Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Tr/atraps.gen(2)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.08.2012, 16:26   #1
Rajukar
 
Tr/atraps.gen(2) - Standard

Tr/atraps.gen(2)



Hallo Leute,

folgendes Problem: Avira meldet mir im minutentakt "TR/ATRAPS.GEN" & "TR/ATRAPS.GEN2".
Habe mich hier im Forum ein wenig umgeschaut und dementsprechend mal Malwarebytes, OTL, Eset & AdwCleaner durchlaufen lassen, logs dazu sind am Ende gepostet.

Außerdem eine Email übers Uni Netzwerk gekriegt, dass von meiner Adresse aus Spam Mails verschickt werden würden. Und jetzt grad noch festgestellt, dass ich keinerlei Zugriff mehr auf die (deaktivierte) Firewall bzw das gesamte Sicherheitszentrum hab.
Muss ich den gesamten Rechner neu aufsetzen oder lässt sich da noch was retten?

Danke für alle Hilfe!
Gruß Raju

Log Malwarebytes:
(nur 1 Durchlauf gemacht)

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.14.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Miriam :: MIRISMASTER [Administrator]

14.08.2012 11:00:15
mbam-log-2012-08-14 (13-53-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419971
Laufzeit: 2 Stunde(n), 42 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Miriam\AppData\Local\Temp\DATAB6C.tmp.exe (Trojan.Phex.THAGen6) -> 748 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SYSTEM\CurrentControlSet\Services\cmsqsmrfo (Trojan.Phex.THAGen6) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Miriam\AppData\Local\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\n. -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Miriam\AppData\Local\Temp\DATAB6C.tmp.exe (Trojan.Phex.THAGen6) -> Keine Aktion durchgeführt.
C:\Users\Miriam\AppData\Local\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\n (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Miriam\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\n (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Keine Aktion durchgeführt.

(Ende)
         

Log OTL:
Code:
ATTFilter
OTL logfile created on: 14.08.2012 11:03:56 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Miriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 55,49% Memory free
7,18 Gb Paging File | 5,66 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 54,98 Gb Free Space | 19,26% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,38 Gb Free Space | 53,77% Space Free | Partition Type: NTFS
 
Computer Name: MIRISMASTER | User Name: Miriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Miriam\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Miriam\AppData\Local\Temp\DATAB6C.tmp.exe (YUAN)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\Miriam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\pmxmiced.exe (Primax Electronics Ltd.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (cmsqsmrfo) -- C:\Users\Miriam\AppData\Local\Temp\DATAB6C.tmp.exe (YUAN)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\RWTH OpenVPN Client\bin\openvpnserv.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (a7oqvtyo) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsmux) -- C:\Windows\System32\drivers\acsmux.sys (Cisco Systems, Inc.)
DRV - (acsint) -- C:\Windows\System32\drivers\acsint.sys (Cisco Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{BD73B2FC-78E0-4A61-96C5-12592156287F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{BD73B2FC-78E0-4A61-96C5-12592156287F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=5080715
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=&src=crm&q={searchTerms}&locale=
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\SearchScopes\{59CBAE86-8909-4068-8CC0-4AA6C77C11F8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7DDDE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=dEQCdMJvuJIRIV23LUP4N3yeeIA?q={searchTerms}
IE - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Google.de"
FF - prefs.js..browser.search.order.2: "Google.de"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Miriam\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.15 00:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 11:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 23:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 11:00:19 | 000,000,000 | ---D | M]
 
[2009.04.02 19:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miriam\AppData\Roaming\mozilla\Extensions
[2012.07.27 13:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miriam\AppData\Roaming\mozilla\Firefox\Profiles\b0zuo8th.default\extensions
[2010.04.27 22:29:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miriam\AppData\Roaming\mozilla\Firefox\Profiles\b0zuo8th.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.14 19:47:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Miriam\AppData\Roaming\mozilla\Firefox\Profiles\b0zuo8th.default\extensions\ich@maltegoetz.de
[2009.04.03 01:41:56 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\Miriam\AppData\Roaming\mozilla\Firefox\Profiles\b0zuo8th.default\extensions\passwordbank@upek.com
[2009.11.27 03:14:30 | 000,002,255 | ---- | M] () -- C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\b0zuo8th.default\searchplugins\askcom.xml
[2010.12.11 01:18:33 | 000,000,950 | ---- | M] () -- C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\b0zuo8th.default\searchplugins\icqplugin-1.xml
[2010.04.14 23:00:09 | 000,000,944 | ---- | M] () -- C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\b0zuo8th.default\searchplugins\icqplugin.xml
[2012.03.23 14:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.27 13:58:16 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\MIRIAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B0ZUO8TH.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.18 23:38:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.09 17:34:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.28 10:59:46 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.17 23:49:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 23:49:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 23:49:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 23:49:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 23:49:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 23:49:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Miriam\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3681471453-34896410-4230670912-1001..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-3681471453-34896410-4230670912-1001..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3681471453-34896410-4230670912-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Miriam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3681471453-34896410-4230670912-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.130.4.1 134.130.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2105CA58-10D0-49B7-8AC8-FDDBEB69F998}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCFFD32E-361C-4908-B139-6D132BECCC60}: DhcpNameServer = 134.130.4.1 134.130.5.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -  File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite QL\psqlpwd.dll) - C:\Programme\Protector Suite QL\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.14 10:59:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.13 19:11:57 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\Malwarebytes
[2012.08.13 19:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.13 19:11:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.13 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.13 19:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.08.14 10:59:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.14 10:54:22 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.14 10:54:22 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.14 10:52:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 10:52:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 10:52:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.14 10:52:19 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.14 10:11:05 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.13 23:51:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.11 19:01:57 | 000,140,827 | ---- | M] () -- C:\Windows\System32\drivers\str.sys
[2012.08.11 17:33:07 | 326,750,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.09 19:29:24 | 000,241,152 | ---- | M] () -- C:\Users\Miriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.04 02:02:29 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.04 02:02:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.04 02:02:29 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.04 02:02:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.03 17:51:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.03 17:51:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.08.13 23:59:20 | 000,001,712 | ---- | C] () -- C:\Users\Miriam\AppData\Local\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\U\00000001.@
[2012.08.11 19:02:21 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\U\800000cb.@
[2012.08.11 19:02:21 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\U\80000000.@
[2012.08.11 19:02:20 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\U\00000001.@
[2012.08.11 19:01:56 | 000,140,827 | ---- | C] () -- C:\Windows\System32\drivers\str.sys
[2012.05.11 18:42:36 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2012.01.11 19:14:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\@
[2012.01.11 19:14:13 | 000,002,048 | -HS- | C] () -- C:\Users\Miriam\AppData\Local\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\@
[2011.05.09 20:37:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\pv_c3.exe
[2011.04.14 20:34:58 | 000,000,284 | ---- | C] () -- C:\Users\Miriam\Mukke.lnk
[2011.01.29 21:47:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.20 14:09:38 | 000,090,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.09.28 22:51:52 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.15 14:16:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.08 15:35:41 | 000,008,828 | ---- | C] () -- C:\Users\Miriam\AppData\Local\de.ini
[2009.04.14 20:12:09 | 000,000,680 | ---- | C] () -- C:\Users\Miriam\AppData\Local\d3d9caps.dat
[2009.03.14 15:57:00 | 000,004,776 | ---- | C] () -- C:\Users\Miriam\AppData\Roaming\wklnhst.dat
[2008.07.25 01:02:51 | 000,241,152 | ---- | C] () -- C:\Users\Miriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.17 13:31:50 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.17 01:38:57 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2011.04.30 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Bentley
[2012.05.21 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\BitTorrent
[2012.05.24 13:35:54 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Canon
[2010.08.07 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\DAEMON Tools Lite
[2012.08.14 10:55:37 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Dropbox
[2012.05.07 18:28:57 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\ICQ
[2010.09.12 17:58:19 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\LolClient
[2012.05.24 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\LolClient2
[2011.08.10 13:01:51 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Nokia
[2012.01.10 23:01:22 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\OpenOffice.org
[2009.04.02 19:22:17 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Opera
[2011.08.10 11:53:27 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\OxyCube
[2011.08.09 14:50:03 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\PC Suite
[2011.05.25 17:53:46 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\PCDr
[2009.04.10 07:12:28 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Protector Suite
[2012.05.11 18:42:29 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\ScanSoft
[2009.03.14 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Template
[2011.07.08 20:42:57 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\TIPP10
[2012.05.20 16:15:31 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\TrueCrypt
[2010.03.31 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Ubisoft
[2010.02.19 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\WeBrandes
[2012.08.14 10:11:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Log OTL Extra:
Code:
ATTFilter
OTL Extras logfile created on: 14.08.2012 11:03:56 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Miriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 55,49% Memory free
7,18 Gb Paging File | 5,66 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 54,98 Gb Free Space | 19,26% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,38 Gb Free Space | 53,77% Space Free | Partition Type: NTFS
 
Computer Name: MIRISMASTER | User Name: Miriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3681471453-34896410-4230670912-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3681471453-34896410-4230670912-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23289F5E-22A4-4A09-B6F3-66651EE4A765}_is1" = OxyCube
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{57F5CC1D-2E00-4008-8CEC-EFE61B2E58AE}" = Visual Basic for Applications (R) Core - German
"{5B1F04DA-0F27-45B7-96F2-37190D5E11AE}" = Cisco AnyConnect Secure Mobility Client
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E959FFF-A5CF-4CEB-A16B-E0387B59E0CB}" = AIMMS 3.10
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9098507F-E0EA-4904-9C56-14DCD222C15D}" = MicroStation V8i (SELECTseries 1) 08.11.07.171
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}" = Mouse Suite for Laptop Computers
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"209566_is1" = 2095 version 1.0
"2353 1.0" = 2353 1.0
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Arena_0" = Arena 4.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Gefährdungsanalysen Hochbauer" = Gefährdungsanalysen Hochbauer
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MG Treasure Seeker" = MG Treasure Seeker V1.01 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoFiltre" = PhotoFiltre
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 15.0" = RealPlayer
"RWTH OpenVPN Client" = RWTH OpenVPN Client 2.1_rc19c
"TIPP10_is1" = TIPP10 Version 2.1.0
"TrueCrypt" = TrueCrypt
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3681471453-34896410-4230670912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.06.2012 08:46:14 | Computer Name = MirisMaster | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 1.0.0.141 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: de0  Anfangszeit: 01cd56bda67a2227  Zeitpunkt
 der Beendigung: 211
 
Error - 08.07.2012 12:02:28 | Computer Name = MirisMaster | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: f7c  Anfangszeit: 01cd5d2283f2b9b3  Zeitpunkt
 der Beendigung: 31
 
Error - 15.07.2012 10:28:43 | Computer Name = MirisMaster | Source = Application Hang | ID = 1002
Description = Programm DivX Plus Player.exe, Version 10.3.3.10 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: f60  Anfangszeit: 01cd62960ec7ae0c  Zeitpunkt
 der Beendigung: 132
 
Error - 31.07.2012 10:22:51 | Computer Name = MirisMaster | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 31.07.2012 10:22:51 | Computer Name = MirisMaster | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2012 20:03:17 | Computer Name = MirisMaster | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 11.0.8345.0, Zeitstempel
 0x4f3c32b8, fehlerhaftes Modul WINWORD.EXE, Version 11.0.8345.0, Zeitstempel 0x4f3c32b8,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000469bf,  Prozess-ID 0x167c, Anwendungsstartzeit
 01cd742fdc310034.
 
Error - 06.08.2012 21:52:49 | Computer Name = MirisMaster | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 11.0.8345.0 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1fd8  Anfangszeit: 01cd743e4b681164  Zeitpunkt der
 Beendigung: 10
 
Error - 11.08.2012 12:23:53 | Computer Name = MirisMaster | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_270.exe, Version 
11.3.300.270, Zeitstempel 0x50198027, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541,
 Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x000665c9,  Prozess-ID
 0x1070, Anwendungsstartzeit 01cd77d73db869b9.
 
Error - 12.08.2012 17:33:26 | Computer Name = MirisMaster | Source = VSS | ID = 8194
Description = 
 
Error - 14.08.2012 04:04:29 | Computer Name = MirisMaster | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel
 0x47919370, fehlerhaftes Modul upnp.dll_unloaded, Version 0.0.0.0, Zeitstempel 
0x4791a769, Ausnahmecode 0xc0000005, Fehleroffset 0x702a2c0e,  Prozess-ID 0xe70, Anwendungsstartzeit
 01cd79f36535934e.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 14.08.2012 04:52:27 | Computer Name = MirisMaster | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 14.08.2012 04:52:27 | Computer Name = MirisMaster | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 14.08.2012 04:52:27 | Computer Name = MirisMaster | Source = acvpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
 529 Invoked Function: OpenService Return Code: 1060 (0x00000424) Description: Der 
angegebene Dienst ist kein installierter Dienst.   
 
Error - 14.08.2012 04:52:27 | Computer Name = MirisMaster | Source = acvpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
 2047 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED 
 
Error - 14.08.2012 04:52:27 | Computer Name = MirisMaster | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::CHostConfigMgr File: .\HostConfigMgr.cpp Line:
 121 Invoked Function: CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description:
 FILTERCOMMONIMPL_ERROR_UNEXPECTED 
 
Error - 14.08.2012 04:54:32 | Computer Name = MirisMaster | Source = acvpnui | ID = 67108866
Description = Function: Directory::ReadDir File: .\Utility\Directory.cpp Line: 156
Invoked
 Function: ::FindNextFile Return Code: 18 (0x00000012) Description: Es sind keine 
weiteren Dateien vorhanden.   
 
Error - 14.08.2012 04:54:32 | Computer Name = MirisMaster | Source = acvpnui | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 14.08.2012 04:54:32 | Computer Name = MirisMaster | Source = acvpnui | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 14.08.2012 04:54:32 | Computer Name = MirisMaster | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4156
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 14.08.2012 04:54:38 | Computer Name = MirisMaster | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1020 NULL object. Cannot establish a connection at this time.
 
[ Media Center Events ]
Error - 12.11.2009 16:52:03 | Computer Name = MirisMaster | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
Error - 01.01.2011 13:43:42 | Computer Name = MirisMaster | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 01.01.2011 14:50:16 | Computer Name = MirisMaster | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 07.01.2011 11:45:23 | Computer Name = MirisMaster | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 10.01.2011 11:44:41 | Computer Name = MirisMaster | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 12.01.2011 13:19:14 | Computer Name = MirisMaster | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 15.01.2011 11:32:04 | Computer Name = MirisMaster | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 15.01.2011 11:41:26 | Computer Name = MirisMaster | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
[ System Events ]
Error - 14.08.2012 04:00:11 | Computer Name = MirisMaster | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 14.08.2012 04:00:11 | Computer Name = MirisMaster | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.08.2012 04:04:16 | Computer Name = MirisMaster | Source = WMPNetworkSvc | ID = 866293
Description = 
 
Error - 14.08.2012 04:53:53 | Computer Name = MirisMaster | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 14.08.2012 04:53:53 | Computer Name = MirisMaster | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.08.2012 04:53:53 | Computer Name = MirisMaster | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 14.08.2012 04:53:53 | Computer Name = MirisMaster | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 14.08.2012 04:53:53 | Computer Name = MirisMaster | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.08.2012 04:55:27 | Computer Name = MirisMaster | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.45 für die Netzwerkkarte mit der Netzwerkadresse
 00215C407337 wurde durch den DHCP-Server 137.226.33.41 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 14.08.2012 04:55:39 | Computer Name = MirisMaster | Source = WMPNetworkSvc | ID = 866293
Description = 
 
 
< End of report >
         
Log Eset:
(Sieht im Nachhinein so aus als ob ich die Haken falsch rum gesetzt hab??? Jetzt alles im Eimer?! ^^)

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e6d693421c53bc4d8d46c9d16ee144dd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-14 01:33:11
# local_time=2012-08-14 03:33:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 9066365 9066365 0 0
# compatibility_mode=5892 16776574 66 100 241366 182478614 0 0
# compatibility_mode=8192 67108863 100 0 314 314 0 0
# scanned=243126
# found=12
# cleaned=11
# scan_time=5305
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll	a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Miriam\AppData\Local\Temp\DATAB6C.tmp.exe	a variant of Win32/Kryptik.AJZM trojan (cleaned by deleting (after the next restart))	00000000000000000000000000000000	C
C:\Users\Miriam\AppData\Local\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\n	Win32/Sirefef.EV trojan (cleaned by deleting (after the next restart) - quarantined)	00000000000000000000000000000000	C
C:\Users\Miriam\Downloads\SoftonicDownloader_fuer_gimp.exe	a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\n	Win32/Sirefef.EV trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\U\80000000.@	a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows\Installer\{fa455fc3-b3f1-933a-2a3d-d49c4b93f00d}\U\800000cb.@	probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
${Memory}	Win32/Sirefef.EV trojan	00000000000000000000000000000000	I
         
Log AdwCleaner:
Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/14/2012 at 15:36:18
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Miriam - MIRISMASTER
# Boot Mode : Normal
# Running from : C:\Users\Miriam\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Miriam\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Miriam\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Miriam\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Miriam\AppData\LocalLow\Search Settings
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\pdfforge Toolbar
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\b0zuo8th.default\searchplugins\Askcom.xml
File Found : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
File Found : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19272

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\b0zuo8th.default\prefs.js

Found : user_pref("extensions.asktb.cbid", "J7");
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Found : user_pref("extensions.asktb.first-launch-url", "hxxp://news.google.com/news/url?fd=R&sa=T&url=hxxp%3[...]
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1272316704910");
Found : user_pref("extensions.asktb.locale", "de_DE");
Found : user_pref("extensions.asktb.o", "14979");
Found : user_pref("extensions.asktb.options-lang", "de");
Found : user_pref("extensions.asktb.options-locale", "UK");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "6");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5861 octets] - [14/08/2012 15:36:18]

########## EOF - C:\AdwCleaner[R1].txt - [5989 octets] ##########
         

Alt 16.08.2012, 17:52   #2
Rajukar
 
Tr/atraps.gen(2) - Standard

Tr/atraps.gen(2)



Erledigt - kann geschlossen werden!
__________________


Alt 21.08.2012, 17:58   #3
t'john
/// Helfer-Team
 
Tr/atraps.gen(2) - Standard

Tr/atraps.gen(2)





RootKit.0Access

Neuaufgesetzt?
__________________
__________________

Alt 05.10.2012, 02:32   #4
t'john
/// Helfer-Team
 
Tr/atraps.gen(2) - Standard

Tr/atraps.gen(2)



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Tr/atraps.gen(2)
adwcleaner, antivir, appdatalow, autorun, avira, bho, desktop, document, email, error, firefox, flash player, format, google, helper, home, install.exe, intranet, logfile, mozilla, mp3, netzwerk, neu aufsetzen, ntdll.dll, pdfforge toolbar, problem, registry, rundll, scan, security, sicherheitszentrum, software, sttray.exe, trojan.phex.thagen, vista, win32/sirefef.fa



Ähnliche Themen: Tr/atraps.gen(2)


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  3. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  4. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  5. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  6. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  8. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  9. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  14. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  16. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  17. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)

Zum Thema Tr/atraps.gen(2) - Hallo Leute, folgendes Problem: Avira meldet mir im minutentakt "TR/ATRAPS.GEN" & "TR/ATRAPS.GEN2". Habe mich hier im Forum ein wenig umgeschaut und dementsprechend mal Malwarebytes, OTL, Eset & AdwCleaner durchlaufen lassen, - Tr/atraps.gen(2)...
Archiv
Du betrachtest: Tr/atraps.gen(2) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.