(2x) W32/Patched.UA TR/ATRAPS.Gen TR/ATRAPS.Gen2

tamaschi · 03.08.2012, 14:36

Liebes Trojaner-Board

Avira meldete heute mittag befall mit W32/Patched.UA, und seit dem TR/ATRAPS.GEN und TR/ATRAPS.GEN2. Entfernen macht Avira (wie bekannt) nicht.

Habe die Biester also auch erwischt, mache gerade malware-Scan, und würde mich ganz gerne an den Versuch einer Entfernung mit anhängen. (Bin ja heute nicht die Einzige).

Hat schon jemand die Biester entfernt, ohne das System neu aufzusetzen?

Viele Grüße und vielen Dank,

Tamaschi

tamaschi · 05.08.2012, 09:35

Hallo trojaner-board,

bin weiterhin auf der Suche nach der Malware.

Ursprung war, dass AVIRA die in der Überschrift genannten angezeigt hat.

Ich habe inzwischen mehrere Scans mit Malwarebytes durchgeführt mit folgenden unterschiedlichen Ergebnissen:

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
... :: NEUPUNKT [Administrator]

03.08.2012 15:36:09
mbam-log-2012-08-03 (15-36-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 572642
Laufzeit: 4 Stunde(n), 33 Minute(n), 22 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\...\AppData\Local\Temp\Temp1_wirelessnetview.zip\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\...\Downloads\SoftonicDownloader_fuer_fresh-diagnose.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\...\Downloads\wirelessnetview\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
... :: NEUPUNKT [Administrator]

03.08.2012 20:39:45
mbam-log-2012-08-03 (20-39-45).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\Windows\Installer\{ffcad002-b30e-f76d-b82a-4c5230098d00}\U\800000cb.@|)
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 1 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
... :: NEUPUNKT [Administrator]

04.08.2012 19:18:33
mbam-log-2012-08-04 (19-18-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 844716
Laufzeit: 1 Stunde(n), 40 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
H:\Neuste Treiber\No23Player.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
... :: NEUPUNKT [Administrator]

04.08.2012 21:45:04
mbam-log-2012-08-04 (21-45-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 848389
Laufzeit: 6 Stunde(n), 4 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Bei Avira und dann bei Desinfec't Avira wurden gestern abend trojaner gefunden und umbenannt: (Ich weiß nicht, wie ich da noch an den Log komme)

TR/Agent.94208.101 in C:\Users\...\laxzyldodalp.exe
TR/Agent.94208.101 in C:\Users\...\AppData\Local\Temp\1225088269.exe
TR/ATRAPS.Gen in C:\Windows\Installer\{ffcad002-b30e-f76d-b82a-4c5230098d00}\U\800000000.@
TR/ATRAPS.Gen2 in C:\Windows\Installer\{ffcad002-b30e-f76d-b82a-4c5230098d00}\U\8000000cb.@
TR/ATRAPS.Gen2 in C:\Users\...\AppData\Local\{ffcad002-b30e-f76d-b82a-4c5230098d00}\n
W32/Patched.UA in C:\Windows\System32\services.exe

Wie kann ich prüfen, ob mein System jetzt sauber ist (bis auf die durch avira umbenannten files, bei deren Überprüfung Avira natürlich weiterhin anschlägt?

Hier noch der OTL-Scan:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.08.2012 10:38:55 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\...\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 54,79% Memory free
7,50 Gb Paging File | 4,21 Gb Available in Paging File | 56,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 253,81 Gb Total Space | 106,54 Gb Free Space | 41,98% Space Free | Partition Type: NTFS
Drive D: | 602,83 Gb Total Space | 454,45 Gb Free Space | 75,39% Space Free | Partition Type: NTFS
Drive H: | 111,79 Gb Total Space | 79,83 Gb Free Space | 71,41% Space Free | Partition Type: NTFS
Drive I: | 540,52 Gb Total Space | 11,13 Gb Free Space | 2,06% Space Free | Partition Type: NTFS
 
Computer Name: NEUPUNKT | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\...\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Mobile Master\MMAgent.exe (Jumping Bytes)
PRC - C:\Program Files (x86)\Mobile Master\MMScan.exe (Jumping Bytes)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Users\...\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Program Files (x86)\SnugTV\SnugTV Station\QuickStart.exe (AVerMedia Technologies, Inc. )
PRC - C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe (AVerMedia Technologies, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Users\...\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Users\...\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Multimedia Card Reader(6362)\ShwiconXP6362.exe (Alcor Micro Corp.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (IBM)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\wcore12.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\wgui12.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\wsteu12.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\rsguiwinapi47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\rscorewinapi47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\wauff12.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\rsodbc47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\rsdcom47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\wfvie12.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\wreli12.dll ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtSqlrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtCLuceners47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\phononrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtWebKitrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtTestrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtScriptrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtSvgrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtGuirs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\Qt3Supportrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtNetworkrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtXmlrs47.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2012\QtCorers47.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\SnugTV\SnugTV Station\AmaError.dll ()
MOD - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
MOD - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
SRV - (SnugTV Service) -- C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe (AVerMedia Technologies, Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (AVerUpdateServer) -- C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
SRV - (sesvc) -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (NitroReaderDriverReadSpool) -- C:\Programme\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software)
SRV - (SynoDrService) -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe ()
SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (BsHelpCS) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe (SiSoftware)
SRV - (Multi-user Cleanup Service) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Diagnostics) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (IBM)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (vidsflt53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (ui11rdr) -- C:\Windows\SysNative\drivers\ui11rdr.SYS (1&1 Internet AG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (AVerAF35) -- C:\Windows\SysNative\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\drivers\VCommMgr.sys (IVT Corporation.)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\drivers\btnetBus.sys ()
DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\drivers\IvtBtBus.sys (IVT Corporation.)
DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\drivers\BtHidBus.sys (IVT Corporation.)
DRV:64bit: - (VComm) -- C:\Windows\SysNative\drivers\VComm.sys (IVT Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (BT) -- C:\Windows\SysNative\drivers\btnetdrv.sys (IVT Corporation.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 29 B8 52 6F 71 CD 01  [binary data]
IE - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..\SearchScopes\{7F8B949D-E069-4A94-9112-EBDF7C0D1E6A}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.1
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1b1
FF - prefs.js..network.proxy.http: "www-cache.ub.uni-heidelberg.de"
FF - prefs.js..network.proxy.http_port: 8080
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.01.20 09:51:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.20 12:48:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 22:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.20 12:48:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 11:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.20 12:48:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files (x86)\Mobile Master\ext\1\ [2012.06.20 07:55:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 22:45:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.20 12:48:09 | 000,000,000 | ---D | M]
 
[2011.02.01 14:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2010.02.07 01:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.02.01 14:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.08.03 14:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\pgmb3gr7.default\extensions
[2012.03.19 11:47:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\pgmb3gr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.03 11:46:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\pgmb3gr7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.03 14:26:40 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\pgmb3gr7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.08.11 07:40:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\pgmb3gr7.default\extensions\DeviceDetection@logitech.com
[2012.06.15 10:01:24 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\pgmb3gr7.default\extensions\toolbar@ask.com
[2012.07.08 12:25:17 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\pgmb3gr7.default\extensions\zotero@chnm.gmu.edu
[2012.05.10 09:15:54 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\pgmb3gr7.default\extensions\zoteroWinWordIntegration@zotero.org
[2011.01.22 17:33:13 | 000,002,036 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\pgmb3gr7.default\searchplugins\alle-preise---guenstigerde.xml
[2012.04.07 14:55:27 | 000,002,306 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\pgmb3gr7.default\searchplugins\askcomsearch.xml
[2011.02.06 18:12:03 | 000,002,122 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\pgmb3gr7.default\searchplugins\chip-online-suche.xml
[2012.03.04 12:29:18 | 000,001,853 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\pgmb3gr7.default\searchplugins\idealode.xml
[2012.02.15 19:03:18 | 000,002,422 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\pgmb3gr7.default\searchplugins\s-amazon-byskipity-de.xml
[2012.01.23 14:33:37 | 000,002,135 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\pgmb3gr7.default\searchplugins\s-amazon-de.xml
[2011.01.23 13:47:32 | 000,001,216 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\pgmb3gr7.default\searchplugins\xing---powering-relationships.xml
[2012.02.13 10:38:20 | 000,002,057 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\pgmb3gr7.default\searchplugins\youtube-videosuche.xml
[2012.05.08 07:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.20 12:48:01 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012.07.12 08:20:19 | 000,324,289 | ---- | M] () (No name found) -- C:\USERS\...\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PGMB3GR7.DEFAULT\EXTENSIONS\{F759CA51-3A91-4DD1-AE78-9DB5EEE9EBF0}.XPI
[2011.05.08 14:56:40 | 000,005,776 | ---- | M] () (No name found) -- C:\USERS\...\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PGMB3GR7.DEFAULT\EXTENSIONS\ZOTBIBLIOSWITCHLOCAL@SOMWHERE.ORG.XPI
[2012.07.19 22:45:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.02.08 14:47:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\altnpFoxitReaderPlugin.dll
[2010.10.12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.10.12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.10.12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.10.12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012.04.12 16:20:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010.10.12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012.01.15 17:14:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.15 17:14:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.15 17:14:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 17:14:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 17:14:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 17:14:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\...\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ShwiconXP6362] C:\Program Files (x86)\Multimedia Card Reader(6362)\ShwiconXP6362.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [1&1_1&1 Upload-Manager] C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [Akamai NetSession Interface] C:\Users\...\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [laxzyldodalp] C:\Users\...\laxzyldodalp.exe File not found
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [MMAgent] C:\Program Files (x86)\Mobile Master\MMAgent.exe (Jumping Bytes)
O4 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Juice.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O15 - HKU\S-1-5-21-849740073-1733581738-3877750380-1001\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player (ELECO Software GmbH))
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CFF5030-68DE-4214-AE57-42796249F1B3}: DhcpNameServer = 192.168.123.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C784FE3-50D2-4998-8AC6-6D22E745B2D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A264A9D-B64B-446F-94AB-8A09B9F52E05}: DhcpNameServer = 192.168.123.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\...\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.29 11:20:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{a2edeffe-1113-11e0-89a6-001a4f9ef23d}\Shell - "" = AutoRun
O33 - MountPoints2\{a2edeffe-1113-11e0-89a6-001a4f9ef23d}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.05 09:54:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.08.04 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.04 22:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.08.03 20:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.08.03 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\...\Virus-Logs
[2012.08.03 15:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.03 15:28:05 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes
[2012.08.03 15:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.03 15:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.03 15:27:25 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.03 15:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.03 14:27:52 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\QuickScan
[2012.08.03 14:04:52 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2012.08.03 14:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.07.12 15:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.12 15:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.12 15:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.07.12 03:03:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:03:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:03:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:03:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:03:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:03:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:03:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:03:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:03:36 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:03:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:03:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:03:35 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 03:03:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 15:39:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 15:39:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 15:39:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 15:39:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:39:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012.08.05 10:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 09:28:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 22:11:42 | 000,003,205 | ---- | M] () -- C:\Users\...\Desktop\Sophos Virus Removal Tool.lnk
[2012.08.04 21:40:09 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 21:40:09 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 21:30:10 | 000,001,151 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012.08.04 21:30:05 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-Neupunkt-....job
[2012.08.04 21:29:51 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 15:27:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.03 12:40:34 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2012.08.03 12:25:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 12:25:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.27 09:31:30 | 000,001,028 | ---- | M] () -- C:\Windows\BRCALIB.INI
[2012.07.19 17:23:57 | 000,000,105 | ---- | M] () -- C:\Windows\ParrotFlashWiz.INI
[2012.07.17 14:01:23 | 000,107,314 | ---- | M] () -- D:\Users\...\Documents\Fortbildungsausweis.pdf
[2012.07.12 03:33:58 | 005,336,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 14:26:44 | 002,322,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.10 14:26:44 | 000,695,012 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.07.10 14:26:44 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.10 14:26:44 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.10 14:26:44 | 000,130,722 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.07.10 14:26:44 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.10 14:26:44 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.10 09:10:44 | 000,002,066 | -H-- | M] () -- D:\Users\...\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012.08.04 22:11:42 | 000,003,205 | ---- | C] () -- C:\Users\...\Desktop\Sophos Virus Removal Tool.lnk
[2012.08.03 15:27:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 14:01:23 | 000,107,314 | ---- | C] () -- D:\Users\...\Documents\Fortbildungsausweis.pdf
[2012.05.01 12:46:56 | 000,000,060 | R--- | C] () -- C:\Program Files (x86)\BRINST.INI
[2012.04.28 12:26:14 | 000,000,105 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2012.04.20 08:49:41 | 000,000,128 | ---- | C] () -- C:\Users\...\AppData\Roaming\Sandra.ldb
[2012.04.15 15:15:58 | 011,542,528 | ---- | C] () -- C:\Users\...\AppData\Roaming\Sandra.mdb
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.04 15:41:24 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2012.03.04 15:41:24 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2012.03.04 15:41:11 | 000,614,400 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2012.03.04 15:41:11 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2012.03.04 15:41:11 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2012.03.04 15:41:11 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2012.03.04 15:41:11 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2012.03.04 15:41:11 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2012.03.04 15:41:11 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2012.02.07 15:14:06 | 000,001,096 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.02.07 15:14:06 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.02.07 15:13:47 | 000,001,028 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2012.02.07 15:09:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.02.07 15:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.02.07 15:09:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.02.07 15:09:08 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.10.30 20:23:22 | 000,000,132 | ---- | C] () -- C:\Users\...\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.23 17:14:44 | 000,000,132 | ---- | C] () -- C:\Users\...\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.09.28 09:11:17 | 000,000,132 | ---- | C] () -- C:\Users\...\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.16 10:04:23 | 000,007,606 | ---- | C] () -- C:\Users\...\AppData\Local\Resmon.ResmonCfg
[2011.04.21 15:05:16 | 000,000,218 | ---- | C] () -- C:\Users\...\AppData\Local\recently-used.xbel
[2011.03.25 19:42:01 | 000,029,184 | ---- | C] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.04 12:22:56 | 000,003,263 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2011.01.04 12:22:45 | 000,000,125 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011.01.04 12:18:28 | 000,005,063 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011.01.04 12:18:26 | 000,000,089 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011.01.04 12:07:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2011.01.03 19:38:45 | 000,000,702 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.03 11:54:59 | 000,001,098 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2011.01.02 15:49:24 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.02.07 01:06:13 | 000,000,680 | RHS- | C] () -- C:\Users\...\ntuser.pol
 
========== LOP Check ==========
 
[2012.04.20 14:50:13 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\1&1
[2012.05.03 07:31:51 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ControlCenter4
[2012.04.20 14:50:13 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Mobile Master
[2011.09.19 07:34:40 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird
[2011.04.22 09:45:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\1&1
[2012.03.04 17:31:46 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\3E40401C-3A84-428E-933F-33C78DC4029D
[2012.03.04 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Acronis
[2012.04.12 16:32:28 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Amazon
[2011.01.30 17:13:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Autodesk
[2011.09.27 16:42:12 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\AVM
[2011.01.03 19:43:57 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Buhl Data Service
[2011.02.24 16:49:42 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Canon
[2011.12.18 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.14 20:07:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.01 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ControlCenter4
[2011.12.03 21:46:25 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\domino
[2011.01.08 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Downloaded Installations
[2012.03.19 11:47:12 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoft
[2012.03.19 11:47:05 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.07 15:26:23 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\e-academy Inc
[2012.03.03 12:41:02 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\EndNote
[2011.04.22 05:05:49 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\FileZilla
[2010.02.08 14:48:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Foxit
[2011.01.28 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Foxit Software
[2011.01.04 12:13:02 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\FRITZ!
[2012.05.08 08:07:56 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.03.05 12:22:36 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\GlarySoft
[2011.01.28 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ICAClient
[2011.04.17 13:36:53 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ImgBurn
[2011.08.07 13:52:59 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\iPodder
[2012.06.20 07:52:49 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Jumping Bytes
[2010.08.06 10:24:41 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Leadertech
[2012.06.20 07:55:53 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Mobile Master
[2012.06.17 13:46:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Nitro PDF
[2012.06.17 13:47:22 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Nokia
[2012.02.07 15:24:16 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Nuance
[2010.02.07 01:21:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\OpenOffice.org
[2011.01.20 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PC Suite
[2012.05.08 07:32:33 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PC-FAX TX
[2011.12.18 15:50:48 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ProtectDisc
[2012.08.03 19:25:07 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\QuickScan
[2011.08.17 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\RavensburgerTipToi
[2010.02.07 01:10:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Thunderbird
[2011.02.01 14:50:01 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TomTom
[2012.03.06 18:12:29 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\www.shadowexplorer.com
[2012.02.07 15:24:23 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Zeon
[2012.08.03 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\Verwalter\AppData\Roaming\1&1
[2012.08.03 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\Verwalter\AppData\Roaming\ControlCenter4
[2012.08.03 13:26:41 | 000,000,000 | ---D | M] -- C:\Users\Verwalter\AppData\Roaming\Mobile Master
[2010.02.06 23:31:33 | 000,000,000 | ---D | M] -- C:\Users\Verwalter\AppData\Roaming\OpenOffice.org
[2010.02.06 23:19:50 | 000,000,000 | ---D | M] -- C:\Users\Verwalter\AppData\Roaming\Thunderbird
[2012.04.15 14:32:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.04 21:30:05 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\Synology Data Replicator 3-Neupunkt-....job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Welche Scans braucht Ihr, um helfen zu können? Die Anleitungen sind etwas widersprüchlich.

Vielen Dank und beste Grüße,

tamaschi

cosinus · 07.08.2012, 14:32

Hier gehts weiter, ein Strang reicht! => http://www.trojaner-board.de/121469-...l-sperren.html

07.08.2012, 14:32	#3
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	(2x) W32/Patched.UA TR/ATRAPS.Gen TR/ATRAPS.Gen2 Hier gehts weiter, ein Strang reicht! => http://www.trojaner-board.de/121469-...l-sperren.html __________________ __________________

(2x) W32/Patched.UA TR/ATRAPS.Gen TR/ATRAPS.Gen2

Mülltonne: (2x) W32/Patched.UA TR/ATRAPS.Gen TR/ATRAPS.Gen2