Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2

dexudek · 09.07.2012, 18:18

Hallöchen ~

Ich muss mir irgendwie einen Trojaner oder Virus oder so eingefangen haben:
Seid dem ich ein Adope Update ausgeführt habe bekomme ich ca. Jede 10 Minuten von Avira gesagt, dass es 2 Viren gefunden hat:

TR/ATRAPS.Gen C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\80000000.@
TR/ATRAPS.Gen2 C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\800000cb.@

Ich habe Windows Vista und benutzte Firefox.

Ich habe den Defogger heruntergeladen und ausgeführt. Bis die Meldung "Finished" kam. (siehe Anhang. )

Dann habe ich OTL von Oldtimer heruntergeladen.
Extras.Txt (ist im Ahnang)

Und OTL.Txt (ist auch im Anhang) :

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 7/9/2012 5:14:35 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Anna\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 48.01% Memory free
3.98 Gb Paging File | 2.91 Gb Available in Paging File | 73.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 31.74 Gb Free Space | 22.61% Space Free | Partition Type: NTFS
 
Computer Name: DEXUDEK | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/09 17:12:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
PRC - [2012/05/08 17:58:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 17:58:42 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/05/08 17:58:42 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 17:58:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 17:58:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/12/09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2009/04/23 12:21:42 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 12:18:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/06/02 22:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 20:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 22:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 02:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/16 02:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/09 00:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 22:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 22:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/04 02:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/12/09 21:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/27 13:07:48 | 000,139,264 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\Basis\program\nsldap32v50.dll
MOD - [2009/04/16 20:03:22 | 000,166,400 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll
MOD - [2009/04/16 20:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/03/06 19:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 21:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 06:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/02 02:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/10/10 20:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 20:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/09 11:52:19 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/01 23:14:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 17:58:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 17:58:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2008/04/16 02:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/06 22:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/04 02:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/10/14 00:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012/05/08 17:58:43 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 17:58:43 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 16:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/07/19 03:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/28 12:33:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/04/15 19:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/07 13:39:50 | 000,045,848 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/01/18 18:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/26 19:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/12/14 20:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 23:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/04/23 19:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 08:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 08:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKLM\..\SearchScopes\{C6982220-0A20-4247-BB74-D0FF018978DE}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\..\SearchScopes\{C6982220-0A20-4247-BB74-D0FF018978DE}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: player@portalarium.com:1.53
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="
FF - prefs.js..network.proxy.http: "66.152.116.167"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Anna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/08 23:36:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/08 23:36:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/01 23:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 18:44:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/01 23:14:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 18:44:37 | 000,000,000 | ---D | M]
 
[2010/12/19 22:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Extensions
[2010/12/19 22:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/04 11:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\hr0tmt9x.default\extensions
[2012/05/30 13:02:16 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\hr0tmt9x.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/06/27 13:22:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\hr0tmt9x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 15:49:19 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\hr0tmt9x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/09/30 16:19:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\hr0tmt9x.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009/08/19 18:33:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\hr0tmt9x.default\extensions\moveplayer@movenetworks.com
[2012/03/09 18:05:13 | 000,000,000 | ---D | M] (Mystical Land Installer) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\hr0tmt9x.default\extensions\MysticalLandInstaller@madottergames.com
[2011/08/21 14:09:27 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\hr0tmt9x.default\extensions\player@portalarium.com
[2012/03/18 15:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/04 18:08:06 | 000,061,854 | ---- | M] () (No name found) -- C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR0TMT9X.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
[2012/07/01 23:14:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/26 15:18:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe]  File not found
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Users\Anna\AppData\Local\Temp\Qnr.exe File not found
O4 - Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A540B62-FC8A-4095-909A-4D42FC2125CB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ff641721-67ac-11e0-8344-001e33ceb5cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ff641721-67ac-11e0-8344-001e33ceb5cd}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/09 17:12:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2012/07/09 15:21:19 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anna\Desktop\tdsskiller.exe
[2012/07/09 15:16:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Anna\Desktop\aswMBR.exe
[2012/07/09 12:28:24 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/03 13:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullfrog
[2012/07/03 13:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bullfrog
[2012/06/24 13:00:14 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Macromedia
[2012/06/18 13:43:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Facebook
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012/07/09 17:15:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000UA.job
[2012/07/09 17:13:49 | 000,010,409 | ---- | M] () -- C:\Users\Anna\Desktop\Trojaner.odt
[2012/07/09 17:12:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2012/07/09 17:08:04 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2012/07/09 17:07:13 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/09 17:07:13 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/09 17:06:58 | 000,000,000 | ---- | M] () -- C:\Users\Anna\defogger_reenable
[2012/07/09 17:00:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 17:00:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 17:00:43 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/09 17:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/09 16:59:56 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/09 15:50:57 | 251,599,055 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/09 15:46:27 | 000,050,477 | ---- | M] () -- C:\Users\Anna\Desktop\Defogger.exe
[2012/07/09 15:38:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/09 15:21:28 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anna\Desktop\tdsskiller.exe
[2012/07/09 15:17:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Anna\Desktop\aswMBR.exe
[2012/07/09 14:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/09 13:49:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000UA.job
[2012/07/09 13:49:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000Core.job
[2012/07/09 12:15:10 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000Core.job
[2012/07/08 22:29:52 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5D46B7DC-4173-4F78-BB98-2DAD2410C1AC}.job
[2012/07/05 15:21:05 | 003,603,801 | ---- | M] () -- C:\Users\Anna\Desktop\LouisEX - Als Wir Zusammen Schliefen.mp3
[2012/07/05 15:19:49 | 004,033,756 | ---- | M] () -- C:\Users\Anna\Desktop\EVERYDAY ( Shy FX & T Power FEAT Top Cat ).mp3
[2012/07/03 13:55:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/07/03 13:55:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/07/02 14:18:31 | 000,012,288 | -H-- | M] () -- C:\Users\Anna\Desktop\photothumb.db
[2012/06/24 21:32:16 | 000,039,424 | ---- | M] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/24 20:25:18 | 000,011,404 | ---- | M] () -- C:\Users\Anna\Desktop\Unbenannt 1.odt
[2012/06/15 00:32:45 | 000,331,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 20:29:15 | 000,000,881 | ---- | M] () -- C:\Users\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012/07/09 17:06:58 | 000,000,000 | ---- | C] () -- C:\Users\Anna\defogger_reenable
[2012/07/09 17:06:23 | 000,010,409 | ---- | C] () -- C:\Users\Anna\Desktop\Trojaner.odt
[2012/07/09 17:01:14 | 000,001,696 | ---- | C] () -- C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\00000001.@
[2012/07/09 16:59:56 | 2009,075,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/09 15:46:26 | 000,050,477 | ---- | C] () -- C:\Users\Anna\Desktop\Defogger.exe
[2012/07/09 11:51:51 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\00000001.@
[2012/07/05 15:21:04 | 003,603,801 | ---- | C] () -- C:\Users\Anna\Desktop\LouisEX - Als Wir Zusammen Schliefen.mp3
[2012/07/05 15:19:46 | 004,033,756 | ---- | C] () -- C:\Users\Anna\Desktop\EVERYDAY ( Shy FX & T Power FEAT Top Cat ).mp3
[2012/07/03 13:55:38 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2012/07/03 13:55:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/07/03 13:55:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/06/18 13:44:01 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000UA.job
[2012/06/18 13:44:00 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000Core.job
[2012/06/12 20:29:15 | 000,000,881 | ---- | C] () -- C:\Users\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/05 15:28:25 | 000,002,586 | ---- | C] () -- C:\Users\Anna\AppData\Local\recently-used.xbel
[2012/01/11 15:17:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\@
[2012/01/11 15:17:07 | 000,002,048 | -HS- | C] () -- C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\@
[2011/03/15 14:57:23 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/03/15 14:39:40 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/02/28 16:26:25 | 000,000,581 | ---- | C] () -- C:\Windows\eReg.dat
[2010/01/27 17:59:23 | 000,000,680 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2009/08/27 00:34:35 | 001,919,567 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\UserTile.png
[2009/08/21 00:28:35 | 000,000,321 | ---- | C] () -- C:\Users\Anna\Public - Shortcut.lnk
[2009/08/09 00:36:01 | 000,039,424 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/09 00:34:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/08 23:40:02 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
 
========== LOP Check ==========
 
[2011/03/10 14:02:02 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\.minecraft
[2012/03/18 14:43:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Atari
[2011/03/19 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Clonk Rage
[2011/06/23 14:39:38 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Dropbox
[2010/10/27 15:49:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/10/18 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\FVZilla
[2011/01/16 21:27:02 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\gnupg
[2010/02/01 21:30:11 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\gtk-2.0
[2012/02/04 18:15:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\KastorFreeVimeoDownloader
[2012/03/18 14:41:43 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Leadertech
[2011/01/08 23:36:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Local
[2011/01/16 17:41:17 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Miranda
[2009/08/28 00:22:28 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenOffice.org
[2010/11/19 17:38:30 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PhotoScape
[2009/08/10 23:40:12 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\QIP
[2012/02/25 20:59:05 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Rovio
[2010/12/19 22:25:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Thunderbird
[2010/05/27 18:44:25 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Ulead Systems
[2012/07/09 13:49:02 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000Core.job
[2012/07/09 13:49:05 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000UA.job
[2012/07/08 23:07:59 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/08 22:29:52 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5D46B7DC-4173-4F78-BB98-2DAD2410C1AC}.job
[2012/07/09 17:08:04 | 000,000,238 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/05 16:19:27 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 12 bytes -> C:\Windows\System32\ :{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
 
< End of report >

--- --- ---

Ich habe ein 32 bit Windows und habe mir Gmer heruntergeladen und meinen PC scannen wollen, jedoch ist er beim ersten und zweiten Versuch einfach nach ca. 1 Stunde abgestürzt.

Habe mir dafür osam heruntergeladen.
Der osam Log ist auch im Anhang.

Ich würde mich wie Winnie Pooh über Honig freuen wenn mir jemand helfen könnte. :-)

Liebe Grüße, Anna

Hallo. Hier ist noch der Logfile von Avira. Vielleicht könnt ihr den ja auch noch gebrauchen.
Ich muss ehrlich sagen, dass ich total auf dem Schlauch steh. Ich hab keine Ahnung wie ich diesen Virus loswerden kann.
freundliche Grüße,
Anna

Zitat:

Avira Free Antivirus
Report file date: Tuesday, July 10, 2012 11:43

Scanning for 3855608 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista (TM) Home Basic
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DEXUDEK

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/8/2012 15:58:42
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/8/2012 15:58:42
LUKE.DLL : 12.3.0.15 68304 Bytes 5/8/2012 15:58:43
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/8/2012 15:58:43
AVREG.DLL : 12.3.0.17 232200 Bytes 5/10/2012 17:13:26
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:33:08
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 14:27:18
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 14:29:22
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 11:43:01
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 17:13:57
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 17:13:57
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 17:13:58
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 17:13:58
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 17:13:58
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 17:13:58
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 17:13:58
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 17:13:58
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 17:13:58
VBASE014.VDF : 7.11.34.201 169472 Bytes 7/2/2012 08:59:28
VBASE015.VDF : 7.11.35.19 122368 Bytes 7/4/2012 08:59:24
VBASE016.VDF : 7.11.35.87 146944 Bytes 7/6/2012 11:33:30
VBASE017.VDF : 7.11.35.143 126464 Bytes 7/9/2012 22:19:05
VBASE018.VDF : 7.11.35.144 2048 Bytes 7/9/2012 22:19:05
VBASE019.VDF : 7.11.35.145 2048 Bytes 7/9/2012 22:19:06
VBASE020.VDF : 7.11.35.146 2048 Bytes 7/9/2012 22:19:06
VBASE021.VDF : 7.11.35.147 2048 Bytes 7/9/2012 22:19:06
VBASE022.VDF : 7.11.35.148 2048 Bytes 7/9/2012 22:19:06
VBASE023.VDF : 7.11.35.149 2048 Bytes 7/9/2012 22:19:06
VBASE024.VDF : 7.11.35.150 2048 Bytes 7/9/2012 22:19:06
VBASE025.VDF : 7.11.35.151 2048 Bytes 7/9/2012 22:19:06
VBASE026.VDF : 7.11.35.152 2048 Bytes 7/9/2012 22:19:06
VBASE027.VDF : 7.11.35.153 2048 Bytes 7/9/2012 22:19:06
VBASE028.VDF : 7.11.35.154 2048 Bytes 7/9/2012 22:19:06
VBASE029.VDF : 7.11.35.155 2048 Bytes 7/9/2012 22:19:06
VBASE030.VDF : 7.11.35.156 2048 Bytes 7/9/2012 22:19:06
VBASE031.VDF : 7.11.35.174 36864 Bytes 7/9/2012 22:19:06
Engine version : 8.2.10.106
AEVDF.DLL : 8.1.2.8 106867 Bytes 6/3/2012 18:26:25
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 7/6/2012 08:59:24
AESCN.DLL : 8.1.8.2 131444 Bytes 2/12/2012 14:32:37
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 15:12:28
AERDL.DLL : 8.1.9.15 639348 Bytes 12/14/2011 23:32:23
AEPACK.DLL : 8.2.16.22 807288 Bytes 6/21/2012 14:17:39
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 6/28/2012 16:42:45
AEHEUR.DLL : 8.1.4.64 5009782 Bytes 7/6/2012 08:59:24
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/28/2012 16:42:07
AEGEN.DLL : 8.1.5.32 434548 Bytes 7/7/2012 11:33:31
AEEXP.DLL : 8.1.0.60 86388 Bytes 7/6/2012 08:59:24
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/14/2011 23:32:19
AECORE.DLL : 8.1.25.10 201080 Bytes 6/1/2012 09:07:33
AEBB.DLL : 8.1.1.0 53618 Bytes 12/14/2011 23:32:19
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/8/2012 15:58:42
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/8/2012 15:58:42
AVREP.DLL : 12.3.0.15 179208 Bytes 5/8/2012 15:58:43
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/8/2012 15:58:42
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/8/2012 15:58:42
SQLITE3.DLL : 3.7.0.1 398288 Bytes 5/8/2012 15:58:43
AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/8/2012 15:58:42
NETNT.DLL : 12.3.0.15 17104 Bytes 5/8/2012 15:58:43
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/8/2012 15:58:42
RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/8/2012 15:58:42

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ffbf5f7\guard_slideup.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Tuesday, July 10, 2012 11:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'distnoted.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'TosIPCSrv.exe' - '1' Module(s) have been scanned
Scan process 'MotoHelperAgent.exe' - '1' Module(s) have been scanned
Scan process 'TosCoSrv.exe' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MotoHelperService.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'DDMService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VersionCueTray.exe' - '1' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPwrMain.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\80000000.@'
C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\80000000.@
[DETECTION] Is the TR/ATRAPS.Gen Trojan
Begin scan in 'C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\800000cb.@'
C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\800000cb.@
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

Beginning disinfection:
C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\800000cb.@
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was deleted!
C:\Users\Anna\AppData\Local\{9900e971-9b77-9d62-b0dd-6bad0c70cba3}\U\80000000.@
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was deleted!

End of the scan: Tuesday, July 10, 2012 11:47
Used time: 00:00 Minute(s)

The scan has been done completely.

0 Scanned directories
68 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
2 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
66 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes

The scan results will be transferred to the Guard.

cosinus · 12.07.2012, 15:35

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2

Plagegeister aller Art und deren Bekämpfung: Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2

Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2

Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2

Ähnliche Themen: Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2