| |
| |||||||
Log-Analyse und Auswertung: Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GENWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.08.2012, 07:06
| #1 |
| |  Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN Einen schönen guten Abend! Auch ich bin neu hier und hoffe, dass ich nicht allzuviel falsch mache. Man möge es mir verzeihen, ich tu mein bestes. Eine kurze Schilderung meines Problems: Vor ein paar Tagen hat Antivir (einzige Antivirensoftware meines Notebooks) in ziemlich rascher Frequenz die gleichen Fundmeldungen gebracht. Einmal war es der TR/ATRAPS.GEN und ein anderes mal war es der TR/ATRAPS.GEN. Ich habe beide immer wieder von Antivir in die Quarantäne legen lassen, leder vergebens, das Ganze tauchte immer wieder auf. Nun taucht es nicht mehr auf - jedoch nicht weil es erfolgreich besiegt wurde sondern weil der Echtzeit-Scanner von Antivir einfach lahm gelegt wurde. Der Schirm ist geschlossen und ich habe keine Möglichkeit diesen wieder aufzubekommen. Ich habe mich schon erkundigt und die kuriosesten Hinweise gefunden. Der beste Hinweis kam von hier und zwar dass man einfach Logfiles posten soll, genauso wie ESET durchlaufen lassen soll. Dies hab ich mal beides gemacht und hier ist zu Erst die Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.03.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lukas :: NOTEBOOK_LUKAS [Administrator] 03.08.2012 21:46:15 mbam-log-2012-08-03 (21-46-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 523613 Laufzeit: 1 Stunde(n), 57 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\Installer\{006C1A57-AFDF-52F5-DC42-D8D3BC0B91DD}\syshost.exe (Trojan.Dropper.Necurs) -> 2200 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\syshost32 (Trojan.Dropper.Necurs) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Windows\Installer\{006C1A57-AFDF-52F5-DC42-D8D3BC0B91DD}\syshost.exe (Trojan.Dropper.Necurs) -> Löschen bei Neustart. C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\H@tKeysH@@k.DLL (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\regedit.exe (Trojan.Agent) -> Löschen bei Neustart. (Ende) Code:
ATTFilter C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS0YIQUW\JDownloaderSetup_CH5[1].exe a variant of Win32/InstallCore.AF application
C:\Users\Lukas\AppData\Local\Temp\262183938.exe a variant of Win32/Kryptik.AJIK trojan
C:\Users\Lukas\AppData\Local\Temp\jar_cache142006909864784727.tmp a variant of Java/Exploit.CVE-2012-0507.DD trojan
C:\Users\Lukas\AppData\Local\Temp\SetupDataMngr_BearShare.exe Win32/Toolbar.SearchSuite application
C:\Users\Lukas\AppData\Local\Temp\is1070216317\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\53a71556-25203a53 multiple threats
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\6afb725f-4c83d32c Java/Exploit.Agent.NAY trojan
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\74de1e68-778b9874 Java/Exploit.CVE-2012-0507.BT trojan
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\115675fa-613d814a Java/Exploit.Agent.AB trojan
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\70fb8ffb-5bfc06d3 Java/TrojanDownloader.Agent.NDR trojan
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\556badbd-29bd3721 Java/Exploit.Agent.NAY trojan
C:\Windows\Installer\{006C1A57-AFDF-52F5-DC42-D8D3BC0B91DD}\syshost.exe a variant of Win32/Kryptik.AJFW trojan
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\n Win64/Sirefef.W trojan
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\80000000.@ Win64/Sirefef.AL trojan
C:\Windows\System32\H@tKeysH@@k.DLL Win32/HackTool.HotKeysHook application
C:\Windows\SysWOW64\H@tKeysH@@k.DLL Win32/HackTool.HotKeysHook application
Operating memory a variant of Win32/Wigon.PB trojan
Noch eine gute Nacht, Lukas |
|
05.08.2012, 01:41
| #2 |
| /// Helfer-Team  | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
05.08.2012, 10:31
| #3 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN Hi!
__________________Erst einmal danke für die weiterführenden Schritte. Ich habe OTL mal durchlaufenlassen. Was neu ist, Windows zeigt ständig Fehlermeldungen, dass irgendwelche Dateien nicht mehr existieren oder fehlerhaft sind. So kann ich den Taskmanager auch nicht mehr starten weil "pcwum.dll" nicht zu finden. Nunja wie dem auch sei, folgende Logfiles hat's gegeben: Logfile 1(OTL) Code:
ATTFilter OTL logfile created on: 05.08.2012 11:21:16 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Lukas\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,29% Memory free 15,90 Gb Paging File | 13,67 Gb Available in Paging File | 85,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 387,54 Gb Total Space | 117,35 Gb Free Space | 30,28% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK_LUKAS | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lukas\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.) PRC - C:\Users\Lukas\lapqeteazore.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Lukas\Documents\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Users\Lukas\Documents\xampp\mysql\bin\mysqld.exe () PRC - C:\Users\Lukas\Documents\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (738ee479cdefbaee) -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Apache2.2) -- C:\Users\Lukas\Documents\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (mysql) -- C:\Users\Lukas\Documents\xampp\mysql\bin\mysqld.exe () SRV - (FileZilla Server) -- C:\Users\Lukas\Documents\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe () SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys () DRV:64bit: - (738ee479cdefbaee) -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys () DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys () DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys () DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys () DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\Drivers\uim_vimx64.sys () DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\DRIVERS\IntcDAud.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys () DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys () DRV:64bit: - (ak1avs) -- C:\Windows\SysNative\Drivers\ak1avs.sys () DRV:64bit: - (ak1usb_svc) -- C:\Windows\SysNative\Drivers\ak1usb.sys () DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys () DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys () DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys () DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys () DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\tsusbflt.sys () DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys () DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\synth3dvsc.sys () DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys () DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys () DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys () DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys () DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\DRIVERS\HECIx64.sys () DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\DRIVERS\InputFilter_FlexDef2b.sys () DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys () DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys () DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys () DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys () DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys () DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys () DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys () DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys () DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys () DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys () DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys () DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys () DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 34 9E D1 D9 DA CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2012.05.01 19:00:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.03 21:35:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.03 21:35:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\l1ehoxqn.default\extensions\mail@gutscheinrausch.de [2012.01.29 10:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2012.08.04 17:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\l1ehoxqn.default\extensions [2012.08.03 21:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.03 21:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.02.18 20:59:10 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.08.02 16:21:41 | 000,013,136 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\INFO@ELIME.BE.XPI [2012.07.19 21:42:07 | 000,017,492 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\NEWTABMOD@BYTEDISORDER.COM.XPI [2012.03.22 23:58:49 | 000,129,384 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\SCILORSGROOVEUNLOCKER@SCILOR.COM.XPI [2012.08.03 21:35:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.26 15:06:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.07.09 17:50:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.20 16:05:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.09 17:50:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.09 17:50:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.09 17:50:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.09 17:50:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.06.02 02:11:36 | 000,003,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 71 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [lapqeteazore] C:\Users\Lukas\lapqeteazore.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{870D15D3-C4C2-41E7-A5D0-442D5253584F}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{928B21E6-80B6-4A09-B62F-9BDF205AAF96}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\Shell - "" = AutoRun O33 - MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\Shell - "" = AutoRun O33 - MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\Shell - "" = AutoRun O33 - MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\Shell - "" = AutoRun O33 - MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\Shell\AutoRun\command - "" = F:\start.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 23:06:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{E6A1A833-67B5-4859-8B6E-98149C1CB260} [2012.08.04 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{581EFE1A-DB46-4D11-B00E-3FEAA8BA3920} [2012.08.04 10:21:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{2BCE4CC4-5E8A-4A4F-B1C2-B3B3E0964A79} [2012.08.04 10:21:21 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{62C426EA-18BA-4D04-8F3D-7C4583736989} [2012.08.03 22:20:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{72524609-C62E-4334-8C66-D8CC90F3EC3F} [2012.08.03 22:20:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{12AAB31E-ED88-47F2-AF6A-DA128B085057} [2012.08.03 21:45:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes [2012.08.03 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.03 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.03 21:45:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.03 21:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.03 21:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.08.03 21:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.08.03 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{129BD54F-1ABA-48A4-B303-56C174971084} [2012.08.03 10:19:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3AABCFF9-28A6-4E10-9347-276329299A11} [2012.08.02 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{0E7E3E8C-372B-4EE3-A508-1390D54579F3} [2012.08.02 20:06:55 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{B14AEE14-A799-46D9-A59B-111A7320F369} [2012.08.02 16:03:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\workspace [2012.08.02 16:02:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\eclipse [2012.08.02 08:06:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{759016A8-A494-40B6-BDDF-910EF9E4FE47} [2012.08.02 08:06:17 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{718F61F3-B2D1-4C0B-ABEF-2259D01D0E90} [2012.08.01 11:13:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{04285DDD-99F2-403D-9A48-055D277B390E} [2012.08.01 11:13:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{4ADB0A6D-64ED-4E3C-B1DC-39B0A9E87CD1} [2012.07.31 21:35:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{F30C7FBA-1AA1-4D23-8E31-D3AD3FFE7C99} [2012.07.31 21:34:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{5F60641C-D475-4446-BC09-E59286C0EA95} [2012.07.31 09:34:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{78D7BDEB-F19D-4394-99CA-019F5CB863BD} [2012.07.31 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3BCAEB0B-D1CA-4400-B9D6-C888F9593A00} [2012.07.30 19:51:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{D74EE2BC-1273-4759-ABD3-7CA145912AC8} [2012.07.30 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{556AC4E3-94DA-4173-A61B-8FADF4EB49F0} [2012.07.30 06:15:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{822FE345-12CB-4525-BD42-05104B1F3B31} [2012.07.30 06:15:02 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C0D91DEA-8ACC-4EC3-9272-26EB01C61473} [2012.07.29 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{6F96333C-4018-4D28-8705-62AE94E7C62C} [2012.07.29 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{00EDB114-582C-49C5-AA95-08CFAF3FF218} [2012.07.29 13:58:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{EDCCD211-1681-4F24-97F2-300FBD7F8BD4} [2012.07.29 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C8F84DA0-D550-47CD-BCD2-F4D8D53F0D30} [2012.07.29 00:01:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{D7EB7009-E53F-44CF-B488-CAC6D3C828A9} [2012.07.29 00:00:55 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{5BD7DAA7-0550-487E-B355-8611052FE9EB} [2012.07.28 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{04A29FB5-63B8-44A9-A3CC-E5B1C528B572} [2012.07.28 10:46:30 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C9D09AB7-9C69-475C-8078-D13C0E8E3773} [2012.07.27 08:39:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C5009F04-0C6D-4F67-8BED-BF7C510D7154} [2012.07.27 08:39:23 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1196D46D-40FA-4C06-B0D7-90012C97348B} [2012.07.26 20:38:57 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{BB5A5EB4-C91A-4CD7-B515-360294FD89C6} [2012.07.26 20:38:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{7F3714B2-A4C1-4706-9B2C-282E19145F00} [2012.07.26 08:38:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{718A6A70-EE12-4571-B89D-4DFB1CB5819B} [2012.07.26 08:38:08 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3536EB19-266E-4692-889F-99716FF5C698} [2012.07.25 20:13:02 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{49223E55-FD97-457E-86C3-19BE3C5651FF} [2012.07.25 20:12:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{8FCCD218-E9FA-4A14-9F50-804B40DB2EC6} [2012.07.25 08:12:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{65BD8A7E-AAAE-443F-9202-3C85648EB5AE} [2012.07.25 08:12:13 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{7232195A-E579-4ED0-86AA-F1D603D3E011} [2012.07.24 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{F47B9CEA-71DC-461D-AAD4-82F48344402E} [2012.07.24 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{39B05986-9BCD-424A-8A7B-63EFC2271FB4} [2012.07.24 01:23:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{0FFF76CF-391B-419B-A666-D83B900574DB} [2012.07.24 01:22:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{52E7C5FE-65AF-4DC1-A201-F8FAD49CD603} [2012.07.23 13:22:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1BCE81D5-AA69-46D0-B9DE-00F034FBA3EB} [2012.07.23 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{9C880A9C-F5EA-4FF2-ACCD-632B6A61C29A} [2012.07.22 10:27:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{13476589-F464-4616-A87C-1105F032A5EC} [2012.07.22 10:26:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3BEB1EA8-34EA-4E58-A4FC-6AC7354C2EC3} [2012.07.21 21:01:55 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{7A020665-F9C9-40E5-B91E-A8FA875D38D4} [2012.07.21 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{017CF8F4-DB47-4E96-9478-472AF6DB5D01} [2012.07.21 09:01:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{515B148A-4DCA-4B60-9B20-0326A23114E0} [2012.07.21 09:00:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1E03AAF5-254E-4219-8DC8-7A833B874420} [2012.07.20 21:00:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{9829D301-43E7-4C4F-B9D6-1A968FE6814C} [2012.07.20 20:59:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{ABDC4C02-4B66-43E6-A22F-649B4819B7F1} [2012.07.20 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{4FDC1E79-A49C-4A6E-B6DE-82ACCE03EA77} [2012.07.20 08:59:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{87D94C98-01AF-49AB-9294-650C570797D1} [2012.07.19 20:58:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{098D84CC-CD23-4B49-B2C4-73C1C2047729} [2012.07.19 20:58:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{0A77D450-90D8-4EBB-81F6-E4DE0E63D7EB} [2012.07.19 08:57:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{2B29211A-FB42-4DC7-8DE8-376BE5520B73} [2012.07.19 08:56:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{B0CD3E0B-779D-4A21-827A-46FDFBA0D99C} [2012.07.18 20:56:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{56019E05-FF5F-49A2-8652-D41341B912FA} [2012.07.18 20:55:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{A01DC020-83AD-484A-BE02-AF5D058565D1} [2012.07.18 08:55:41 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{E4CA43A9-8D86-42D3-AE1C-000D10D10DD6} [2012.07.18 08:55:19 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{55A4E710-18E3-4168-8297-2A09267FEDB5} [2012.07.17 20:48:47 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{39AFFE83-9D1A-4D56-BABA-83377CA2B920} [2012.07.17 20:48:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{5F7CEED3-9F0E-46D9-9833-5B522BD3E9C3} [2012.07.17 08:48:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3A16DF7D-EB51-4F80-912F-0E4C2B4ACB21} [2012.07.17 08:47:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{CDEBACFE-CC39-4301-B028-7B688B3AC9C1} [2012.07.16 19:47:03 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{8F8EF716-C8A4-42B4-8CBF-9A9C6109C746} [2012.07.16 19:44:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{E062145F-82F2-4914-8A09-55684B574C82} [2012.07.16 07:43:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{2EC456B0-B388-455C-AB38-563E95DC6EA4} [2012.07.16 07:43:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{F27C71A8-0BEE-4C92-BFE8-64E656C2DBA1} [2012.07.15 19:43:26 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{4E81E0CE-135B-4035-BB3C-8F0E89827F40} [2012.07.15 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{AF8C7AC6-E61B-4630-A751-1614F4AB225F} [2012.07.14 22:07:00 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{CDCB0FC7-B0C5-4215-A974-11488EDB4077} [2012.07.14 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3EF88E5A-222A-4B30-AF44-476C34A96D44} [2012.07.14 10:06:22 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{0644D0F1-95A1-4AAF-A56C-E9CBBE84274B} [2012.07.14 10:06:09 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{41D0A550-7CB4-4531-BA2F-A0C013B77C23} [2012.07.13 09:42:47 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{929042B4-CCF8-43C9-9750-68A236934A37} [2012.07.13 09:42:35 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{F2FD00B7-041D-46FE-AD57-FE4AFA9A6478} [2012.07.12 21:42:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{02DD909C-5188-4520-8DE4-67579D99DB7D} [2012.07.12 21:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{92BD13E5-1988-4647-8DFA-E18148EB3C3D} [2012.07.12 09:41:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{E6ED21C7-1AB4-4D73-9CEE-58751D56882B} [2012.07.12 09:41:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{659ADFA2-0A6C-4CC1-94ED-64E249F99293} [2012.07.11 00:23:41 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1C379E1C-C17C-4907-934B-F669A5E08AA2} [2012.07.11 00:23:30 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{3EC773CF-7F18-4A6A-B1D3-BED26CAE3ED4} [2012.07.10 12:23:04 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{809FEE29-95A7-491B-B453-B30222B6C1D5} [2012.07.10 12:22:52 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{D665E085-726D-4410-BDF3-73A55A585ACD} [2012.07.09 21:42:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{68737564-B661-49F5-AD5E-3AAEE629D471} [2012.07.09 21:42:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{1252D90F-FD16-4A0D-95E5-A68B5B6AF090} [2012.07.09 09:42:21 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{95B9D38D-453A-4B2C-9150-AD0A5FFBBC08} [2012.07.09 09:42:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{8271BEAC-EB2C-4CB9-B73B-E9E51AE36B44} [2012.07.08 13:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{62C5A8C4-FCBA-4980-A0C7-C2EF84594C9B} [2012.07.08 13:25:12 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{4AB9461B-A78D-4B53-9579-48C9D39C58FE} [2012.07.07 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{505D0D58-1C84-4451-966F-274E79E222AF} [2012.07.07 16:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{B0F8BCC0-3592-4184-8C23-62E173ADAA74} [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.05 11:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.05 10:41:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.04 20:41:41 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.04 20:41:41 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.04 20:41:41 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.04 20:41:41 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.04 20:41:41 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.04 20:40:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.04 20:37:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 20:37:11 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys [2012.08.04 14:01:52 | 000,132,832 | ---- | M] () -- C:\Windows\SysNative\drivers\avipbb.sys [2012.08.04 14:01:52 | 000,027,760 | ---- | M] () -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.08.03 21:45:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.03 00:17:13 | 000,000,132 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.08.02 22:12:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.02 22:12:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.02 08:32:00 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.08.01 16:07:38 | 000,205,524 | ---- | M] () -- C:\Users\Lukas\Documents\ver4.pdf [2012.08.01 16:07:31 | 000,221,133 | ---- | M] () -- C:\Users\Lukas\Documents\ver3.pdf [2012.08.01 16:07:26 | 000,419,018 | ---- | M] () -- C:\Users\Lukas\Documents\ver2.pdf [2012.08.01 16:07:22 | 000,841,321 | ---- | M] () -- C:\Users\Lukas\Documents\ver.pdf [2012.08.01 15:14:28 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 15:14:28 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 14:47:42 | 000,083,912 | ---- | M] () -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys [2012.08.01 14:45:03 | 000,090,584 | ---- | M] () -- C:\Users\Lukas\lapqeteazore.exe [2012.07.23 21:37:50 | 000,002,037 | ---- | M] () -- C:\Users\Lukas\Desktop\JDownloader.lnk [2012.07.18 08:27:50 | 004,998,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.17 09:40:02 | 000,000,132 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Adobe AIFF Format CS5 Prefs [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.04 14:02:02 | 000,027,760 | ---- | C] () -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.08.04 14:02:01 | 000,132,832 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys [2012.08.03 21:45:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.01 16:23:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\800000cb.@ [2012.08.01 16:22:57 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\80000000.@ [2012.08.01 16:07:38 | 000,205,524 | ---- | C] () -- C:\Users\Lukas\Documents\ver4.pdf [2012.08.01 16:07:31 | 000,221,133 | ---- | C] () -- C:\Users\Lukas\Documents\ver3.pdf [2012.08.01 16:07:26 | 000,419,018 | ---- | C] () -- C:\Users\Lukas\Documents\ver2.pdf [2012.08.01 16:07:22 | 000,841,321 | ---- | C] () -- C:\Users\Lukas\Documents\ver.pdf [2012.08.01 14:47:42 | 000,083,912 | ---- | C] () -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys [2012.08.01 14:45:29 | 000,090,584 | ---- | C] () -- C:\Users\Lukas\lapqeteazore.exe [2012.08.01 14:45:14 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\00000001.@ [2012.07.29 13:57:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.23 21:37:50 | 000,002,037 | ---- | C] () -- C:\Users\Lukas\Desktop\JDownloader.lnk [2012.07.17 09:40:02 | 000,000,132 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Adobe AIFF Format CS5 Prefs [2012.06.02 15:18:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@ [2012.06.02 15:18:18 | 000,002,048 | -HS- | C] () -- C:\Users\Lukas\AppData\Local\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@ [2012.05.02 22:25:26 | 000,000,132 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.03.02 20:39:39 | 000,000,473 | ---- | C] () -- C:\Windows\zelscope.ini [2012.02.27 07:10:49 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.02.18 18:52:12 | 000,000,700 | ---- | C] () -- C:\Windows\wiso.ini [2012.02.07 08:53:31 | 000,003,584 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.29 10:25:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.01.26 01:21:57 | 000,078,717 | ---- | C] () -- C:\Windows\hpqins05.dat [2012.01.26 00:45:59 | 000,184,150 | ---- | C] () -- C:\Windows\hpoins46.dat.temp [2012.01.26 00:45:59 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp [2012.01.25 23:26:16 | 000,211,056 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL [2012.01.25 14:15:32 | 000,217,119 | ---- | C] () -- C:\Windows\hpoins46.dat [2012.01.25 14:15:32 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat [2012.01.25 11:56:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012.01.24 23:00:32 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.01.24 22:36:19 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.01.24 22:33:20 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.26 12:54:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.26 12:53:54 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.26 12:53:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.26 12:53:48 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.08.26 12:53:48 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Lukas\Downloads:Shareaza.GUID < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.08.2012 11:21:16 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Lukas\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,29% Memory free
15,90 Gb Paging File | 13,67 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 387,54 Gb Total Space | 117,35 Gb Free Space | 30,28% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK_LUKAS | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2380258265-3006174749-279724184-1001]
"EnableNotifications" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{82E3FBCE-9BA2-44E3-9FF9-EFE9E8B70131}" = Oracle VM VirtualBox 4.0.4
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SpeedCommander 13 (x64)" = SpeedCommander 13 (x64)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{59E13EA0-9604-47DF-BEB7-3651E6E09221}" = Scope
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B91D6B0B-296F-421D-B697-EE5F4F09AB18}" = Zelscope
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BDD94A53-3F42-48ED-BB61-B3F85AE93EEE}_is1" = Chicken Invaders 4 Osteredition Version 4.13int
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C9BEFDFB-A2DD-4D88-881C-3B303CCE384E}" = ActiveState Komodo Edit 7.0.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4911E92-A059-4901-8AB3-8638B6D96456}_is1" = Groovedown Version 0.84
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1&1 SoftPhone" = 1&1 SoftPhone
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blend_4.0.20525.0" = Microsoft Expression Blend 4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Debut" = Debut Video Capture Software
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Emperor" = Emperor - Schlacht um Dune
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader 5.1
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"ID3-TagIT 3_is1" = ID3-TagIT 3
"ImgBurn" = ImgBurn
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Service Center" = Native Instruments Service Center
"Nvu_is1" = Nvu 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"Verbindungsassistent" = Verbindungsassistent
"VGEE" = Vista Game Explorer Editor
"Virtual Guitarist" = Steinberg Virtual Guitarist
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"World of Warcraft" = World of Warcraft
"X - Beyond the Frontier" = X - Beyond the Frontier
"xampp" = XAMPP 1.7.7
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.7.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VirtuaGirl_is1" = VirtuaGirl Version 1.1.0.12
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2012 22:25:34 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0xfb8 Startzeit der fehlerhaften Anwendung: 0x01cd72b198075cdd
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: d5b8aa7e-dea4-11e1-8584-ec9a743e8b9e
Error - 04.08.2012 22:45:30 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x4ec Startzeit der fehlerhaften Anwendung: 0x01cd72b460611263
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 9e14c164-dea7-11e1-8584-ec9a743e8b9e
Error - 04.08.2012 22:45:30 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0xfe4 Startzeit der fehlerhaften Anwendung: 0x01cd72b4606a97e4
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 9e1e46e5-dea7-11e1-8584-ec9a743e8b9e
Error - 04.08.2012 23:06:33 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x544 Startzeit der fehlerhaften Anwendung: 0x01cd72b7514d944e
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 8f03a4af-deaa-11e1-8584-ec9a743e8b9e
Error - 04.08.2012 23:06:33 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x1094 Startzeit der fehlerhaften Anwendung: 0x01cd72b7515719cf
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 8f0ac8d0-deaa-11e1-8584-ec9a743e8b9e
Error - 04.08.2012 23:21:10 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x1294 Startzeit der fehlerhaften Anwendung: 0x01cd72b95c1cecf5
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 99d2fd56-deac-11e1-8584-ec9a743e8b9e
Error - 04.08.2012 23:21:10 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x4b4 Startzeit der fehlerhaften Anwendung: 0x01cd72b95c267276
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 99da2177-deac-11e1-8584-ec9a743e8b9e
Error - 05.08.2012 00:16:31 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x1258 Startzeit der fehlerhaften Anwendung: 0x01cd72c1179d54f2
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 55536553-deb4-11e1-8584-ec9a743e8b9e
Error - 05.08.2012 00:16:31 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x1100 Startzeit der fehlerhaften Anwendung: 0x01cd72c117a6da73
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 555a8974-deb4-11e1-8584-ec9a743e8b9e
Error - 05.08.2012 00:37:41 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x10a0 Startzeit der fehlerhaften Anwendung: 0x01cd72c40c85b50e
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 4a39640f-deb7-11e1-8584-ec9a743e8b9e
Error - 05.08.2012 00:37:41 | Computer Name = Notebook_Lukas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc06d007f Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0xde0 Startzeit der fehlerhaften Anwendung: 0x01cd72c40c8cd92f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 4a408830-deb7-11e1-8584-ec9a743e8b9e
[ System Events ]
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 06.05.2012 10:12:56 | Computer Name = Notebook_Lukas | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 08.05.2012 05:36:58 | Computer Name = Notebook_Lukas | Source = Service Control Manager | ID = 7030
Description = Der Dienst "FileZilla Server FTP server" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 09.05.2012 11:57:57 | Computer Name = Notebook_Lukas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 10.05.2012 00:43:34 | Computer Name = Notebook_Lukas | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
< End of report >
|
|
05.08.2012, 11:59
| #4 |
| /// Helfer-Team | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - C:\Users\Lukas\lapqeteazore.exe ()
SRV:64bit: - (738ee479cdefbaee) -- C:\Windows\SysNative\drivers\738ee479cdefbaee.sys ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found
[2012.07.19 21:42:07 | 000,017,492 | ---- | M] () (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\NEWTABMOD@BYTEDISORDER.COM.XPI
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [lapqeteazore] C:\Users\Lukas\lapqeteazore.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\Shell - "" = AutoRun
O33 - MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\Shell - "" = AutoRun
O33 - MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\Shell - "" = AutoRun
O33 - MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\Shell - "" = AutoRun
O33 - MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.08.01 14:45:03 | 000,090,584 | ---- | M] () -- C:\Users\Lukas\lapqeteazore.exe
@Alternate Data Stream - 16 bytes -> C:\Users\Lukas\Downloads:Shareaza.GUID
[2012.08.05 11:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 10:41:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.04 20:40:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.01 14:45:14 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\00000001.@
[2012.08.01 16:23:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\800000cb.@
[2012.08.01 16:22:57 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\80000000.@
[2012.07.29 13:58:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{EDCCD211-1681-4F24-97F2-300FBD7F8BD4}
[2012.07.29 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{C8F84DA0-D550-47CD-BCD2-F4D8D53F0D30}
[2012.06.02 15:18:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@
[2012.06.02 15:18:18 | 000,002,048 | -HS- | C] () -- C:\Users\Lukas\AppData\Local\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
05.08.2012, 14:59
| #5 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN Hi! Taskmanager lässt sich wieder öffnen, Antivir Echtzeit-Scanner geht nach wie vor nicht - leider. Dennoch schonmal vielen Dank für die wirkungsvolle Hilfe! Hier der Logfile vom Fixen im OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Unable to kill active process lapqeteazore.exe!
Error: No service named 738ee479cdefbaee was found to stop!
Service\Driver key 738ee479cdefbaee not found.
File C:\Windows\SysNative\drivers\738ee479cdefbaee.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: 4 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00\ deleted successfully.
C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1EHOXQN.DEFAULT\EXTENSIONS\NEWTABMOD@BYTEDISORDER.COM.XPI moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lapqeteazore deleted successfully.
File C:\Users\Lukas\lapqeteazore.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bd03c93-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bd03c98-ac88-11e1-ab5d-ec9a743e8b9e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ca22313-4e27-11e1-9dee-ec9a743e8b9e}\ not found.
File E:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbd20e35-4734-11e1-945d-94503fe858b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbd20e35-4734-11e1-945d-94503fe858b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbd20e35-4734-11e1-945d-94503fe858b6}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
C:\Windows\SysWow64\REN8759.tmp deleted successfully.
C:\Windows\SysWow64\REN875A.tmp deleted successfully.
C:\Windows\SysWow64\REN875B.tmp deleted successfully.
File C:\Users\Lukas\lapqeteazore.exe not found.
Unable to delete ADS C:\Users\Lukas\Downloads:Shareaza.GUID .
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\00000001.@ moved successfully.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\U\80000000.@ moved successfully.
C:\Users\Lukas\AppData\Local\{EDCCD211-1681-4F24-97F2-300FBD7F8BD4} folder moved successfully.
C:\Users\Lukas\AppData\Local\{C8F84DA0-D550-47CD-BCD2-F4D8D53F0D30} folder moved successfully.
C:\Windows\Installer\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@ moved successfully.
C:\Users\Lukas\AppData\Local\{53ead68d-40ec-2adc-a57c-6f72105897c5}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lukas\Downloads\cmd.bat deleted successfully.
C:\Users\Lukas\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
User: Default User
User: Lukas
->Temp folder emptied: 3197976507 bytes
->Temporary Internet Files folder emptied: 445485213 bytes
->Java cache emptied: 2432235 bytes
->FireFox cache emptied: 1117782774 bytes
->Google Chrome cache emptied: 7658869 bytes
->Flash cache emptied: 61986 bytes
User: Public
User: Silvia
->Temp folder emptied: 34655 bytes
->Temporary Internet Files folder emptied: 824206 bytes
->Flash cache emptied: 56502 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83872264 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66647883 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 758 bytes
RecycleBin emptied: 16096460753 bytes
Total Files Cleaned = 20.046,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
User: Lukas
->Flash cache emptied: 0 bytes
User: Public
User: Silvia
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08052012_154511
Files\Folders moved on Reboot...
File\Folder C:\Users\Lukas\AppData\Local\Temp\etilqs_63I2Wso1E6w2zcE not found!
C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Lukas\AppData\Local\Temp\~DF96DC2F3D7933B121.TMP not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\~DFEA6804C92BC69DD2.TMP not found!
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\urlclassifier3.sqlite moved successfully.
PendingFileRenameOperations files...
File C:\Users\Lukas\AppData\Local\Temp\etilqs_63I2Wso1E6w2zcE not found!
File C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Lukas\AppData\Local\Temp\~DF96DC2F3D7933B121.TMP not found!
File C:\Users\Lukas\AppData\Local\Temp\~DFEA6804C92BC69DD2.TMP not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\startupCache\startupCache.4.little not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_001_ not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_002_ not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_003_ not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\Cache\_CACHE_MAP_ not found!
File C:\Users\Lukas\AppData\Local\Mozilla\Firefox\Profiles\l1ehoxqn.default\urlclassifier3.sqlite not found!
Registry entries deleted on Reboot...
|
|
05.08.2012, 20:36
| #6 |
| /// Helfer-Team | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN |
|
06.08.2012, 06:19
| #7 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN Hab'ick jemacht! Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.03.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lukas :: NOTEBOOK_LUKAS [Administrator] 06.08.2012 02:30:33 mbam-log-2012-08-06 (02-30-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 502817 Laufzeit: 53 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/06/2012 at 02:29:45
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Lukas - NOTEBOOK_LUKAS
# Running from : C:\Users\Lukas\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Lukas\AppData\Local\vghd
Folder Found : C:\Users\Lukas\AppData\Roaming\QuickStoresToolbar
Folder Found : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\l1ehoxqn.default\extensions\plugin@yontoo.com
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
File Found : C:\Users\Lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Found : C:\Users\Lukas\Desktop\QuickStores.url
***** [Registry] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0 (de)
Profile name : default
File : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\l1ehoxqn.default\prefs.js
Found : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Found : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,SciLorsGrooveUnlocker@scilor[...]
Found : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);
-\\ Google Chrome v21.0.1180.60
File : C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [5688 octets] - [06/08/2012 02:29:45]
########## EOF - C:\AdwCleaner[R1].txt - [5816 octets] ##########
|
|
06.08.2012, 15:23
| #8 |
| /// Helfer-Team | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
23.08.2012, 00:01
| #9 |
| /// Helfer-Team | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN |
| administrator, anti-malware, antivir, appdata, autostart, blockiert, code, dateien, echtzeit-scanner, explorer, falsch, gelöscht, java/exploit.cve-2012-0507.dd, lahm, logfiles, löschen, malwarebytes, microsoft, neu, nicht mehr, services, software, speicher, syshost.exe, syshost32, system32, tr/atraps.gen, trojan.agent, variant, win32/hacktool.cheatengine.ab |
Linear-Darstellung
