| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2012, 20:03
| #1 |
| |  AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? Hallo Trojaner-Board! Ich habe folgendes Problem, seit ziemlich genau zwei Wochen erhalte ich von Avira AntiVir ständig den Sicherheitshinweis, dass der Trojaner TR/ATRAPS.Gen gefunden wurde. Mit AntiVir konnte dieser Trojaner bislang leider nicht gelöscht werden. Ich bin schon total verzweifelt und weiß absolut nicht weiter...  Ein kompletter Systemcheck mit Malwarebytes wurde soeben gestartet. Was muss/kann ich jetzt noch tun?? Vielen Dank für Eure Hilfe !!  Grüße Warlock |
|
27.04.2012, 20:12
| #2 |
| /// Malware-holic   | AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
27.04.2012, 23:13
| #3 |
| | AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? Hi,
__________________hier nun die OTL-Ergebnisse. Ich hoffe es gibt noch Rettung  OTL.TXTOTL Logfile: Code:
ATTFilter OTL logfile created on: 27.04.2012 21:31:52 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Chria\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,44% Memory free 4,22 Gb Paging File | 2,42 Gb Available in Paging File | 57,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,22 Gb Total Space | 20,97 Gb Free Space | 28,26% Space Free | Partition Type: NTFS Drive E: | 73,36 Gb Total Space | 19,00 Gb Free Space | 25,90% Space Free | Partition Type: NTFS Computer Name: BÜRO | User Name: Chria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.27 21:17:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chria\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.30 20:02:01 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2011.12.15 16:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.20 11:35:56 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.07.19 20:57:32 | 002,231,616 | ---- | M] () -- C:\Programme\devolo\dlan\devolonetsvc.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008.08.14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.29 07:02:38 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2006.12.14 20:07:26 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2006.12.14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2006.11.14 23:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2006.11.14 22:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2006.11.14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.07 15:50:50 | 003,772,416 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.09.12 09:03:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012.04.17 21:26:57 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Windows\System32\aptwn1brt.dll -- (LanmanWorkstation) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.30 20:02:01 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.12 16:15:06 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.07.19 20:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.27 16:03:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.01.24 12:21:24 | 000,375,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.01.24 12:21:14 | 000,177,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006.12.14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2006.11.14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.09.12 09:03:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ap040xue) DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) DRV - [2012.04.27 14:47:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B196B2D-F38C-4DD3-95AA-CD39EAFE5BF2}\MpKslcd72e4fa.sys -- (MpKslcd72e4fa) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.02.15 21:23:48 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.15 16:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.23 11:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.10 14:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2009.09.28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009.06.10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2008.12.11 18:05:29 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.06.16 17:13:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008.06.16 17:08:52 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2007.11.09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.09.26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.16 23:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX) DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2007.04.10 10:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2006.12.07 21:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.11.19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.10.30 10:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.08.31 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.07.06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2006.02.14 19:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006.02.14 19:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2005.08.01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2004.11.29 01:00:00 | 000,547,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fxusbase.sys -- (FXUSBASE) Eumex 400 (WinXP/2000) DRV - [2004.11.29 01:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_de IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.01.30 00:42:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.21 15:36:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 21:20:07 | 000,000,000 | ---D | M] [2009.03.16 19:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chria\AppData\Roaming\mozilla\Extensions [2012.02.10 11:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chria\AppData\Roaming\mozilla\Firefox\Profiles\k1yx9jw5.default\extensions [2011.01.12 21:03:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chria\AppData\Roaming\mozilla\Firefox\Profiles\k1yx9jw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.10 11:03:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Chria\AppData\Roaming\mozilla\Firefox\Profiles\k1yx9jw5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.05.11 18:56:49 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Chria\AppData\Roaming\mozilla\Firefox\Profiles\k1yx9jw5.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2012.02.10 11:03:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Chria\AppData\Roaming\mozilla\Firefox\Profiles\k1yx9jw5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.03 22:09:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Chria\AppData\Roaming\mozilla\Firefox\Profiles\k1yx9jw5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.17 23:08:42 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Chria\AppData\Roaming\mozilla\Firefox\Profiles\k1yx9jw5.default\extensions\2020Player@2020Technologies.com [2009.08.17 20:34:25 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Chria\AppData\Roaming\mozilla\Firefox\Profiles\k1yx9jw5.default\extensions\battlefieldheroespatcher@ea.com [2012.02.24 12:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.15 20:30:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.28 15:37:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.08.07 13:09:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.02.24 12:26:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2010.09.01 18:19:52 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2010.01.04 17:09:39 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.24 12:25:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.12.30 18:12:42 | 000,001,195 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (IE Toolbar) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe (Adobe Systems Incorporated) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\d3dyy6dq9.dll () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35428857-2B85-4FC6-8492-4D111A850D0A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45AF0DFF-A4DB-4ED7-B45A-AC87677CEF8B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8866336C-5A54-438A-BB1F-464C4400AD20}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.10.28 12:56:28 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ] O33 - MountPoints2\{680766c2-4354-11dd-baa5-404e57434404}\Shell\AutoRun\command - "" = InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3348E704-BC10-3A1C-489D-98B7E1C81F7B} - Microsoft Windows Media Player ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6B072724-548B-EF1C-5FF6-70527F766CE5} - Microsoft Windows Media Player 11.0 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {81C28006-9A28-4AA3-E054-011607FD33E6} - Browser Customizations ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A346D46F-61FE-3308-0BE9-656ACCF1AEE0} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe - () MsConfig - StartUpFolder: C:^Users^Chria^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - E:\Adobe Photoshop CS4\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - E:\Adobe Photoshop CS4\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - File not found MsConfig - StartUpReg: AllShareAgent - hkey= - key= - C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) MsConfig - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\phonostar-Player\phonostarTimer.exe () MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) MsConfig - StartUpReg: WinampAgent - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.27 21:16:12 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Chria\Desktop\OTL.exe [2012.04.27 20:48:26 | 000,000,000 | ---D | C] -- C:\Users\Chria\AppData\Roaming\Malwarebytes [2012.04.27 20:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.27 20:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.27 20:47:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.27 20:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.27 14:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.04.24 10:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.04.20 16:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.04.20 14:11:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\syncdb [2012.04.05 12:18:51 | 000,000,000 | ---D | C] -- C:\Users\Chria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.04.05 12:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.27 21:31:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.27 21:31:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.27 21:17:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chria\Desktop\OTL.exe [2012.04.27 21:04:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.27 20:48:03 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.27 20:33:25 | 000,002,721 | ---- | M] () -- C:\Users\Chria\Desktop\Microsoft Outlook 2010.lnk [2012.04.27 20:31:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.27 20:31:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.27 18:43:05 | 000,013,025 | ---- | M] () -- C:\Users\Chria\AppData\Roaming\nvModes.dat [2012.04.27 18:43:03 | 000,013,025 | ---- | M] () -- C:\Users\Chria\AppData\Roaming\nvModes.001 [2012.04.27 14:30:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.27 14:28:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.04.27 14:27:43 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.04.27 14:26:21 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.27 14:26:21 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.27 14:26:21 | 000,127,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.27 14:26:21 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.27 12:41:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.04.19 18:51:11 | 000,002,617 | ---- | M] () -- C:\Users\Chria\Desktop\Microsoft Word 2010.lnk [2012.04.18 21:44:11 | 000,002,523 | ---- | M] () -- C:\Users\Chria\Desktop\HiJackThis.lnk [2012.04.18 09:36:48 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk [2012.04.17 21:26:57 | 000,208,896 | ---- | M] () -- C:\Windows\System32\aptwn1brt.dll [2012.04.13 20:35:27 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.27 20:48:03 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.27 14:27:43 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.04.27 14:26:50 | 000,001,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.04.18 09:36:48 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk [2012.04.07 10:55:10 | 000,208,896 | ---- | C] () -- C:\Windows\System32\aptwn1brt.dll [2012.04.05 12:18:51 | 000,002,523 | ---- | C] () -- C:\Users\Chria\Desktop\HiJackThis.lnk [2012.03.30 20:02:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.02.08 23:14:54 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2012.02.08 23:14:54 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2012.01.31 11:57:16 | 000,074,221 | ---- | C] () -- C:\Windows\hpqins16.dat [2012.01.28 15:09:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.11 15:28:23 | 000,294,912 | ---- | C] () -- C:\Windows\System32\d3dyy6dq9.dll [2011.01.02 18:38:28 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.10.20 21:20:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.10.20 21:20:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe ========== LOP Check ========== [2007.08.19 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Ashampoo [2011.01.14 21:46:57 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Buhl Data Service [2008.12.11 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\DAEMON Tools [2008.12.11 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\DAEMON Tools Lite [2008.12.11 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\DAEMON Tools Pro [2007.08.19 13:53:14 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\DeepBurner [2012.01.03 22:09:22 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\DVDVideoSoft [2011.12.05 18:40:34 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\DVDVideoSoftIEHelpers [2007.07.30 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Eumex 400 [2008.03.18 18:14:38 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Haufe [2011.09.23 16:36:42 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\HTC [2010.12.15 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.03.20 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\ICQ [2008.04.20 21:36:01 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\ICQ Toolbar [2008.11.19 17:36:55 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\InterVideo [2010.01.04 17:20:15 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Lexware [2009.06.02 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\LimeWire [2007.10.30 00:30:09 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Mp3tag [2012.02.08 23:22:13 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\PC Suite [2007.07.27 23:46:02 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\PeerNetworking [2010.01.22 18:03:44 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\phonostar GmbH [2008.12.20 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\ProtectDisc [2010.11.14 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\QuickStoresToolbar [2011.04.04 21:48:13 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\RavensburgerTipToi [2012.02.08 23:14:28 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Samsung [2007.08.02 21:03:58 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Toshiba [2011.01.07 22:47:40 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\TS3Client [2011.01.03 20:29:14 | 000,000,000 | ---D | M] -- C:\Users\Chria\AppData\Roaming\Wargaming.net [2012.04.27 14:28:34 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.27 17:33:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.02.01 17:41:32 | 000,000,000 | ---D | M] -- C:\AllShare [2009.11.03 21:23:06 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.04.10 17:56:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.02.01 18:14:09 | 000,000,000 | ---D | M] -- C:\Download [2011.06.15 16:17:51 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.06.18 21:04:49 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.04.27 20:47:46 | 000,000,000 | R--D | M] -- C:\Program Files [2012.04.27 20:47:53 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.04.10 17:56:50 | 000,000,000 | -HSD | M] -- C:\Programme [2012.04.27 21:36:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.10.03 17:26:09 | 000,000,000 | ---D | M] -- C:\Temp [2007.04.10 18:01:02 | 000,000,000 | ---D | M] -- C:\Toshiba [2007.04.10 18:00:08 | 000,000,000 | R--D | M] -- C:\Users [2012.04.27 14:27:43 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.16 19:38:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys [2008.01.16 19:38:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.01.16 19:38:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.26 20:38:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.26 20:38:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: KR10N.SYS > [2006.02.14 19:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) MD5=0F9E83709CBB60B1549F3A65D0AB6E4F -- C:\Toshiba\Drivers\Raid\KR10N\KR10N.SYS [2006.02.14 19:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) MD5=0F9E83709CBB60B1549F3A65D0AB6E4F -- C:\Windows\System32\drivers\KR10N.sys [2006.02.14 19:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) MD5=0F9E83709CBB60B1549F3A65D0AB6E4F -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_433f1ea2\KR10N.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.04.12 19:13:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.04.12 19:13:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.12.11 18:05:29 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.12.16 10:34:40 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.12.16 10:34:38 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.12.16 10:34:40 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.12.16 10:34:50 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.12.16 10:34:52 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2012.04.17 21:26:57 | 000,208,896 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\aptwn1brt.dll [2012.01.11 15:28:23 | 000,294,912 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\d3dyy6dq9.dll [2011.10.20 11:35:55 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.10.20 11:35:55 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2009.12.30 11:39:20 | 000,017,801 | ---- | M] () -- C:\Users\Chria\Adobe CS4 Installer Database removal script.log [2012.04.05 14:29:51 | 000,020,467 | ---- | M] () -- C:\Users\Chria\Hallo PCFreunde.docx [2012.04.05 12:24:52 | 000,013,712 | ---- | M] () -- C:\Users\Chria\hijackthis.log [2012.04.27 21:41:31 | 004,456,448 | -HS- | M] () -- C:\Users\Chria\ntuser.dat [2012.04.27 21:41:30 | 000,262,144 | -H-- | M] () -- C:\Users\Chria\ntuser.dat.LOG1 [2007.04.10 18:00:11 | 000,000,000 | -H-- | M] () -- C:\Users\Chria\ntuser.dat.LOG2 [2012.04.27 14:28:02 | 000,065,536 | -HS- | M] () -- C:\Users\Chria\ntuser.dat{09abe1c1-904a-11e1-ae75-404e57434409}.TM.blf [2012.04.27 14:28:02 | 000,524,288 | -HS- | M] () -- C:\Users\Chria\ntuser.dat{09abe1c1-904a-11e1-ae75-404e57434409}.TMContainer00000000000000000001.regtrans-ms [2012.04.27 14:28:02 | 000,524,288 | -HS- | M] () -- C:\Users\Chria\ntuser.dat{09abe1c1-904a-11e1-ae75-404e57434409}.TMContainer00000000000000000002.regtrans-ms [2012.04.27 11:28:32 | 000,065,536 | -HS- | M] () -- C:\Users\Chria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.21 20:46:30 | 000,524,288 | -HS- | M] () -- C:\Users\Chria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.04.27 11:28:32 | 000,524,288 | -HS- | M] () -- C:\Users\Chria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2006.11.02 15:03:35 | 000,000,020 | -HS- | M] () -- C:\Users\Chria\ntuser.ini [2009.07.19 20:13:46 | 000,027,642 | ---- | M] () -- C:\Users\Chria\oma kalender.mcf [2009.08.17 18:49:14 | 002,387,474 | ---- | M] () -- C:\Users\Chria\RotoBasispreisliste2009.pdf [2009.03.24 22:41:56 | 000,096,106 | ---- | M] () -- C:\Users\Chria\segelschiffsandkasten.pdf [2009.12.11 18:59:13 | 001,405,128 | ---- | M] () -- C:\Users\Chria\setup_dm_Fotowelt.exe [2009.09.02 16:47:11 | 000,007,847 | ---- | M] () -- C:\Users\Chria\Steuer2008.08 [2010.07.31 16:19:17 | 000,000,292 | ---- | M] () -- C:\Users\Chria\Vista (C) - Verknüpfung.lnk [2012.04.18 21:42:21 | 000,000,162 | -H-- | M] () -- C:\Users\Chria\~$llo PCFreunde.docx < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
27.04.2012, 23:19
| #4 |
| | AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? und hier noch die Extras.txt...OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.04.2012 21:31:52 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Chria\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,44% Memory free
4,22 Gb Paging File | 2,42 Gb Available in Paging File | 57,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 20,97 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 19,00 Gb Free Space | 25,90% Space Free | Partition Type: NTFS
Computer Name: BÜRO | User Name: Chria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" (Mozilla Corporation)
htmlfile [opennew] -- "C:\Program Files\Mozilla Firefox\firefox.exe" (Mozilla Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm Fotowelt.exe] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C5B385-E0BF-4979-A9E0-3979A53B54E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0C3BFA05-9EE3-450E-B260-641115214D3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1802E550-4120-43D1-A390-705664A41D76}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CA3F372-005E-4890-9F4E-79E943AB549F}" = rport=445 | protocol=6 | dir=out | app=system |
"{21FF9024-D498-4867-9A38-F745EA380534}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2EED37CA-03A0-4BB9-B847-F835EDCAFBCD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F8B96FB-F845-4468-8EF7-B6C229A16AFD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3175FD53-8E07-4C16-911D-BE51B8CC501F}" = lport=139 | protocol=6 | dir=in | app=system |
"{326BCDB8-C6E5-42CB-BC4E-10DD3C2360CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{39D574D0-278D-4902-BCE7-6E24680BBFAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C153D2F-48A8-4D4B-A304-0D7314E0531D}" = rport=139 | protocol=6 | dir=out | app=system |
"{64BC6C58-0D35-4080-A9D3-56AF4E415BCD}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe |
"{697036F5-3C95-4EAB-9788-85F1D577EC35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6ACFCFB3-8D56-424E-BBD1-2A788DCC4435}" = rport=138 | protocol=17 | dir=out | app=system |
"{74C3A9FF-532D-41F7-B8CE-89D1FF29644F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{76CC9F81-7572-4C58-9B9F-E26369D25B64}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C263BA2-1078-47B3-9969-27AE4743F073}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9BDEE3A2-8B4E-4A6D-8E96-6F0EE6CDC95C}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E5946A1-C87E-4535-A7CC-60F36B440FD2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9EB57BA1-D478-4155-9BF6-000B7C9BBB8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ADB6993C-A59C-48E1-BFB3-4F42C9C977A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFC77068-F87C-457E-B94E-619D4B556DEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C51515B5-A4C3-4ABA-BD02-5ED9739C487C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E175284C-C47F-4F75-B9E0-8081B8EDE4A6}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C51F4E-124D-459E-BA9B-221678C495A6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0663F16F-6704-40B3-B750-1B30F5FDCCC5}" = protocol=17 | dir=in | app=e:\spiele\coh\reliccoh.exe |
"{0AB8DAA6-AE3D-47ED-9BE0-E55D4ADC0E09}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{110113B8-E902-4CAC-979F-06B017E49C2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1760E290-CE2D-42EA-8DC4-81289D1CC10C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A76CDE2-CC80-4F64-8EF6-32A503E39212}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{2603C8F3-2C0C-4719-971C-31E695B24178}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{280047AF-3858-4DBF-92A7-D5528EB8FEFE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2C6C590C-6BD6-4768-A65F-09731ED0B7A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E94182C-81EC-48E3-A885-9D5C634F130C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E9488EC-D72F-4CAD-95CB-E4F6B3059DBA}" = protocol=17 | dir=in | app=e:\spiele\coh\relicdownloader\relicdownloader.exe |
"{3EBE6FEF-0000-44F0-81BF-475B2F323EF5}" = protocol=6 | dir=in | app=e:\spiele\coh\reliccoh.exe |
"{46F917E7-F11B-4231-8774-8B6A5094BA34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4834787D-241E-416E-9ECA-2809CF1E0D7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C36ED0C-0DD3-4943-BBBB-84439581E248}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4EA6708E-4013-4BE1-9BC3-C6381CECEA14}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{4F4DE541-3937-4568-A106-4E66B4CD55A6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{514AA633-AD5E-4502-BF54-A7202E0F1ECA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51D61D40-269F-4B44-AAD8-63508A7E376D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{58124667-20CA-421E-B806-242DFEB351BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64BACC83-9ECC-4FA6-A726-99FC34B0C55B}" = protocol=6 | dir=out | app=system |
"{6F3316CA-C5FA-45AD-977F-6DEC9C5DFD4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{708A3291-2D65-4C26-AE3C-120C0AB0C679}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{7515B294-39DA-4812-A13E-52806F6740CB}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{79268D9D-4181-47F9-B2B4-3AC36ABE6545}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A53927E-777F-4363-AD33-0586C37D6392}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B751D16-A8A5-4EEF-A493-A1CDF6D67327}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{7C67A230-47CD-4587-9355-6082AE780446}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8F31DE50-2918-48BA-9286-FF26D1AD4C8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8F3D433B-ABD8-44D4-BAE6-A556CB0F3A60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{982E9435-408E-4DE6-821D-8F54BDC3F0F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{997B73FE-F77A-4816-A97F-C5D497F44E7E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{9C9EB323-309D-44CA-88D4-DB42E599F96E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9FA989B0-8620-44BB-BA58-320A1BC98E05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A57638D0-623E-4DEF-BD50-CC7F9E2D55E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A722303F-E3AF-4BE3-92BC-9F1CEC9F2E21}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A7B2FDE9-62F7-4AAF-854B-CD7EB512AFAF}" = protocol=6 | dir=in | app=e:\spiele\coh\relicdownloader\relicdownloader.exe |
"{A7EA1AAE-691A-4471-9C3C-82243C862B0D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{ADAAACFB-F5FA-4AA1-BDE7-62858709F064}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B11B9615-BB0B-4B0F-8127-01D5616A0AF4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B896A0ED-23B0-49C6-8FDA-CEBBC185FAAB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C2872AA5-2B93-4C10-8A52-C321BBB7AFFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C436A3A0-5C58-4433-B67C-2496B540F554}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C52958A0-C465-450C-9725-B07FF1248824}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C7C654E3-B4BE-487C-A15A-71C246D2E6A6}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{D0EFD328-EC0C-4E9D-A23D-9CF45540150B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D1748A49-D85B-4F53-A4AF-AE5A60A8E01D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E8708FA1-7F7A-4410-A68D-F5575F686B7C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB44D6EC-5757-4EA1-A930-E39E98309D96}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{EFD94148-C7C1-4785-BF3D-1C30CB0C6655}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F0602206-9967-476B-9828-ACBDB682F974}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F2BE426D-5803-47D9-A861-E7A2728FB8BA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F694B9EA-3B56-442B-A19A-C6AE580DFAA3}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"TCP Query User{01CCCD33-F4D2-4534-87B6-5443E51A0EF9}C:\users\chria\appdata\local\temp\e07a3360d0044a74946a5e452bff5471\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\chria\appdata\local\temp\e07a3360d0044a74946a5e452bff5471\relicdownloader.exe |
"TCP Query User{303EB740-9C09-4347-A517-91E9D33D03B4}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{336343B7-178B-4E3E-A225-539B42E0A020}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{3A5BB37F-A022-4285-AC5E-F79003362197}E:\spiele\wot\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=6 | dir=in | app=e:\spiele\wot\world_of_tanks_closed_beta\worldoftanks.exe |
"TCP Query User{4084F643-FA7C-41E4-BE03-D888591AD594}C:\users\chria\appdata\local\temp\ae046aba91bc44f294bba8b06a4f0051\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\chria\appdata\local\temp\ae046aba91bc44f294bba8b06a4f0051\relicdownloader.exe |
"TCP Query User{4C905A37-0203-47C7-B44A-CA74A16C63A2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{5773FDE8-336F-4974-AE6D-A46DC2BFD6AA}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{62ADEF14-C1EC-4248-A429-26027AEE1F7A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6ED62D7D-05E1-4FBF-9D8A-CC31463CEF1C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7A6F4E9A-7CE9-4727-96ED-47A689CD61FC}C:\users\chria\appdata\local\temp\a46efa07fa414d5ca415ad8cad32d51d\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\chria\appdata\local\temp\a46efa07fa414d5ca415ad8cad32d51d\relicdownloader.exe |
"TCP Query User{7B41ED0B-720E-49D5-9D91-0EC8AC5BAA66}E:\spiele\menofwar\men of war\mow.exe" = protocol=6 | dir=in | app=e:\spiele\menofwar\men of war\mow.exe |
"TCP Query User{86F58F7D-4313-43B7-97FF-39394A1BC6C1}E:\spiele\wot\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=e:\spiele\wot\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{8973AD00-F872-4724-A4B0-154BCFE5D324}E:\spiele\wot\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=e:\spiele\wot\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{B189736F-AD07-4796-B888-528DC16DB6AC}E:\spiele\wot\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=6 | dir=in | app=e:\spiele\wot\world_of_tanks_closed_beta\worldoftanks.exe |
"TCP Query User{BD07DED9-F73D-4B55-ABEF-01CBFB70E4B7}E:\spiele\thq\w40k.exe" = protocol=6 | dir=in | app=e:\spiele\thq\w40k.exe |
"TCP Query User{E0322B00-1BAA-4CF4-A2FD-0502C5DA42FB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E257CEA3-599F-42ED-B6E3-C79113B4DC48}C:\users\chria\appdata\local\temp\f336644cb63f4810ad4a6a6f0fe6f829\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\chria\appdata\local\temp\f336644cb63f4810ad4a6a6f0fe6f829\relicdownloader.exe |
"TCP Query User{E4B0F3CC-B9E7-4603-AAFE-847AF67D66BA}C:\users\chria\appdata\local\temp\0310755b47644c16b3a61d54e727d354\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\chria\appdata\local\temp\0310755b47644c16b3a61d54e727d354\relicdownloader.exe |
"TCP Query User{F079EC0C-EFAA-4F53-952B-6AA2B6646B42}E:\spiele\menofwar\men of war\mow_mp.exe" = protocol=6 | dir=in | app=e:\spiele\menofwar\men of war\mow_mp.exe |
"TCP Query User{F5755FBB-9B0A-4C52-A24E-EF6AAD063282}E:\spiele\menofwar\men of war\outfront_mp.exe" = protocol=6 | dir=in | app=e:\spiele\menofwar\men of war\outfront_mp.exe |
"TCP Query User{F943BEFF-97E7-43E6-9787-941A187E69E3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{FC3EE9CE-EED1-496C-8A2A-BCC58E83376F}E:\spiele\trackmania - nationsforever\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\spiele\trackmania - nationsforever\tmnationsforever\tmforever.exe |
"UDP Query User{04296B51-F539-4E94-9AE6-114045A5B2F5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{08438D2C-F408-41D4-A513-2C717E9A9077}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{30A82293-0F21-4B51-A5D9-582D99D0DE87}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{3A12B305-9B63-4BA5-98CB-5DF9A073C01A}E:\spiele\trackmania - nationsforever\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\spiele\trackmania - nationsforever\tmnationsforever\tmforever.exe |
"UDP Query User{5D9ECA82-846D-4DED-9A1D-F69E34BB3D9D}E:\spiele\wot\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=e:\spiele\wot\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{6228C0F7-0C1F-42BB-933F-0A5AC54CF7AE}E:\spiele\wot\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=17 | dir=in | app=e:\spiele\wot\world_of_tanks_closed_beta\worldoftanks.exe |
"UDP Query User{6316ED49-A353-4B11-9EA4-42A4D37685CB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6A0BCCA9-0E92-427F-8F3D-8F981FCAC502}C:\users\chria\appdata\local\temp\f336644cb63f4810ad4a6a6f0fe6f829\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\chria\appdata\local\temp\f336644cb63f4810ad4a6a6f0fe6f829\relicdownloader.exe |
"UDP Query User{76EC37D0-EB06-434E-A816-1616DA9E7732}E:\spiele\menofwar\men of war\mow.exe" = protocol=17 | dir=in | app=e:\spiele\menofwar\men of war\mow.exe |
"UDP Query User{B2535E8B-14D3-4A34-A4ED-B5AF53EF7BD4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C8967866-DAF8-4C4F-BA9D-A8AEFA709DF5}C:\users\chria\appdata\local\temp\e07a3360d0044a74946a5e452bff5471\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\chria\appdata\local\temp\e07a3360d0044a74946a5e452bff5471\relicdownloader.exe |
"UDP Query User{C8EC5CB1-EEE0-49F2-89AD-4692F49E5353}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D52C06C2-73FF-4353-AF0D-5CEFDA7623D4}E:\spiele\menofwar\men of war\outfront_mp.exe" = protocol=17 | dir=in | app=e:\spiele\menofwar\men of war\outfront_mp.exe |
"UDP Query User{DC8DF86D-5B56-44CF-B5A6-FB439D43D97E}E:\spiele\wot\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=e:\spiele\wot\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{E01543DA-80C5-480F-B622-40253329C9D6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{E108DDD5-C5D2-4A7E-B62B-62F3913C4CDE}C:\users\chria\appdata\local\temp\0310755b47644c16b3a61d54e727d354\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\chria\appdata\local\temp\0310755b47644c16b3a61d54e727d354\relicdownloader.exe |
"UDP Query User{E7454BC9-F5EF-4F55-9EFB-4510B7FB8B88}E:\spiele\thq\w40k.exe" = protocol=17 | dir=in | app=e:\spiele\thq\w40k.exe |
"UDP Query User{E822213C-8479-4BC3-A411-7800961E4917}C:\users\chria\appdata\local\temp\ae046aba91bc44f294bba8b06a4f0051\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\chria\appdata\local\temp\ae046aba91bc44f294bba8b06a4f0051\relicdownloader.exe |
"UDP Query User{EA808DAE-DFCE-4F89-B0A2-C8F6A8D19858}E:\spiele\menofwar\men of war\mow_mp.exe" = protocol=17 | dir=in | app=e:\spiele\menofwar\men of war\mow_mp.exe |
"UDP Query User{ED05630B-0056-4599-A1C3-23F371C1DB1E}C:\users\chria\appdata\local\temp\a46efa07fa414d5ca415ad8cad32d51d\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\chria\appdata\local\temp\a46efa07fa414d5ca415ad8cad32d51d\relicdownloader.exe |
"UDP Query User{EE4FFB2E-900D-494C-B5A9-6F8A48A9BCBE}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{FEBDE303-C4B2-411A-8A5F-4D2E52DC07CE}E:\spiele\wot\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=17 | dir=in | app=e:\spiele\wot\world_of_tanks_closed_beta\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A2DEB31-F8E5-413B-8A86-0D7843C6C496}" = Nero 8 Demo
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1674E8F8-18B1-4999-AC26-F31FB88860BD}" = hppCLJCM1312
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile-Gerätecenter
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{379BD4AB-8633-4B4F-97F4-612E6DD9CA36}" = hppScanToCM1312
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A01DAF7-2FAC-46BA-B46E-EFFBD3B875DF}" = hppManualsCM1312
"{3B64983B-A039-11D4-8B5A-0050DA45E354}" = SmartSurfer2.3
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{74892A2F-57B2-48E4-81C3-1E21E12A470B}" = TOSHIBA Supervisor Password
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AEF3482-B7B7-4B94-AF63-B249B9BA9D7F}_is1" = HELI-X 3.0 Demo
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 1.0
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{ACF57692-36CE-414D-8B47-9908DB14DB18}" = hppFaxUtilityCM1312
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B754B683-E23C-4583-9312-50AD86836B42}" = Steuer Hilfesammlung
"{B77A308F-85F5-4D68-8CB5-313332CB2779}" = TOSHIBA Hardware Setup
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8 Demo
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB146E80-40B2-4918-802D-A83852737ECC}" = NetObjects Fusion 11.0
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CD90E059-509B-4AEB-8ADA-E9A6C7645671}" = TOSHIBA Benutzerhandbücher
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F119565C-DC95-48DC-BC2D-CC95612CFAB5}" = hppscanCM1312
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDDC37C3-B2FC-4B5E-A854-1E69B2FFCA71}" = Steuer Update 14.01
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{TREEFOFF-7CE4-44A8-0104-62233F53C7SS}_is1" = Tree Of Life Screensaver
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"3D Four Seasons Premium Screen Saver" = 3D Four Seasons Premium Screen Saver
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Android SDK Tools" = Android SDK Tools
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dlancockpit" = devolo dLAN Cockpit
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"FreePDF_XP" = FreePDF (Remove only)
"Geogrid_DynPerspView" = Geogrid® DynPerspView
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LIDL Fotoservice_is1" = LIDL Fotoservice
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.41
"nLite_is1" = nLite 1.4.9.1
"NVIDIA Drivers" = NVIDIA Drivers
"ODBC" = ODBC
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Ravensburger tiptoi" = Ravensburger tiptoi
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T-Com Konfigurator Eumex 400" = T-Com Konfigurator Eumex 400
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
30.04.2012, 15:43
| #5 |
| /// Malware-holic | AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
SRV - [2012.04.17 21:26:57 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Windows\System32\aptwn1brt.dll -- (LanmanWorkstation)
SRV - [2011.11.12 16:15:06 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2012, 16:59
| #6 | |
| | AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? Hallo, ich hoffe ich habe alles richtig gemacht.... Hier nun die TXT-File All processes killed ========== OTL ========== Error: Unable to stop service LanmanWorkstation! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation deleted successfully. C:\Windows\System32\aptwn1brt.dll moved successfully. Service Update-Service stopped successfully! Service Update-Service deleted successfully! C:\Windows\System32\UpdSvc.dll moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Chria ->Flash cache emptied: 12011543 bytes User: Default ->Flash cache emptied: 56509 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 12,00 mb [EMPTYTEMP] User: All Users User: Chria ->Temp folder emptied: 382297 bytes ->Temporary Internet Files folder emptied: 476541163 bytes ->Java cache emptied: 806722 bytes ->FireFox cache emptied: 26199662 bytes ->Google Chrome cache emptied: 242387099 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 305874848 bytes RecycleBin emptied: 16186416 bytes Total Files Cleaned = 1.019,00 mb OTL by OldTimer - Version 3.2.42.1 log created on 05022012_174348 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Zitat:
Ich kann aus der Datei leider keine Zip-Datei estellen, da beim Komprimieren AntiVir sich meldet und sagt das sich in dieser Datei der TR/ATRAPS.Gen befindet. Was nun?? PS Benutze keine Winzip sondern 7-Zip |
|
02.05.2012, 18:34
| #7 | |
| /// Malware-holic | AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2012, 20:49
| #8 |
| | AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? Hi, hier das Logfile con Combofix Hoffentlich ist jetzt wieder alles ok...  Combofix Logfile: Code:
ATTFilter ComboFix 12-05-02.03 - Chria 02.05.2012 21:18:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.952 [GMT 2:00]
ausgeführt von:: c:\users\Chria\Download\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chria\setup_dm_Fotowelt.exe
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-02 bis 2012-05-02 ))))))))))))))))))))))))))))))
.
.
2012-05-02 15:43 . 2012-05-02 16:02 -------- d-----w- C:\_OTL
2012-05-02 15:38 . 2012-04-18 01:06 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4E7EA12-4DFD-4EA7-8BB1-3324278ACF11}\mpengine.dll
2012-04-30 07:12 . 2012-04-18 01:06 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-27 18:48 . 2012-04-27 18:48 -------- d-----w- c:\users\Chria\AppData\Roaming\Malwarebytes
2012-04-27 18:47 . 2012-04-27 18:47 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 18:47 . 2012-04-27 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-27 18:47 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 12:36 . 2012-02-09 11:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4EB01C5-0D3E-43E6-AB41-8D31422AA3DC}\gapaengine.dll
2012-04-27 12:25 . 2012-04-27 12:26 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-27 12:23 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-27 10:02 . 2012-04-18 01:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA3DC89C-2A41-4560-B50B-A075A607DBFD}\mpengine.dll
2012-04-24 08:37 . 2012-04-24 08:37 -------- d-----w- c:\program files\Microsoft
2012-04-20 14:01 . 2012-04-30 12:09 -------- d-----w- c:\program files\7-Zip
2012-04-20 12:11 . 2012-04-20 12:11 -------- d-----w- c:\windows\system32\syncdb
2012-04-11 08:35 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:35 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:35 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:35 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:33 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:33 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 07:59 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-05 10:18 . 2012-04-05 10:18 388096 ----a-r- c:\users\Chria\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-05 10:18 . 2012-04-05 10:18 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 18:02 . 2012-03-30 18:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 18:02 . 2011-10-14 18:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 18:44 . 2012-03-20 18:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-24 10:24 . 2010-04-28 13:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 19:23 . 2012-02-09 13:02 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-14 15:45 . 2012-03-14 08:29 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 08:29 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-13 14:12 . 2012-03-14 08:29 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 08:29 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 08:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-09-29 07:09 . 2011-10-21 13:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Chria^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Chria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-12-11 16:27 530552 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- e:\adobe photoshop cs4\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- e:\adobe photoshop cs4\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2012-03-01 21:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 15:29 385024 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-08-22 08:01 593920 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2008-11-03 12:21 339240 ----a-w- c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-02-09 11:43 160840 ----a-w- c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2011-12-23 14:28 41472 ----a-w- c:\program files\phonostar-Player\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-12-14 18:09 493688 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-21 18:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2006-12-15 16:11 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:02]
.
2012-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-21 08:16]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:23]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\Chria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Chria\AppData\Roaming\Mozilla\Firefox\Profiles\k1yx9jw5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe
AddRemove-T-Com Konfigurator Eumex 400 - c:\windows\IsUn0407.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA} - c:\program files\HP\Digital Imaging\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}\setup\hpzscr01.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\devolo\dlan\devolonetsvc.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-02 21:42:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-05-02 19:40
.
Vor Suchlauf: 10 Verzeichnis(se), 23.356.854.272 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 22.992.654.336 Bytes frei
.
- - End Of File - - 04C42D67C58DFF6D35BE26A51AFACA0E
|
|
03.05.2012, 10:07
| #9 |
| /// Malware-holic | AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? Öffne mal malwarebytes, berichte, poste alle logfiles, danke
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun?? |
| absolut, antivir, avira, avira antivir, erhalte, folge, folgende, folgenden, folgendes, gefunde, gelöscht, konnte, malwarebytes, problem, rojaner gefunden, sicherheitshinweis, system, total, tr/atraps.gen, troja, trojaner, trojaner gefunden, trojaner gefunden tr/atraps.gen, trojaner tr/atraps.gen, trojaner-board, verzweifelt, woche, wochen, ziemlich |
Linear-Darstellung
