Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Log-Analyse und Auswertung: Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 09.10.2012, 15:04   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.10.2012, 23:52   #17
NaSa
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.10.2012 23:02:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,22% Memory free
4,23 Gb Paging File | 3,31 Gb Available in Paging File | 78,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 18,48 Gb Free Space | 27,43% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
 
Computer Name: SHC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 22:59:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.13 11:08:08 | 000,103,936 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\swriter.exe
PRC - [2012.08.09 18:48:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:13:33 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () -- c:\Programme\Ocster Backup\bin\backupService-ox.exe
PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.07.03 00:20:26 | 000,148,856 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Inputps.exe
PRC - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
MOD - [2011.06.22 10:47:12 | 000,540,672 | ---- | M] () -- C:\WINDOWS\System32\spool\drivers\w32x86\3\ssp6mdu.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 15:27:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.29 13:58:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () [Auto | Running] -- c:\Programme\Ocster Backup\bin\backupService-ox.exe -- (ocster_backup)
SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe -- (Bufssvr)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$KONTOR_NET)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.01.09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (Evssrchpschm)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 13:13:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 13:13:40 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011.03.26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.27 07:30:12 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.03.03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.07.10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.03.30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007.03.01 15:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006.11.30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.08.30 11:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 11:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 11:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bus.sys -- (ss_bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{2D2B8742-3259-4368-8CA7-2E5C8FCB04AE}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{554D6078-29FF-45D8-81E5-615E71F0A3DB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{AABB6A37-108F-434E-8945-D347908F88EC}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{FFB022B8-0115-4C5D-AE73-5F824281BCC7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9A39DDE1-B23B-49BA-A8BC-EC2F813C6214&apn_sauid=2D081756-F625-4114-9017-68424CEDD0D1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1011\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M]
 
[2009.09.11 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.10.08 20:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions
[2012.08.24 04:34:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 15:05:24 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\lp2ftooe.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2012.09.07 15:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 15:27:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 15:27:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.04 21:27:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:51:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.04 21:27:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.04 21:27:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.04 21:27:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.04 21:27:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2011.09.27 20:31:06 | 000,000,815 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1011..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10607FE8-97EB-4928-A7B0-E14D6C66E3C8}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C2F10C-B047-42E6-B164-41DB5472422D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78A6DE41-9CC5-491C-92EC-4284B1ED838B}: DhcpNameServer = 217.200.200.42 213.230.129.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe - (T-Mobile)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30F48640-8FF1-7D79-AB6F-B5273CFCC8FF} - Java (Sun)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4AADD1F0-17A8-4349-943F-9C7B5E3F9CB4} - Yahoo! Toolbar
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {765BB945-9769-4D3A-BEB3-D868972080C8} - NoIE8Tour
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {AFC982B5-04C4-4F74-E195-4CBF5AC46BAD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6097C7D-AF4E-4985-9A0C-F5611B5818BC} - Yahoo! Search Settings Update
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{DF356B79-C4CB-48FE-A37F-9DA402B270C1} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 22:59:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.10.07 21:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.07 21:31:15 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.10.06 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.10.06 17:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 17:56:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.06 17:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.01 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Neuer Ordner
[2012.09.24 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.24 23:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.24 23:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.09.17 09:11:40 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxxx
[2012.09.17 09:07:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxxx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.10.09 22:59:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.10.09 22:58:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 12:04:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 12:04:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 20:42:45 | 000,711,362 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.08 20:42:45 | 000,159,498 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.08 20:42:45 | 000,013,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.08 20:42:45 | 000,011,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 20:35:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.08 19:08:56 | 000,538,327 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.10.07 21:31:16 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.10.07 18:45:02 | 000,113,195 | ---- | M] () -- C:\Users\Christian\Desktop\Malwarebytes_Ansicht.jpg
[2012.10.06 22:54:27 | 000,302,592 | ---- | M] () -- C:\Users\Christian\Desktop\clvggjqo.exe
[2012.10.06 22:30:45 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2012.10.06 22:29:07 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.10.06 19:39:23 | 049,934,254 | ---- | M] () -- C:\Users\Christian\Desktop\xxxx.rar
[2012.10.06 17:56:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.05 19:56:38 | 000,001,032 | ---- | M] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk
[2012.09.24 23:26:57 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.19 10:23:51 | 003,876,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.17 14:23:18 | 000,011,874 | ---- | M] () -- C:\Users\Christian\Desktop\xxxx.ods
[2012.09.17 12:33:10 | 003,207,446 | ---- | M] () -- C:\Users\Christian\Desktop\xxxx.pdf
[2012.09.17 10:22:56 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.10.08 19:08:53 | 000,538,327 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.10.07 18:45:01 | 000,113,195 | ---- | C] () -- C:\Users\Christian\Desktop\Malwarebytes_Ansicht.jpg
[2012.10.06 22:54:24 | 000,302,592 | ---- | C] () -- C:\Users\Christian\Desktop\clvggjqo.exe
[2012.10.06 22:30:45 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2012.10.06 22:29:06 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.10.06 19:38:27 | 049,934,254 | ---- | C] () -- C:\Users\Christian\Desktop\xxxx.rar
[2012.10.06 17:56:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 23:26:57 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.24 23:19:01 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.09.17 10:22:56 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.17 10:22:56 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.22 05:06:41 | 000,001,456 | ---- | C] () -- C:\Users\Christian\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.30 05:31:47 | 000,000,077 | ---- | C] () -- C:\Users\Christian\Desktop.scf
[2012.04.16 00:06:07 | 000,000,240 | ---- | C] () -- C:\Users\Christian\Window Switcher.lnk
[2011.12.21 01:03:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.03 12:21:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.06.22 10:47:42 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp6ml3.dll
[2010.12.14 13:19:41 | 000,009,305 | R--- | C] () -- C:\Windows\UN090430.INI
[2009.12.30 10:40:42 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2009.08.12 12:15:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.09 10:50:24 | 000,036,864 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L
[2012.10.06 17:43:10 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U
[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.21 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.13 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.27 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen
[2012.10.05 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.10.05 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.12 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2011.09.24 13:13:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2009.12.20 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo
[2012.09.09 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2012.08.14 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDAppFlex
[2012.04.02 10:35:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SampleView
[2012.08.14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.31 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.17 11:21:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe
[2009.08.09 11:52:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AdobeUM
[2012.01.08 21:22:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2012.01.28 23:21:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Avira
[2012.08.21 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.13 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.27 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen
[2010.01.14 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DivX
[2012.10.05 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.10.05 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.12 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2011.09.24 13:13:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2009.08.12 09:36:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Google
[2009.08.09 10:34:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Hewlett-Packard
[2009.08.09 10:34:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities
[2009.08.09 10:29:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InstallShield
[2009.12.20 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo
[2009.08.12 09:28:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2012.10.06 17:56:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.08.16 01:53:38 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2009.09.11 22:24:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2012.09.09 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2012.09.09 11:41:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org2
[2012.08.14 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDAppFlex
[2009.10.16 10:13:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Roxio
[2012.04.02 10:35:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SampleView
[2012.10.06 04:12:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Skype
[2012.01.29 01:08:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\skypePM
[2012.08.14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.31 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2010.04.19 23:51:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.08.13 21:18:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.07.04 15:23:44 | 015,197,480 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.04.14 10:55:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.04.14 10:55:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.04.14 10:55:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.09.07 10:49:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.09.07 10:49:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.09.07 10:49:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.09.07 23:28:28 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.09.07 23:28:29 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<       >
[2006.11.02 14:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:58:10 | 000,032,536 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.01 12:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
--- --- ---
__________________
Alt 10.10.2012, 12:35   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
__________________
Alt 10.10.2012, 19:22   #19
NaSa
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Ja, ist komisch, ich habe alles nach Deiner Anleitung gemacht.

Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 10/10/2012 um 20:20:37 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Christian - SHC
# Bootmodus : Normal
# Ausgef�hrt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\lp2ftooe.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3089 octets] - [08/10/2012 19:09:25]
AdwCleaner[S1].txt - [3025 octets] - [08/10/2012 20:34:37]
AdwCleaner[R2].txt - [1057 octets] - [10/10/2012 20:20:37]

########## EOF - C:\AdwCleaner[R2].txt - [1117 octets] ##########
Ich verstehe zwar nichts davon, aber ich glaube, in diesem Log steht, dass keine unnötigen Dateien mehr gefunden wurden. Daher habe ich jetzt den OTL von meinem Desktop entfernt und neu heruntergeladen und anschliessend wieder alles wiederhollt was Du in 16 gepostet hast.
Wenn der Scan durch ist, melde ich mich wieder.

So hier das aktuelle OTL Log:
Code:
ATTFilter
OTL logfile created on: 10.10.2012 20:25:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,38% Memory free
4,23 Gb Paging File | 3,34 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 18,11 Gb Free Space | 26,88% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
 
Computer Name: SHC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 20:23:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.09 18:48:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:13:33 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () -- c:\Programme\Ocster Backup\bin\backupService-ox.exe
PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.07.03 00:20:26 | 000,148,856 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Inputps.exe
PRC - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
MOD - [2011.06.22 10:47:12 | 000,540,672 | ---- | M] () -- C:\WINDOWS\System32\spool\drivers\w32x86\3\ssp6mdu.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 15:27:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.29 13:58:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () [Auto | Running] -- c:\Programme\Ocster Backup\bin\backupService-ox.exe -- (ocster_backup)
SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe -- (Bufssvr)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$KONTOR_NET)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.01.09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (Evssrchpschm)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 13:13:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 13:13:40 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011.03.26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.27 07:30:12 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.03.03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.07.10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.03.30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007.03.01 15:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006.11.30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.08.30 11:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 11:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 11:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bus.sys -- (ss_bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{2D2B8742-3259-4368-8CA7-2E5C8FCB04AE}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{554D6078-29FF-45D8-81E5-615E71F0A3DB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{AABB6A37-108F-434E-8945-D347908F88EC}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{FFB022B8-0115-4C5D-AE73-5F824281BCC7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9A39DDE1-B23B-49BA-A8BC-EC2F813C6214&apn_sauid=2D081756-F625-4114-9017-68424CEDD0D1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1011\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M]
 
[2009.09.11 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.10.08 20:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions
[2012.08.24 04:34:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 15:05:24 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\lp2ftooe.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2012.09.07 15:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 15:27:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 15:27:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.04 21:27:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:51:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.04 21:27:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.04 21:27:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.04 21:27:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.04 21:27:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2011.09.27 20:31:06 | 000,000,815 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1011..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10607FE8-97EB-4928-A7B0-E14D6C66E3C8}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C2F10C-B047-42E6-B164-41DB5472422D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78A6DE41-9CC5-491C-92EC-4284B1ED838B}: DhcpNameServer = 217.200.200.42 213.230.129.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 20:23:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.10.07 21:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.07 21:31:15 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.10.06 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.10.06 17:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 17:56:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.06 17:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.01 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Neuer Ordner
[2012.09.24 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.24 23:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.24 23:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.09.17 09:11:40 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxx
[2012.09.17 09:07:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.10.10 20:23:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.10.10 20:20:08 | 000,538,327 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.10.10 20:00:53 | 000,711,362 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 20:00:53 | 000,159,498 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 20:00:53 | 000,013,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 20:00:53 | 000,011,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 19:55:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 19:55:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 19:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 12:47:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.07 21:31:16 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.10.07 18:45:02 | 000,113,195 | ---- | M] () -- C:\Users\Christian\Desktop\Malwarebytes_Ansicht.jpg
[2012.10.06 22:54:27 | 000,302,592 | ---- | M] () -- C:\Users\Christian\Desktop\clvggjqo.exe
[2012.10.06 22:30:45 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2012.10.06 22:29:07 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.10.06 19:39:23 | 049,934,254 | ---- | M] () -- C:\Users\Christian\Desktop\xxx.rar
[2012.10.06 17:56:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.05 19:56:38 | 000,001,032 | ---- | M] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk
[2012.09.24 23:26:57 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.19 10:23:51 | 003,876,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.17 14:23:18 | 000,011,874 | ---- | M] () -- C:\Users\Christian\Desktop\xxx.ods
[2012.09.17 12:33:10 | 003,207,446 | ---- | M] () -- C:\Users\Christian\Desktop\xxx.pdf
[2012.09.17 10:22:56 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.10.08 19:08:53 | 000,538,327 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.10.07 18:45:01 | 000,113,195 | ---- | C] () -- C:\Users\Christian\Desktop\Malwarebytes_Ansicht.jpg
[2012.10.06 22:54:24 | 000,302,592 | ---- | C] () -- C:\Users\Christian\Desktop\clvggjqo.exe
[2012.10.06 22:30:45 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2012.10.06 22:29:06 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.10.06 19:38:27 | 049,934,254 | ---- | C] () -- C:\Users\Christian\Desktop\xxx.rar
[2012.10.06 17:56:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 23:26:57 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.24 23:19:01 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.09.17 10:22:56 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.17 10:22:56 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.22 05:06:41 | 000,001,456 | ---- | C] () -- C:\Users\Christian\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.30 05:31:47 | 000,000,077 | ---- | C] () -- C:\Users\Christian\Desktop.scf
[2012.04.16 00:06:07 | 000,000,240 | ---- | C] () -- C:\Users\Christian\Window Switcher.lnk
[2011.12.21 01:03:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.03 12:21:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.06.22 10:47:42 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp6ml3.dll
[2010.12.14 13:19:41 | 000,009,305 | R--- | C] () -- C:\Windows\UN090430.INI
[2009.12.30 10:40:42 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2009.08.12 12:15:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.09 10:50:24 | 000,036,864 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L
[2012.10.06 17:43:10 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U
[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.21 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.13 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.27 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen
[2012.10.10 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.10.05 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.12 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2011.09.24 13:13:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2009.12.20 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo
[2012.09.09 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2012.08.14 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDAppFlex
[2012.04.02 10:35:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SampleView
[2012.08.14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.31 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< # AdwCleaner v2.004 - Datei am 10/10/2012 um 20:20:37 erstellt >
Invalid Switch: 2012 um 20:20:37 erstellt
 
< # Aktualisiert am 06/10/2012 von Xplode >
Invalid Switch: 2012 von Xplode
 
< # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) >
[2006.11.02 14:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:58:10 | 000,032,536 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.01 12:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< # Benutzer : Christian - SHC >
 
< # Bootmodus : Normal >
 
< # Ausgef�hrt unter : C:\Users\Christian\Desktop\adwcleaner.exe >
 
< # Option [Suche] >
 
<  >
 
<  >
 
< **** [Dienste] **** >
 
<  >
 
<  >
 
< ***** [Dateien / Ordner] ***** >
Invalid Switch: Ordner] *****
 
<  >
 
<  >
 
< ***** [Registrierungsdatenbank] ***** >
 
<  >
 
<  >
 
< ***** [Internet Browser] ***** >
 
<  >
 
< -\\ Internet Explorer v9.0.8112.16421 >
 
<  >
 
< [OK] Die Registrierungsdatenbank ist sauber. >
 
<  >
 
< -\\ Mozilla Firefox v15.0 (de) >
 
<  >
 
< Profilname : default  >
 
< Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\lp2ftooe.default\prefs.js >
 
<  >
 
< [OK] Die Datei ist sauber. >
 
<  >
 
< -\\ Google Chrome v [Version kann nicht ermittelt werden] >
 
<  >
 
< Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences >
 
<  >
 
< [OK] Die Datei ist sauber. >
 
<  >
 
< ************************* >
[2012.10.08 19:09:34 | 000,003,089 | ---- | M] () -- \AdwCleaner[R1].txt
[2012.10.10 20:20:43 | 000,001,186 | ---- | M] () -- \AdwCleaner[R2].txt
[2012.10.08 20:34:51 | 000,003,025 | ---- | M] () -- \AdwCleaner[S1].txt
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- \bootmgr
[2009.09.14 03:14:10 | 000,000,010 | ---- | M] () -- \config.sys
[2007.04.14 11:15:19 | 000,000,000 | ---- | M] () -- \C_USERPART
[2012.09.07 21:37:02 | 000,000,009 | ---- | M] () -- \END
[2012.09.09 00:23:08 | 000,000,387 | ---- | M] () -- \InstallHelper.log
[2009.08.09 21:42:03 | 000,000,000 | RHS- | M] () -- \IO.SYS
[2009.08.09 21:42:03 | 000,000,000 | RHS- | M] () -- \MSDOS.SYS
[2010.09.06 21:12:30 | 000,000,557 | ---- | M] () -- \NetworkCfg.xml
[2012.10.10 19:54:34 | 2452,267,008 | -HS- | M] () -- \pagefile.sys
[2010.02.25 09:55:57 | 000,000,075 | ---- | M] () -- \PCBuero.ini
[2010.02.25 09:56:20 | 000,013,030 | ---- | M] () -- \PDOXUSRS.NET
 
<  >
 
< AdwCleaner[R1].txt - [3089 octets] - [08/10/2012 19:09:25] >
Invalid Switch: 2012 19:09:25]
 
< AdwCleaner[S1].txt - [3025 octets] - [08/10/2012 20:34:37] >
Invalid Switch: 2012 20:34:37]
 
< AdwCleaner[R2].txt - [1057 octets] - [10/10/2012 20:20:37] >
Invalid Switch: 2012 20:20:37]
 
<  >
 
< ########## EOF - C:\AdwCleaner[R2].txt - [1117 octets] ########## >

< End of report >

Alt 11.10.2012, 12:38   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Bei OTL bitte aufpassen was du da reinkopierst!
Du kannst nicht einfach ein adwCleaner Log bei OTL einfügen und das als CustomScan verstehen

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.10.2012, 21:13   #21
NaSa
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Nein, da musst Du mich missverstanden haben. Ich habe kein adwCleaner Log bei OTL eingefügt!!!

Ich habe nachdem im OTL so viel Toolbar-Müll drin war, wie Du geschrieben hast den aktuellen adwCleaner runtergeladen, auf Suche geklickt und den Log hier gepostet. Das ist der hier gewesen:
Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 10/10/2012 um 20:20:37 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Christian - SHC
# Bootmodus : Normal
# Ausgef�hrt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\lp2ftooe.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3089 octets] - [08/10/2012 19:09:25]
AdwCleaner[S1].txt - [3025 octets] - [08/10/2012 20:34:37]
AdwCleaner[R2].txt - [1057 octets] - [10/10/2012 20:20:37]

########## EOF - C:\AdwCleaner[R2].txt - [1117 octets] ##########
Dann habe ich lediglich gesagt, dass es, glaube ich, so aussieht, als wäre da nichts mehr vom Toolbar-Müll.

Und um sicher zu gehen, habe ich alles wiederhollt was Du in Nr.16 gepostet hast. Also ein ganz aktuelles OTL-Log gemacht, indem ich ein CustomScan mit OTL gemacht habe und den kompletten Inhalt aus der von Dir geposteten Codebox in die Textbox von OTL kopiert habe.

Dann habe ich Dir auch davon das Log gesendet. Das war das hier:

Code:
ATTFilter
OTL logfile created on: 10.10.2012 20:25:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,38% Memory free
4,23 Gb Paging File | 3,34 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 18,11 Gb Free Space | 26,88% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
 
Computer Name: SHC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 20:23:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.09 18:48:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:13:33 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () -- c:\Programme\Ocster Backup\bin\backupService-ox.exe
PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.07.03 00:20:26 | 000,148,856 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Inputps.exe
PRC - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
MOD - [2011.06.22 10:47:12 | 000,540,672 | ---- | M] () -- C:\WINDOWS\System32\spool\drivers\w32x86\3\ssp6mdu.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 15:27:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.29 13:58:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () [Auto | Running] -- c:\Programme\Ocster Backup\bin\backupService-ox.exe -- (ocster_backup)
SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe -- (Bufssvr)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$KONTOR_NET)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.01.09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (Evssrchpschm)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 13:13:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 13:13:40 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011.03.26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.27 07:30:12 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.03.03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.07.10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.03.30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007.03.01 15:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006.11.30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.08.30 11:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 11:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 11:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bus.sys -- (ss_bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{2D2B8742-3259-4368-8CA7-2E5C8FCB04AE}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{554D6078-29FF-45D8-81E5-615E71F0A3DB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{AABB6A37-108F-434E-8945-D347908F88EC}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{FFB022B8-0115-4C5D-AE73-5F824281BCC7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9A39DDE1-B23B-49BA-A8BC-EC2F813C6214&apn_sauid=2D081756-F625-4114-9017-68424CEDD0D1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1011\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M]
 
[2009.09.11 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.10.08 20:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions
[2012.08.24 04:34:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 15:05:24 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\lp2ftooe.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2012.09.07 15:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 15:27:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 15:27:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.04 21:27:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:51:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.04 21:27:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.04 21:27:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.04 21:27:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.04 21:27:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2011.09.27 20:31:06 | 000,000,815 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1011..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10607FE8-97EB-4928-A7B0-E14D6C66E3C8}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C2F10C-B047-42E6-B164-41DB5472422D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78A6DE41-9CC5-491C-92EC-4284B1ED838B}: DhcpNameServer = 217.200.200.42 213.230.129.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 20:23:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.10.07 21:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.07 21:31:15 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.10.06 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.10.06 17:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 17:56:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.06 17:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.01 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Neuer Ordner
[2012.09.24 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.24 23:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.24 23:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.09.17 09:11:40 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxx
[2012.09.17 09:07:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.10.10 20:23:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.10.10 20:20:08 | 000,538,327 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.10.10 20:00:53 | 000,711,362 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 20:00:53 | 000,159,498 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 20:00:53 | 000,013,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 20:00:53 | 000,011,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 19:55:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 19:55:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 19:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 12:47:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.07 21:31:16 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.10.07 18:45:02 | 000,113,195 | ---- | M] () -- C:\Users\Christian\Desktop\Malwarebytes_Ansicht.jpg
[2012.10.06 22:54:27 | 000,302,592 | ---- | M] () -- C:\Users\Christian\Desktop\clvggjqo.exe
[2012.10.06 22:30:45 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2012.10.06 22:29:07 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.10.06 19:39:23 | 049,934,254 | ---- | M] () -- C:\Users\Christian\Desktop\xxx.rar
[2012.10.06 17:56:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.05 19:56:38 | 000,001,032 | ---- | M] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk
[2012.09.24 23:26:57 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.19 10:23:51 | 003,876,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.17 14:23:18 | 000,011,874 | ---- | M] () -- C:\Users\Christian\Desktop\xxx.ods
[2012.09.17 12:33:10 | 003,207,446 | ---- | M] () -- C:\Users\Christian\Desktop\xxx.pdf
[2012.09.17 10:22:56 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.10.08 19:08:53 | 000,538,327 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.10.07 18:45:01 | 000,113,195 | ---- | C] () -- C:\Users\Christian\Desktop\Malwarebytes_Ansicht.jpg
[2012.10.06 22:54:24 | 000,302,592 | ---- | C] () -- C:\Users\Christian\Desktop\clvggjqo.exe
[2012.10.06 22:30:45 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2012.10.06 22:29:06 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.10.06 19:38:27 | 049,934,254 | ---- | C] () -- C:\Users\Christian\Desktop\xxx.rar
[2012.10.06 17:56:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 23:26:57 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.24 23:19:01 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.09.17 10:22:56 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.17 10:22:56 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.22 05:06:41 | 000,001,456 | ---- | C] () -- C:\Users\Christian\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.30 05:31:47 | 000,000,077 | ---- | C] () -- C:\Users\Christian\Desktop.scf
[2012.04.16 00:06:07 | 000,000,240 | ---- | C] () -- C:\Users\Christian\Window Switcher.lnk
[2011.12.21 01:03:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.03 12:21:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.06.22 10:47:42 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp6ml3.dll
[2010.12.14 13:19:41 | 000,009,305 | R--- | C] () -- C:\Windows\UN090430.INI
[2009.12.30 10:40:42 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2009.08.12 12:15:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.09 10:50:24 | 000,036,864 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L
[2012.10.06 17:43:10 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U
[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.21 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.13 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.27 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen
[2012.10.10 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.10.05 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.12 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2011.09.24 13:13:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2009.12.20 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo
[2012.09.09 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2012.08.14 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDAppFlex
[2012.04.02 10:35:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SampleView
[2012.08.14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.31 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< # AdwCleaner v2.004 - Datei am 10/10/2012 um 20:20:37 erstellt >
Invalid Switch: 2012 um 20:20:37 erstellt
 
< # Aktualisiert am 06/10/2012 von Xplode >
Invalid Switch: 2012 von Xplode
 
< # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) >
[2006.11.02 14:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:58:10 | 000,032,536 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.01 12:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< # Benutzer : Christian - SHC >
 
< # Bootmodus : Normal >
 
< # Ausgef�hrt unter : C:\Users\Christian\Desktop\adwcleaner.exe >
 
< # Option [Suche] >
 
<  >
 
<  >
 
< **** [Dienste] **** >
 
<  >
 
<  >
 
< ***** [Dateien / Ordner] ***** >
Invalid Switch: Ordner] *****
 
<  >
 
<  >
 
< ***** [Registrierungsdatenbank] ***** >
 
<  >
 
<  >
 
< ***** [Internet Browser] ***** >
 
<  >
 
< -\\ Internet Explorer v9.0.8112.16421 >
 
<  >
 
< [OK] Die Registrierungsdatenbank ist sauber. >
 
<  >
 
< -\\ Mozilla Firefox v15.0 (de) >
 
<  >
 
< Profilname : default  >
 
< Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\lp2ftooe.default\prefs.js >
 
<  >
 
< [OK] Die Datei ist sauber. >
 
<  >
 
< -\\ Google Chrome v [Version kann nicht ermittelt werden] >
 
<  >
 
< Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences >
 
<  >
 
< [OK] Die Datei ist sauber. >
 
<  >
 
< ************************* >
[2012.10.08 19:09:34 | 000,003,089 | ---- | M] () -- \AdwCleaner[R1].txt
[2012.10.10 20:20:43 | 000,001,186 | ---- | M] () -- \AdwCleaner[R2].txt
[2012.10.08 20:34:51 | 000,003,025 | ---- | M] () -- \AdwCleaner[S1].txt
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- \bootmgr
[2009.09.14 03:14:10 | 000,000,010 | ---- | M] () -- \config.sys
[2007.04.14 11:15:19 | 000,000,000 | ---- | M] () -- \C_USERPART
[2012.09.07 21:37:02 | 000,000,009 | ---- | M] () -- \END
[2012.09.09 00:23:08 | 000,000,387 | ---- | M] () -- \InstallHelper.log
[2009.08.09 21:42:03 | 000,000,000 | RHS- | M] () -- \IO.SYS
[2009.08.09 21:42:03 | 000,000,000 | RHS- | M] () -- \MSDOS.SYS
[2010.09.06 21:12:30 | 000,000,557 | ---- | M] () -- \NetworkCfg.xml
[2012.10.10 19:54:34 | 2452,267,008 | -HS- | M] () -- \pagefile.sys
[2010.02.25 09:55:57 | 000,000,075 | ---- | M] () -- \PCBuero.ini
[2010.02.25 09:56:20 | 000,013,030 | ---- | M] () -- \PDOXUSRS.NET
 
<  >
 
< AdwCleaner[R1].txt - [3089 octets] - [08/10/2012 19:09:25] >
Invalid Switch: 2012 19:09:25]
 
< AdwCleaner[S1].txt - [3025 octets] - [08/10/2012 20:34:37] >
Invalid Switch: 2012 20:34:37]
 
< AdwCleaner[R2].txt - [1057 octets] - [10/10/2012 20:20:37] >
Invalid Switch: 2012 20:20:37]
 
<  >
 
< ########## EOF - C:\AdwCleaner[R2].txt - [1117 octets] ########## >

< End of report >
Tja und jetzt bin ich genau so schlau wie vorher, denn ich verstehe davon nichts und habe keine Ahnung ob ich jetzt "entvirust" bin und endlich wieder arbeiten kann oder ob noch was zu machen ist.
Wenn Du Zeit und Nerv hast, würdest Du mir bitte noch dazu ein Feedback geben? Ich danke Dir!

Alt 12.10.2012, 10:39   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Zitat:
. Ich habe kein adwCleaner Log bei OTL eingefügt!!!
Eben doch! Schau dir doch mal das letzte OTL-Log an!

Zitat:
2012.08.14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.31 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Custom Scans ==========

< # AdwCleaner v2.004 - Datei am 10/10/2012 um 20:20:37 erstellt >
Invalid Switch: 2012 um 20:20:37 erstellt

< # Aktualisiert am 06/10/2012 von Xplode >
Invalid Switch: 2012 von Xplode
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.10.2012, 11:20   #23
NaSa
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Oh man, ich Trottel, da hast Du Recht, das war mir nicht bewusst, wahrscheinlich war das noch in der Zwischenablage. Mein Fehler.

Kannst Du mir bitte sagen, wie es jetzt weiter geht?

Alt 12.10.2012, 14:29   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Ich hab immer noch nicht das richtige OTL-Log!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.10.2012, 19:10   #25
NaSa
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


richtige OTL-Log:
Code:
ATTFilter
OTL logfile created on: 12.10.2012 19:32:30 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 66,01% Memory free
4,23 Gb Paging File | 3,34 Gb Available in Paging File | 78,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 12,90 Gb Free Space | 19,15% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
 
Computer Name: SHC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.12 19:30:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.09 18:48:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:13:33 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () -- c:\Programme\Ocster Backup\bin\backupService-ox.exe
PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.07.03 00:20:26 | 000,148,856 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Inputps.exe
PRC - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 15:27:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.29 13:58:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () [Auto | Running] -- c:\Programme\Ocster Backup\bin\backupService-ox.exe -- (ocster_backup)
SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe -- (Bufssvr)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$KONTOR_NET)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.01.09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (Evssrchpschm)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 13:13:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 13:13:40 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011.03.26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.27 07:30:12 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.03.03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.07.10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.03.30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007.03.01 15:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006.11.30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.08.30 11:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 11:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 11:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bus.sys -- (ss_bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes,DefaultScope = {554D6078-29FF-45D8-81E5-615E71F0A3DB}
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{2D2B8742-3259-4368-8CA7-2E5C8FCB04AE}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{554D6078-29FF-45D8-81E5-615E71F0A3DB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{AABB6A37-108F-434E-8945-D347908F88EC}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{FFB022B8-0115-4C5D-AE73-5F824281BCC7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9A39DDE1-B23B-49BA-A8BC-EC2F813C6214&apn_sauid=2D081756-F625-4114-9017-68424CEDD0D1
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1011\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M]
 
[2009.09.11 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.10.08 20:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions
[2012.08.24 04:34:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 15:05:24 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\lp2ftooe.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2012.09.07 15:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 15:27:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 15:27:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.04 21:27:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:51:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.04 21:27:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.04 21:27:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.04 21:27:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.04 21:27:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2011.09.27 20:31:06 | 000,000,815 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1011..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10607FE8-97EB-4928-A7B0-E14D6C66E3C8}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C2F10C-B047-42E6-B164-41DB5472422D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78A6DE41-9CC5-491C-92EC-4284B1ED838B}: DhcpNameServer = 217.200.200.42 213.230.129.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell - "" = AutoRun
O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe - (T-Mobile)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30F48640-8FF1-7D79-AB6F-B5273CFCC8FF} - Java (Sun)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4AADD1F0-17A8-4349-943F-9C7B5E3F9CB4} - Yahoo! Toolbar
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {765BB945-9769-4D3A-BEB3-D868972080C8} - NoIE8Tour
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {AFC982B5-04C4-4F74-E195-4CBF5AC46BAD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6097C7D-AF4E-4985-9A0C-F5611B5818BC} - Yahoo! Search Settings Update
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{DF356B79-C4CB-48FE-A37F-9DA402B270C1} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.11 18:26:40 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxxx
[2012.10.10 20:23:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.10.07 21:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.07 21:31:15 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.10.06 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.10.06 17:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 17:56:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.06 17:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.01 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxxx
[2012.09.24 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.24 23:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.24 23:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.09.17 09:11:40 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxxx
[2012.09.17 09:07:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxxx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.10.12 19:30:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.10.12 19:17:15 | 000,711,362 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.12 19:17:15 | 000,159,498 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.12 19:17:15 | 000,013,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.12 19:17:15 | 000,011,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.12 19:12:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 19:12:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 19:11:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.12 19:06:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.10 20:20:08 | 000,538,327 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.10.07 21:31:16 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.10.07 18:45:02 | 000,113,195 | ---- | M] () -- C:\Users\Christian\Desktop\Malwarebytes_Ansicht.jpg
[2012.10.06 22:54:27 | 000,302,592 | ---- | M] () -- C:\Users\Christian\Desktop\clvggjqo.exe
[2012.10.06 22:30:45 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2012.10.06 22:29:07 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.10.06 19:39:23 | 049,934,254 | ---- | M] () -- C:\Users\Christian\Desktop\xxxx.rar
[2012.10.06 17:56:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.05 19:56:38 | 000,001,032 | ---- | M] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk
[2012.09.24 23:26:57 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.19 10:23:51 | 003,876,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.17 14:23:18 | 000,011,874 | ---- | M] () -- C:\Users\Christian\Desktop\xxxx.ods
[2012.09.17 12:33:10 | 003,207,446 | ---- | M] () -- C:\Users\Christian\Desktop\xxxx.pdf
[2012.09.17 10:22:56 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.10.08 19:08:53 | 000,538,327 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.10.07 18:45:01 | 000,113,195 | ---- | C] () -- C:\Users\Christian\Desktop\Malwarebytes_Ansicht.jpg
[2012.10.06 22:54:24 | 000,302,592 | ---- | C] () -- C:\Users\Christian\Desktop\clvggjqo.exe
[2012.10.06 22:30:45 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2012.10.06 22:29:06 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.10.06 19:38:27 | 049,934,254 | ---- | C] () -- C:\Users\Christian\Desktop\xxxx.rar
[2012.10.06 17:56:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 23:26:57 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.24 23:19:01 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.09.17 10:22:56 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.17 10:22:56 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.22 05:06:41 | 000,001,456 | ---- | C] () -- C:\Users\Christian\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.30 05:31:47 | 000,000,077 | ---- | C] () -- C:\Users\Christian\Desktop.scf
[2012.04.16 00:06:07 | 000,000,240 | ---- | C] () -- C:\Users\Christian\Window Switcher.lnk
[2011.12.21 01:03:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.03 12:21:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.06.22 10:47:42 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp6ml3.dll
[2010.12.14 13:19:41 | 000,009,305 | R--- | C] () -- C:\Windows\UN090430.INI
[2009.12.30 10:40:42 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2009.08.12 12:15:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.09 10:50:24 | 000,036,864 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L
[2012.10.06 17:43:10 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U
[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L
[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.21 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.13 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.27 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen
[2012.10.10 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.10.05 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.12 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2011.09.24 13:13:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2009.12.20 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo
[2012.09.09 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2012.08.14 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDAppFlex
[2012.04.02 10:35:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SampleView
[2012.08.14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.31 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.17 11:21:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe
[2009.08.09 11:52:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AdobeUM
[2012.01.08 21:22:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2012.01.28 23:21:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Avira
[2012.08.21 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.13 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.27 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen
[2010.01.14 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DivX
[2012.10.10 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.10.05 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.12 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2011.09.24 13:13:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2009.08.12 09:36:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Google
[2009.08.09 10:34:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Hewlett-Packard
[2009.08.09 10:34:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities
[2009.08.09 10:29:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InstallShield
[2009.12.20 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo
[2009.08.12 09:28:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2012.10.06 17:56:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.08.16 01:53:38 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2009.09.11 22:24:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2012.09.09 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2012.09.09 11:41:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org2
[2012.08.14 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDAppFlex
[2009.10.16 10:13:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Roxio
[2012.04.02 10:35:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SampleView
[2012.10.12 12:59:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Skype
[2012.01.29 01:08:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\skypePM
[2012.08.14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.31 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2010.04.19 23:51:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.08.13 21:18:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.07.04 15:23:44 | 015,197,480 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.04.14 10:55:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.04.14 10:55:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.04.14 10:55:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.09.07 10:49:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.09.07 10:49:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.09.07 10:49:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.09.07 23:28:28 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.09.07 23:28:29 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 14:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:58:10 | 000,032,536 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.01 12:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

Alt 12.10.2012, 20:37   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{AABB6A37-108F-434E-8945-D347908F88EC}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1781722448-2793394607-2059629828-1003\..\SearchScopes\{FFB022B8-0115-4C5D-AE73-5F824281BCC7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9A39DDE1-B23B-49BA-A8BC-EC2F813C6214&apn_sauid=2D081756-F625-4114-9017-68424CEDD0D1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
:Files
C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}
C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}
C:\$RECYCLE.BIN\S-1-5-18\$a3b4898990cecf77e8df413dbb6d7c90
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.10.2012, 22:37   #27
NaSa
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Vielen Dank!

Hier das Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AABB6A37-108F-434E-8945-D347908F88EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AABB6A37-108F-434E-8945-D347908F88EC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1781722448-2793394607-2059629828-1003\Software\Microsoft\Internet Explorer\SearchScopes\{FFB022B8-0115-4C5D-AE73-5F824281BCC7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB022B8-0115-4C5D-AE73-5F824281BCC7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\Autorun.inf moved successfully.
========== FILES ==========
C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U folder moved successfully.
C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L folder moved successfully.
C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90} folder moved successfully.
C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U folder moved successfully.
C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L folder moved successfully.
C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90} folder moved successfully.
File\Folder C:\$RECYCLE.BIN\S-1-5-18\$a3b4898990cecf77e8df413dbb6d7c90 not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christian\Desktop\cmd.bat deleted successfully.
C:\Users\Christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christian
->Temp folder emptied: 27543310 bytes
->Temporary Internet Files folder emptied: 573972 bytes
->Java cache emptied: 38749609 bytes
->FireFox cache emptied: 71010136 bytes
->Google Chrome cache emptied: 6455424 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 15257315 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: _ocster_backup_
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 602112 bytes
 
Total Files Cleaned = 153,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10122012_222533

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 13.10.2012, 15:46   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.10.2012, 17:50   #29
NaSa
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Hier das Log:

Code:
ATTFilter
16:49:40.0648 2320  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:49:40.0991 2320  ============================================================
16:49:40.0991 2320  Current date / time: 2012/10/14 16:49:40.0991
16:49:40.0991 2320  SystemInfo:
16:49:40.0991 2320  
16:49:40.0991 2320  OS Version: 6.0.6002 ServicePack: 2.0
16:49:40.0991 2320  Product type: Workstation
16:49:40.0991 2320  ComputerName: SHC
16:49:40.0991 2320  UserName: Christian
16:49:40.0991 2320  Windows directory: C:\Windows
16:49:40.0991 2320  System windows directory: C:\Windows
16:49:40.0991 2320  Processor architecture: Intel x86
16:49:40.0991 2320  Number of processors: 1
16:49:40.0991 2320  Page size: 0x1000
16:49:40.0991 2320  Boot type: Normal boot
16:49:40.0991 2320  ============================================================
16:49:43.0222 2320  BG loaded
16:49:44.0439 2320  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:49:44.0439 2320  ============================================================
16:49:44.0439 2320  \Device\Harddisk0\DR0:
16:49:44.0439 2320  MBR partitions:
16:49:44.0439 2320  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x86B6FC1
16:49:44.0439 2320  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x86B7000, BlocksNum 0xB3B000
16:49:44.0439 2320  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x91F4000, BlocksNum 0x31B000
16:49:44.0439 2320  ============================================================
16:49:44.0502 2320  C: <-> \Device\Harddisk0\DR0\Partition1
16:49:44.0627 2320  D: <-> \Device\Harddisk0\DR0\Partition2
16:49:44.0658 2320  E: <-> \Device\Harddisk0\DR0\Partition3
16:49:44.0658 2320  ============================================================
16:49:44.0658 2320  Initialize success
16:49:44.0658 2320  ============================================================

Alt 14.10.2012, 20:00   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Standard

Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


Das Log ist leider unvollständig
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen
32 bit, antivir, autorun, avira, bho, bonjour, computer, converter, desktop, error, fehler, firefox, flash player, google, home, launch, logfile, mozilla, mp3, netzwerk, plug-in, programm, recycle.bin, registry, scan, security, software, svchost.exe, t-mobile, tr/crypt.xpack.ge, trojaner-board, vista


« von MBAM entdeckt: PUP.OfferBundler.ST + PUP.RemoveWGA | Laptop sehr schnell, sehr langsam »


Ähnliche Themen: Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen


  1. Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (50)
  2. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  3. TR/ATRAPS.Gen & TR/ATRAPS.Gen2 durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (3)
  4. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  5. TR/ATRAPS Gen und TR/ATRAPS Gen2 C:\RECYCLER\S-1-5-21-3287549451-3649138221-mit Avira endeckt. Mit Malewarebytes entfernt. Logfiles angefügt
    Log-Analyse und Auswertung - 13.10.2012 (2)
  6. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  7. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  8. BDS/ZAccess.yer + TR/ATRAPS.Gen + TR/ATRAPS.Gen2 - Avira machtlos
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  9. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  10. Avira findet dauernd TR/ATRAPS.Gen und TR/ATRAPS.Gen2, was muss ich machen damit es verschwindet ?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (25)
  11. Avira meldet TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.wjr
    Log-Analyse und Auswertung - 01.08.2012 (1)
  12. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  13. Avira Antivirus Premium 2012: Funde von TR/ATRAPS.GEN TR/ATRAPS.GEN2 TR/Sirefef.P.666 BDS/ZAccess.T
    Log-Analyse und Auswertung - 25.07.2012 (3)
  14. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  15. Ich komme allein nicht weiter, Avira findet TR/ATRAPS.gen - TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (5)
  16. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  17. TR/ATRAPS.GEN und TR/ATRAPS.GEN2 von Avira und Malwarebytes nicht aufzufinden
    Log-Analyse und Auswertung - 10.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen...
Archiv
Du betrachtest: Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55