 11.51
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.3.2
"ST5UNST #1" = PixLin
"StrokeIt (Deutsch)" = StrokeIt (Deutsch)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tiled" = Tiled - Tiled Map Editor
"Trucks & Trailers" = Trucks & Trailers 1.00
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Magic Machines" = World of Magic Machines
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JOSM" = JOSM
"Skat-Online V9" = Skat-Online V9
"StrokeIt" = StrokeIt
"StrokeIt (Deutsch)" = StrokeIt (Deutsch)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.08.2012 06:56:45 | Computer Name = Notebook | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 10.08.2012 06:56:45 | Computer Name = Notebook | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 10.08.2012 06:58:01 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.08.2012 10:35:19 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.08.2012 13:47:46 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.08.2012 15:24:08 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.08.2012 06:01:16 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.08.2012 13:47:55 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 28.10.2010 13:27:07 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.10.2010 13:29:59 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 31.10.2010 02:17:23 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 13:10:03 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.12.2010 11:32:04 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.01.2011 12:14:27 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.02.2011 13:04:47 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 14:58:23 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3309
 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2012 16:09:33 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9812
 seconds with 6420 seconds of active time.  This session ended with a crash.
 
Error - 03.04.2012 13:25:05 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 213
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.08.2012 09:02:13 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description = 
 
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2012 09:11:58 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description = 
 
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2012 09:19:55 | Computer Name = Notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 11.08.2012 09:44:56 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description = 
 
Error - 12.08.2012 13:47:56 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.08.2012 13:47:56 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---



GMer hab ich eigentlich auch durchlaufen lassen, hatte aber keine Rootkit-Meldung und find jetzt auch irgendwie keine .txt dazu; wenn ich nochmal einen Scan machen soll, sagts mir.

Und von Malwarebytes mit ZeroAccess-Meldung ...

Zitat:
[...]

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: NOTEBOOK [Administrator]

12.08.2012 20:01:24
mbam-log-2012-08-12 (20-18-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190443
Laufzeit: 15 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n. -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\AppData\Local\Temp\6255936.exe (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Keine Aktion durchgeführt.

(Ende)
EDIT: Nachdem es so ruhig geworden ist mit Meldungen, hab ich mit Malwarebytes auch nochmal nen Suchlauf gemacht und erhalte statt vier nur noch zwei Meldungen, nämlich "nur noch" die beiden Trojan.Zaccess.

Und von Avira einige meiner Meldungen, hab mal für alle Trojaner, die mir gemeldet wurden, was rausgesucht:
Zitat:
12.08.2012 21:03 [System Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.86117.1' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Eine Exception wurde abgefangen!
Zitat:
Exportierte Ereignisse:

12.08.2012 20:19 [System Scanner] Malware gefunden
Die Datei 'C:\Users\***\AppData\Local\Temp\msimg32.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.KD.694391.1'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55d55bc2.qua'
verschoben!

Zitat:
Exportierte Ereignisse:

12.08.2012 19:48 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\80000000
.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Zitat:
Exportierte Ereignisse:

12.08.2012 19:48 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\800000cb
.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Ganz schön viel Info, vllt. könnt ihr mir ja helfen.

Markus
Geändert von Markus__ (12.08.2012 um 21:23 Uhr)

 

Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe
'tr/atraps.gen', 'tr/atraps.gen2', 7-zip, antivir, audacity, avira, bho, blockiert, error, firefox, flash player, google, google earth, home, install.exe, intranet, launch, logfile, mozilla, office 2007, plug-in, programm, prozesse, quelldatei, realtek, registry, rundll, scan, senden, server, svchost.exe, system, system neu, trojaner, trotz verbindung, usb 2.0, vista, visual studio, windows, windows-explorer


« Live Security Premium | TR/ATRAPS.Gen und Combofix »


Ähnliche Themen: TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  3. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  4. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  5. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  6. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  7. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  8. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  9. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  10. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  11. Probleme mit T/ATRAPS.GEN2 und T/ATRAPS.GEN
    Log-Analyse und Auswertung - 09.07.2012 (1)
  12. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  13. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  14. Ich habe zwei Probleme TR/ATRAPS.Gen TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (9)
  15. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  16. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  17. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe - Hallo User, ich habe mir offensichtlich beim Surfen einige Trojaner eingefangen und erhalte ständig Meldungen von Avira, dass ich mit TR/ATRAPS.Gen und TR.ATRAPS.Gen2 infiziert sei. Seit ganz Kurzem habe ich - TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe...
Archiv
Du betrachtest: TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19