Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen

TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen


Log-Analyse und Auswertung: TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.01.2012, 09:48   #1
diewithgrace
 
TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen - Standard

TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen


Eigentlich ein "Spiel + Lern" - Laptop ... aber gestern/vorgestern hagelte es Probleme.

"Sehen" kann (konnte) ich selbst nur die Aktivität des TR/ATRAPS.Gen2 (also das medaishift-problem im FF), es soll jedoch auch noch eine Umleitung Google -> Pornoseiten dabei gewesen sein. Habe ich nicht selbst gesehen.

Ich kann nicht ausschließen, dass der Älteste nicht schon einen Avira-Scan + Clean hat laufen lassen.

Windows Defender meldet "ungültiges Handle" (ach) und die Windows-FW lässt sich nicht ansprechen. Laptop hängt zur Zeit nicht am Netz

1. Durchlauf Anti-Malware - Rechner lief nur im abgesicherten Modus
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.14.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
Admin :: ZUHAUSE [Administrator]

15.01.2012 00:27:34
mbam-log-2012-01-15 (00-27-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372510
Laufzeit: 36 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Windows\System32\wanminiportservice.dll (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
2. Durchlauf <- normal gestartet
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.14.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Admin :: ZUHAUSE [Administrator]

15.01.2012 08:09:57
mbam-log-2012-01-15 (08-09-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373997
Laufzeit: 55 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL - Scan nach 2. Durchlauf:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 15.01.2012 09:14:45 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 72,98% Memory free
6,19 Gb Paging File | 5,43 Gb Available in Paging File | 87,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 7,62 Gb Free Space | 17,33% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 234,33 Gb Free Space | 95,13% Space Free | Partition Type: NTFS
 
Computer Name: ZUHAUSE | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - D:\OTL.exe (OldTimer Tools)
PRC - D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Users\Martina\AppData\Local\Apps\2.0\QLA84AJ5.ETQ\E8V1HYA0.4J1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sony_ssm.sys) --  File not found
SRV - (atinrvxx) --  File not found
SRV - (AntiVirWebService) -- D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirService) -- D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msi.com.tw
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msi.com.tw
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1874314364-3078492171-4014367394-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Application\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Application\Mozilla Firefox\components [2012.01.09 15:03:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Application\Mozilla Firefox\plugins [2012.01.11 20:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Application\Mozilla Thunderbird\components [2012.01.08 18:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Application\Mozilla Thunderbird\plugins
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1874314364-3078492171-4014367394-1000..\Run: [AVMUSBFernanschluss] C:\Users\Admin\AppData\Local\Apps\2.0\TR4YWZCO.QLX\W9VLWWHR.MJ4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1874314364-3078492171-4014367394-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1874314364-3078492171-4014367394-1003..\Run: [AVMUSBFernanschluss] C:\Users\Martina\AppData\Local\Apps\2.0\QLA84AJ5.ETQ\E8V1HYA0.4J1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1874314364-3078492171-4014367394-1003..\Run: [Facebook Update] C:\Users\Martina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1874314364-3078492171-4014367394-1003..\Run: [Firefox helper] C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\firefox.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Admin\Anwendungsdaten [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\AppData [2009.11.18 20:05:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Admin\Contacts [2010.01.07 23:37:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Cookies [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Desktop [2009.12.23 15:58:28 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Documents [2010.02.13 09:22:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Downloads [2011.01.03 17:18:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Druckumgebung [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Eigene Dateien [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Favorites [2009.11.18 20:18:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Links [2006.11.02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Lokale Einstellungen [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Music [2010.02.13 09:22:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Netzwerkumgebung [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\NTUSER.DAT ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{976c1e1a-8f87-11e0-813f-0021855466b9}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{976c1e1a-8f87-11e0-813f-0021855466b9}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{976c1e1a-8f87-11e0-813f-0021855466b9}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\ntuser.ini ()
O4 - Startup: C:\Users\Admin\Pictures [2010.02.13 09:22:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Recent [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Saved Games [2010.07.27 20:09:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Admin\Searches [2010.01.08 15:07:06 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\SendTo [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Startmenü [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Videos [2010.02.13 09:22:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Vorlagen [2009.11.18 20:01:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Adobe [2010.10.23 13:42:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.05.14 16:53:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011.05.14 16:56:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Avira [2012.01.11 19:54:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\bBcOo01804 [2011.01.12 15:03:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CanonBJ [2011.01.03 17:21:54 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\EPSON [2012.01.11 19:38:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favoriten [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2012.01.14 10:14:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2011.01.03 14:55:31 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2011.01.03 14:57:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA [2009.11.18 22:33:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2012.01.15 00:19:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.07.14 15:20:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006.11.02 14:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.05.14 16:56:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2006.11.02 12:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006.11.02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009.11.18 19:58:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006.11.02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2006.11.02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006.11.02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006.11.02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006.11.02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006.11.02 11:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006.11.02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006.11.02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2009.11.18 19:58:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\Anwendungsdaten [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\AppData [2009.11.19 17:55:46 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Fini\Contacts [2009.11.19 17:55:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Cookies [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\Desktop [2011.05.14 15:29:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Downloads [2012.01.10 22:09:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Druckumgebung [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\Eigene Dateien [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\Favorites [2009.11.19 17:55:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Links [2009.11.19 17:55:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Lokale Einstellungen [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\Music [2011.05.14 16:57:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Netzwerkumgebung [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\NTUSER.DAT ()
O4 - Startup: C:\Users\Fini\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Fini\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Fini\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Fini\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Fini\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Fini\ntuser.ini ()
O4 - Startup: C:\Users\Fini\Pictures [2011.05.16 18:47:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Recent [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\Saved Games [2011.03.26 16:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Searches [2009.11.19 17:55:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\SendTo [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\Startmenü [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fini\Videos [2010.02.13 09:26:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fini\Vorlagen [2009.11.19 17:55:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\Anwendungsdaten [2009.11.19 20:26:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\AppData [2009.11.19 20:27:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Martina\Contacts [2009.11.19 20:26:52 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Cookies [2009.11.19 20:26:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\Desktop [2011.02.15 13:09:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Documents [2012.01.12 13:27:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Downloads [2012.01.14 22:37:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Druckumgebung [2009.11.19 20:26:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\Eigene Dateien [2009.11.19 20:26:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\Favorites [2011.07.01 20:28:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Links [2009.11.19 20:27:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Lokale Einstellungen [2009.11.19 20:26:45 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\Music [2011.05.16 18:43:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Netzwerkumgebung [2009.11.19 20:26:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\NTUSER.DAT ()
O4 - Startup: C:\Users\Martina\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Martina\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Martina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Martina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Martina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Martina\ntuser.ini ()
O4 - Startup: C:\Users\Martina\Pictures [2011.05.16 18:52:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Recent [2009.11.19 20:26:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\Saved Games [2009.11.21 20:16:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Searches [2009.11.19 20:27:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\SendTo [2009.11.19 20:26:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\Startmenü [2009.11.19 20:26:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Martina\Videos [2009.11.19 20:27:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Martina\Vorlagen [2009.11.19 20:26:45 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2012.01.14 22:08:21 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009.11.18 19:58:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006.11.02 13:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006.11.02 11:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006.11.02 13:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\photo.php-Dateien [2011.09.17 20:27:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\photo.php.htm ()
O4 - Startup: C:\Users\Public\Pictures [2012.01.07 21:02:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2009.11.30 21:21:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006.11.02 13:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Anwendungsdaten [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\AppData [2009.11.23 12:29:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Yannic\Contacts [2009.11.23 12:29:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Cookies [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\Desktop [2012.01.05 19:35:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Documents [2010.02.13 13:50:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Downloads [2009.11.23 12:29:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Druckumgebung [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\Eigene Dateien [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\Favorites [2009.11.23 12:29:36 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Links [2009.11.23 12:29:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Lokale Einstellungen [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\Music [2010.02.13 13:50:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Netzwerkumgebung [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\NTUSER.DAT ()
O4 - Startup: C:\Users\Yannic\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Yannic\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Yannic\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Yannic\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Yannic\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Yannic\ntuser.ini ()
O4 - Startup: C:\Users\Yannic\Pictures [2010.02.13 13:50:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Recent [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\Saved Games [2010.01.09 12:20:41 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Searches [2009.11.23 12:29:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\SendTo [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\Startmenü [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Yannic\Videos [2010.02.13 13:50:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Yannic\Vorlagen [2009.11.23 12:29:01 | 000,000,000 | -HSD | M]
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\Application\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AC3B737-BCCC-404A-9151-6DB2A066366F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{40434997-d473-11de-bb57-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40434997-d473-11de-bb57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\tools\shelexec.exe html\index.htm
O33 - MountPoints2\{76be300c-173f-11e0-8a1e-0021855466b9}\Shell - "" = AutoRun
O33 - MountPoints2\{76be300c-173f-11e0-8a1e-0021855466b9}\Shell\AutoRun\command - "" = E:\AngryBirdsRioInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.14 22:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.14 22:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.14 22:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.14 10:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.14 10:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.14 10:14:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.13 18:34:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.11 20:06:37 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.01.11 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.01.11 08:23:32 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 08:23:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 08:23:18 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 08:23:16 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 08:23:16 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.10 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012.01.10 22:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012.01.10 21:59:00 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppmon.dll
[2012.01.10 21:59:00 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppui.dll
[2012.01.10 21:59:00 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enspres.dll
[2012.01.10 21:58:59 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppmon.dll
[2012.01.10 21:58:59 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppui.dll
[2012.01.10 21:58:59 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enpres.dll
[2012.01.10 21:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012.01.10 21:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Software
[2012.01.10 21:57:56 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2012.01.10 21:57:44 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_TLBHTU.DLL
[2012.01.10 21:57:38 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_TD4BHTU.DLL
[2012.01.10 21:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.01.10 21:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.01.10 21:56:43 | 000,341,504 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esw2ud.dll
[2012.01.10 21:56:43 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2012.01.10 21:56:43 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\escdev.dll
[2012.01.10 21:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012.01.08 18:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.08 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.08 18:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.08 18:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.08 17:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.15 09:15:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{28F6F685-ED86-4AE9-AF09-CDA72C9ACFFB}.job
[2012.01.15 09:11:59 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.15 09:11:59 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.15 09:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.15 08:44:06 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1874314364-3078492171-4014367394-1003UA.job
[2012.01.15 08:14:17 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.15 08:14:17 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.15 08:14:17 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.15 08:14:17 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.15 00:09:20 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.14 22:08:21 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.14 20:44:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1874314364-3078492171-4014367394-1003Core.job
[2012.01.14 10:21:52 | 298,420,603 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.14 10:14:36 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.13 18:16:44 | 000,295,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.11 20:08:08 | 000,001,586 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2012.01.11 20:06:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.01.11 20:06:03 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.01.10 21:56:44 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.01.08 18:11:12 | 000,001,496 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.08 18:01:02 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.14 22:08:21 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.14 21:23:15 | 003,562,624 | ---- | C] () -- \ccsetup314.exe
[2012.01.14 21:23:14 | 000,584,192 | ---- | C] () -- \OTL.exe
[2012.01.14 10:21:52 | 298,420,603 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.14 10:14:36 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.13 18:56:02 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.11 20:08:08 | 000,001,586 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2012.01.10 21:56:44 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.01.08 18:11:12 | 000,001,496 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.08 18:01:02 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.12.20 20:39:10 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1874314364-3078492171-4014367394-1003UA.job
[2011.12.20 20:39:09 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1874314364-3078492171-4014367394-1003Core.job
[2011.05.14 16:48:20 | 015,952,782 | ---- | C] () -- \iPod_Touch_iOS4_Benutzerhandbuch.pdf
[2011.02.24 07:07:02 | 074,645,464 | ---- | C] () -- \dosenfischer_podcast_146.mp3
[2011.01.03 17:26:26 | 000,686,968 | ---- | C] () -- \fritzbox-usb-fernanschluss.exe
[2010.12.09 21:40:30 | 002,075,280 | ---- | C] () -- \feuersteinfelder.jpg
[2010.09.07 13:25:56 | 000,000,690 | ---- | C] () -- \PanoramaStudio 2 SE.lnk
[2009.11.21 19:09:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.21 19:09:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.21 19:09:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.11.19 04:48:47 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.11.19 04:48:47 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.11.19 04:48:47 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.11.19 04:48:47 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.11.18 20:09:28 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.19 21:44:39 | 030,143,040 | ---- | C] () -- \avira_antivir_personal_de.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,295,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Anwendungsdaten
[2009.11.18 20:05:34 | 000,000,000 | -H-D | M] -- C:\Users\Admin\AppData
[2010.01.07 23:37:13 | 000,000,000 | R--D | M] -- C:\Users\Admin\Contacts
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Cookies
[2009.12.23 15:58:28 | 000,000,000 | R--D | M] -- C:\Users\Admin\Desktop
[2010.02.13 09:22:01 | 000,000,000 | R--D | M] -- C:\Users\Admin\Documents
[2011.01.03 17:18:19 | 000,000,000 | R--D | M] -- C:\Users\Admin\Downloads
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Druckumgebung
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Eigene Dateien
[2009.11.18 20:18:37 | 000,000,000 | R--D | M] -- C:\Users\Admin\Favorites
[2006.11.02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Admin\Links
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Lokale Einstellungen
[2010.02.13 09:22:01 | 000,000,000 | R--D | M] -- C:\Users\Admin\Music
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Netzwerkumgebung
[2010.02.13 09:22:01 | 000,000,000 | R--D | M] -- C:\Users\Admin\Pictures
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Recent
[2010.07.27 20:09:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\Saved Games
[2010.01.08 15:07:06 | 000,000,000 | R--D | M] -- C:\Users\Admin\Searches
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\SendTo
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Startmenü
[2010.02.13 09:22:01 | 000,000,000 | R--D | M] -- C:\Users\Admin\Videos
[2009.11.18 20:01:28 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Vorlagen
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2011.01.12 15:03:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\bBcOo01804
[2011.01.03 17:21:54 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2012.01.11 19:38:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\EPSON
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2011.05.14 16:56:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2006.11.02 12:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006.11.02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009.11.18 19:58:32 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006.11.02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2006.11.02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006.11.02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2006.11.02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2006.11.02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006.11.02 11:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006.11.02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2009.11.18 19:58:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Anwendungsdaten
[2009.11.19 17:55:46 | 000,000,000 | -H-D | M] -- C:\Users\Fini\AppData
[2009.11.19 17:55:33 | 000,000,000 | R--D | M] -- C:\Users\Fini\Contacts
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Cookies
[2011.05.14 15:29:00 | 000,000,000 | R--D | M] -- C:\Users\Fini\Desktop
[2012.01.10 22:09:26 | 000,000,000 | R--D | M] -- C:\Users\Fini\Downloads
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Druckumgebung
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Eigene Dateien
[2009.11.19 17:55:48 | 000,000,000 | R--D | M] -- C:\Users\Fini\Favorites
[2009.11.19 17:55:46 | 000,000,000 | R--D | M] -- C:\Users\Fini\Links
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Lokale Einstellungen
[2011.05.14 16:57:13 | 000,000,000 | R--D | M] -- C:\Users\Fini\Music
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Netzwerkumgebung
[2011.05.16 18:47:24 | 000,000,000 | R--D | M] -- C:\Users\Fini\Pictures
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Recent
[2011.03.26 16:00:42 | 000,000,000 | R--D | M] -- C:\Users\Fini\Saved Games
[2009.11.19 17:55:46 | 000,000,000 | R--D | M] -- C:\Users\Fini\Searches
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\SendTo
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Startmenü
[2010.02.13 09:26:33 | 000,000,000 | R--D | M] -- C:\Users\Fini\Videos
[2009.11.19 17:55:22 | 000,000,000 | -HSD | M] -- C:\Users\Fini\Vorlagen
[2009.11.19 20:26:44 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Anwendungsdaten
[2009.11.19 20:27:05 | 000,000,000 | -H-D | M] -- C:\Users\Martina\AppData
[2009.11.19 20:26:52 | 000,000,000 | R--D | M] -- C:\Users\Martina\Contacts
[2009.11.19 20:26:44 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Cookies
[2011.02.15 13:09:32 | 000,000,000 | R--D | M] -- C:\Users\Martina\Desktop
[2012.01.12 13:27:26 | 000,000,000 | R--D | M] -- C:\Users\Martina\Documents
[2012.01.14 22:37:30 | 000,000,000 | R--D | M] -- C:\Users\Martina\Downloads
[2009.11.19 20:26:44 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Druckumgebung
[2009.11.19 20:26:44 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Eigene Dateien
[2011.07.01 20:28:56 | 000,000,000 | R--D | M] -- C:\Users\Martina\Favorites
[2009.11.19 20:27:05 | 000,000,000 | R--D | M] -- C:\Users\Martina\Links
[2009.11.19 20:26:45 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Lokale Einstellungen
[2011.05.16 18:43:13 | 000,000,000 | R--D | M] -- C:\Users\Martina\Music
[2009.11.19 20:26:44 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Netzwerkumgebung
[2011.05.16 18:52:30 | 000,000,000 | R--D | M] -- C:\Users\Martina\Pictures
[2009.11.19 20:26:44 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Recent
[2009.11.21 20:16:02 | 000,000,000 | R--D | M] -- C:\Users\Martina\Saved Games
[2009.11.19 20:27:05 | 000,000,000 | R--D | M] -- C:\Users\Martina\Searches
[2009.11.19 20:26:44 | 000,000,000 | -HSD | M] -- C:\Users\Martina\SendTo
[2009.11.19 20:26:44 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Startmenü
[2009.11.19 20:27:05 | 000,000,000 | R--D | M] -- C:\Users\Martina\Videos
[2009.11.19 20:26:45 | 000,000,000 | -HSD | M] -- C:\Users\Martina\Vorlagen
[2012.01.14 22:08:21 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009.11.18 19:58:32 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006.11.02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006.11.02 11:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006.11.02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2011.09.17 20:27:47 | 000,000,000 | ---D | M] -- C:\Users\Public\photo.php-Dateien
[2012.01.07 21:02:32 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.11.30 21:21:09 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006.11.02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Anwendungsdaten
[2009.11.23 12:29:34 | 000,000,000 | -H-D | M] -- C:\Users\Yannic\AppData
[2009.11.23 12:29:22 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Contacts
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Cookies
[2012.01.05 19:35:27 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Desktop
[2010.02.13 13:50:33 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Documents
[2009.11.23 12:29:34 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Downloads
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Druckumgebung
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Eigene Dateien
[2009.11.23 12:29:36 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Favorites
[2009.11.23 12:29:35 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Links
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Lokale Einstellungen
[2010.02.13 13:50:33 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Music
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Netzwerkumgebung
[2010.02.13 13:50:33 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Pictures
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Recent
[2010.01.09 12:20:41 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Saved Games
[2009.11.23 12:29:34 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Searches
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\SendTo
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Startmenü
[2010.02.13 13:50:33 | 000,000,000 | R--D | M] -- C:\Users\Yannic\Videos
[2009.11.23 12:29:01 | 000,000,000 | -HSD | M] -- C:\Users\Yannic\Vorlagen
[2012.01.14 20:44:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1874314364-3078492171-4014367394-1003Core.job
[2012.01.15 08:44:06 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1874314364-3078492171-4014367394-1003UA.job
[2012.01.15 09:10:55 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.15 09:15:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{28F6F685-ED86-4AE9-AF09-CDA72C9ACFFB}.job
 
========== Purity Check ==========
 
 

< End of report >
EXTRA.txt
Code:
ATTFilter
OTL Extras logfile created on: 15.01.2012 09:14:45 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 72,98% Memory free
6,19 Gb Paging File | 5,43 Gb Available in Paging File | 87,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 7,62 Gb Free Space | 17,33% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 234,33 Gb Free Space | 95,13% Space Free | Partition Type: NTFS
 
Computer Name: ZUHAUSE | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1874314364-3078492171-4014367394-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Application\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1874314364-3078492171-4014367394-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Application\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F2682F-961C-4295-9EDF-9883F3243A25}" = dir=in | app=d:\application\itunes\itunes.exe | 
"{1783BF23-072D-49BC-9F9A-FA8925F9CB5B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{17AF7176-BFE0-49FF-813F-8B478B5B3005}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\apps\2.0\tr4ywzco.qlx\w9vlwwhr.mj4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{25531CC5-DE18-4071-A821-A92A932E59AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3F3FB614-AA25-42F0-9E09-01D9BAEDDA47}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{7291F6C4-E12C-41C4-951F-3E85E03FB6BE}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\apps\2.0\tr4ywzco.qlx\w9vlwwhr.mj4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{9016C12D-F566-41A3-8AF2-D5303EEA0225}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\apps\2.0\qla84aj5.etq\e8v1hya0.4j1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{93C67A3E-E0D4-4786-AAAD-0FBD6AF80BCF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AABF14E7-2307-4ACE-A677-6E6448E3A3B2}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\apps\2.0\tr4ywzco.qlx\w9vlwwhr.mj4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{B832057B-D76E-45F2-A711-08CBEAE468D7}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{BAEA9AA6-6C56-4E12-ABD1-F3AACA485481}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\apps\2.0\qla84aj5.etq\e8v1hya0.4j1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{CFAA7C16-6CDD-472B-AD56-1A4DA3EA89EF}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\apps\2.0\tr4ywzco.qlx\w9vlwwhr.mj4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{DD130488-A710-4870-82A7-25B615C386AF}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\apps\2.0\qla84aj5.etq\e8v1hya0.4j1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{E91D9A99-15B2-4CB7-BDFD-5860B40E1A9B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F2F1B36E-B2E5-4F99-B262-CD5902FEAE1D}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\apps\2.0\qla84aj5.etq\e8v1hya0.4j1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{F52FD028-13C5-4796-B6F0-A6010D99CC81}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"TCP Query User{5E73B8C6-4C6E-4011-874A-5AF81D6253BD}C:\users\martina\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{A92A5AE5-AA74-48E8-977B-2F5D585456F5}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{B554DE74-9524-4F1A-8290-E82EAC947749}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{4C62BD53-34EA-4AFE-B6C3-EB3B0F2FE71A}C:\users\martina\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{52CD7D42-F57C-474A-9A2F-E92E3A28048A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8F66C1EB-D307-4154-9531-BB00B9FEF371}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}" = Angry Birds
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D181A318-28DF-4B83-8F13-24C2D0BDA12D}" = Garmin POI Loader
"{E0B3F290-186B-46C8-BA95-F3D6542C2407}" = Angry Birds Rio
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PanoramaStudio2SE" = PanoramaStudio 2.0 SE (deinstallieren)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1874314364-3078492171-4014367394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1874314364-3078492171-4014367394-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.07.2011 14:37:26 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.08.2011 02:52:05 | Computer Name = zuHause | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.08.2011 02:52:26 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.08.2011 02:52:26 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.08.2011 03:52:39 | Computer Name = zuHause | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.08.2011 03:53:06 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.08.2011 03:53:06 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.08.2011 04:24:19 | Computer Name = zuHause | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.08.2011 04:24:44 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.08.2011 04:24:44 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 15.01.2012 03:08:22 | Computer Name = zuHause | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 15.01.2012 03:08:22 | Computer Name = zuHause | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 15.01.2012 03:08:22 | Computer Name = zuHause | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 15.01.2012 04:13:39 | Computer Name = zuHause | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 15.01.2012 04:13:39 | Computer Name = zuHause | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 15.01.2012 04:13:39 | Computer Name = zuHause | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 15.01.2012 04:13:39 | Computer Name = zuHause | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 15.01.2012 04:13:39 | Computer Name = zuHause | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 15.01.2012 04:13:39 | Computer Name = zuHause | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 15.01.2012 04:13:48 | Computer Name = zuHause | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

Vielen Dank im Voraus für die Beschäftigung mit diesem Problem(en)

Alt 15.01.2012, 21:18   #2
diewithgrace
 
TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen - Standard

TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen


Nachdem ich ein wenig im Forum gestöbert habe, bin ich auf diesen Thread gestossen:

http://www.trojaner-board.de/106601-...-trojaner.html

Daraufhin habe ich mich mal ein wenig auf die Suche nach dem FW-Dienst gemacht ... und dummerweise festgestellt, dass er ebenfalls verschwunden ist

Lange Rede, kurzer Sinn: Formatierung läuft, Recovery liegt bereit ... here we go again. Könnte der kürzere Weg sein.

Kann somit geschlossen werden.

Danke für's Lesen!

Cheers
diewithgrace
__________________
Antwort

Themen zu TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen
antivir, autorun, avira searchfree toolbar, bho, bonjour, ccsetup, dateisystem, defender, desktop.ini, document, error, excel, explorer, firefox, flash player, format, google, helper, heuristiks/extra, heuristiks/shuriken, home, hängt, install.exe, laptop hängt, logfile, microsoft office word, mozilla thunderbird, netzwerkumgebung, pirates, plug-in, realtek, registry, rootkit.0access, rootkit.zeroaccess, rundll, security, senden, software, temp, trojan.patched, udp, ungültiges, version=1.0, vista


« Aus Sicherheitsgründen wurde ihr Windows blockiert! | Entfernen von PDF Creator Toolbar und vill anderen schädlingen »


Ähnliche Themen: TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  3. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  4. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  5. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  6. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  7. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  8. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  9. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  14. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  16. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
  17. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen - Eigentlich ein "Spiel + Lern" - Laptop ... aber gestern/vorgestern hagelte es Probleme. "Sehen" kann (konnte) ich selbst nur die Aktivität des TR/ATRAPS.Gen2 (also das medaishift-problem im FF), es soll - TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen...
Archiv
Du betrachtest: TR/ATRAPS.Gen2, gepaart mit ggf. weiteren Problemen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131