Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2

AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2


Plagegeister aller Art und deren Bekämpfung: AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.07.2012, 16:38   #1
TT262
 
AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Standard

AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2


Hallo zusammen,
Seit heute meldet mir AniVir zwei Viren/Trojaner: TR/ATRAPS.Gen und TR/ATRAPS.Gen2.
Laut Google scheinen die Zwei ja bereits bekannt zu sein...
Ich hoffe hier kann mir jemand helfen.

Ich habe bereits bei euch im Forum angefangen mich ins Thema reinzulesen, allerdings hat ja jeder PC seine individuellen Logfiles.

OTL habe ich bereits wie in eurer Anleitung ausgeführt:

OTL.Txt:
Code:
ATTFilter
OTL logfile created on: 17.07.2012 17:11:41 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\T\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 66,36% Memory free
15,95 Gb Paging File | 13,14 Gb Available in Paging File | 82,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 369,06 Gb Free Space | 79,26% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 249,63 Gb Free Space | 53,60% Space Free | Partition Type: NTFS
Drive J: | 3,91 Gb Total Space | 3,89 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
 
Computer Name: TOBI-BÜRO-SR | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\T\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (WebUpdate4) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 01 74 5E 0D 60 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..network.proxy.http: "80.58.29.174"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.04 09:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 10:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.22 12:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 10:05:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.28 22:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T\AppData\Roaming\mozilla\Extensions
[2012.07.16 11:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions
[2012.04.03 11:00:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.13 10:20:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\T\AppData\Roaming\mozilla\Firefox\Profiles\2fy5fkit.default\extensions\foxmarks@kei.com
[2012.04.26 15:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.04 11:45:25 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FY5FKIT.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.07.16 11:19:22 | 001,611,859 | ---- | M] () (No name found) -- C:\USERS\T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FY5FKIT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.15 09:46:44 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FY5FKIT.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.26 10:05:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 10:05:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 10:05:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 10:05:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 10:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 10:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 10:05:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [fgmstart]  File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://212.89.130.140/+CSCOL+/csvrloader64.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://212.89.130.140/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFFEFE8F-D21B-41D5-947E-EC34C89EC9CD}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 17:10:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
[2012.07.17 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Local\Microsoft Games
[2012.07.17 15:09:27 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.17 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.17 15:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.07.17 15:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.17 14:34:09 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.17 13:36:24 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Adobe After Effects Auto-Speichern
[2012.07.17 13:22:28 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Malwarebytes
[2012.07.17 13:22:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 13:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 13:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 13:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 15:39:02 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\neue In-szene Webste migges tobi
[2012.07.16 11:24:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.07.16 10:52:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.16 10:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.07.16 10:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.07.13 11:33:17 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Angebot - Schnick Schnack SB
[2012.07.13 11:06:29 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\St. Arnual blüht auf
[2012.07.12 18:20:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 18:20:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 18:20:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 18:20:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 18:20:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 18:20:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 18:20:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 18:20:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 18:20:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 18:20:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 18:20:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 18:20:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 18:20:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 10:04:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 10:04:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 10:03:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 10:03:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 10:03:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:37:38 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Cafe Lounge  SB
[2012.07.11 11:33:36 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Simionstift CC
[2012.07.10 14:52:44 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.10 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\saarscene
[2012.07.06 15:48:57 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Quattrocult Standorte
[2012.07.05 17:50:14 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Originale in Saarbrücken 5
[2012.07.04 11:37:46 | 000,000,000 | ---D | C] -- C:\Users\T\Documents\Freebies
[2012.07.02 16:23:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.02 11:32:04 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Logitech
[2012.07.02 11:17:18 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Leadertech
[2012.07.02 11:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.07.02 11:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012.07.02 11:14:56 | 000,190,992 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\BtCoreIf.dll
[2012.07.02 11:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.07.02 11:14:54 | 000,050,176 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\LBTCoIns.DLL
[2012.07.02 11:14:50 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2012.07.02 11:14:50 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\kemutb.dll
[2012.07.02 11:14:50 | 000,159,248 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2012.07.02 11:14:50 | 000,096,272 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemXML.dll
[2012.07.02 11:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.07.02 11:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.07.02 11:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.06.26 16:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012.06.26 16:20:34 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2012.06.26 16:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012.06.26 16:20:25 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012.06.26 16:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012.06.26 16:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2012.06.26 13:30:57 | 000,000,000 | ---D | C] -- C:\Users\T\Library
[2012.06.26 13:30:57 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Local\Apple Computer
[2012.06.26 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\T\AppData\Roaming\Titanium
[2012.06.26 13:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Player
[2012.06.26 13:30:12 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.06.22 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Black Background Set by Freeman
[2012.06.22 09:40:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 09:40:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 09:40:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 09:40:05 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 09:40:05 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 09:40:05 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 09:39:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 09:39:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.18 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\T\Desktop\Saarspektakel
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 17:10:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\T\Desktop\OTL.exe
[2012.07.17 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 16:54:37 | 000,000,061 | ---- | M] () -- C:\Users\T\Desktop\Trojaneralarm TRAtraps.gen - Spyware Hilfe.URL
[2012.07.17 16:38:46 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 16:38:46 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 16:35:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.17 16:35:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.17 16:35:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.17 16:35:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.17 16:35:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 16:30:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 16:29:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 16:29:47 | 2129,297,407 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 16:19:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 15:18:43 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
[2012.07.17 15:18:43 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
[2012.07.17 15:09:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 14:30:24 | 025,141,301 | ---- | M] () -- C:\Users\T\Desktop\WIEDERHERGESTELLT_test.fla
[2012.07.17 14:13:18 | 003,997,194 | ---- | M] () -- C:\Users\T\Desktop\MVI_6419.flv
[2012.07.16 16:54:04 | 000,167,629 | ---- | M] () -- C:\Users\T\Desktop\lottoinfonet-saar-anibanner.aep
[2012.07.16 16:50:49 | 016,446,120 | ---- | M] () -- C:\Users\T\Desktop\MVI_6419.swf
[2012.07.16 16:50:32 | 000,008,321 | ---- | M] () -- C:\Users\T\Desktop\AC_RunActiveContent.js
[2012.07.16 14:12:41 | 000,000,670 | ---- | M] () -- C:\Users\T\Desktop\Projekte *Schaller & Partner - Werbeagentur GWA in Mannheim..website
[2012.07.16 10:15:18 | 000,328,704 | ---- | M] () -- C:\Windows\SysNative\services.exe
[2012.07.13 17:54:48 | 000,158,374 | ---- | M] () -- C:\Users\T\Desktop\test.fla
[2012.07.13 15:46:27 | 011,690,063 | ---- | M] () -- C:\Users\T\Desktop\graphicriver-2360603-various-vector-badges.zip
[2012.07.13 11:44:31 | 002,584,576 | ---- | M] () -- C:\Users\T\Desktop\St. Arnual blüht auf.indd
[2012.07.13 10:01:34 | 010,120,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 13:58:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 13:58:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.11 16:43:17 | 000,709,274 | ---- | M] () -- C:\Users\T\Desktop\lotto-infonet-saar-angebot-anforndern.eps
[2012.07.11 15:57:37 | 000,000,115 | ---- | M] () -- C:\Users\T\Desktop\„DESIGNFEE Honorar Kalkulator - Design kalkulieren. Stundensatz berechnen.“ für iPhone 3GS, iPhone 4, iPhone 4S, iPod touch .URL
[2012.07.11 10:55:08 | 000,301,515 | ---- | M] () -- C:\Users\T\Desktop\facebook-header.psd
[2012.07.11 10:32:39 | 000,076,745 | ---- | M] () -- C:\Users\T\Desktop\facebook-header.jpg
[2012.07.06 14:39:19 | 000,230,441 | ---- | M] () -- C:\Users\T\Desktop\Quattrocult - Wanddisplays.JPG
[2012.07.05 16:51:27 | 002,363,013 | ---- | M] () -- C:\Users\T\Desktop\originale-5.psd
[2012.07.05 15:39:21 | 000,000,080 | ---- | M] () -- C:\Users\T\Desktop\Ihr Messeausstatter Banner, Faltdisplays, RollUps, Theken, uvm..URL
[2012.07.05 15:24:23 | 002,258,609 | ---- | M] () -- C:\Users\T\Desktop\img_20120116_103452.jpeg w=400&h=298.jpg
[2012.07.05 11:12:35 | 638,935,485 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.05 11:07:05 | 000,000,114 | ---- | M] () -- C:\Users\T\Desktop\Seal of Approval Isolated Stock Photo iStock.URL
[2012.07.05 11:03:29 | 000,000,103 | ---- | M] () -- C:\Users\T\Desktop\heart wax seal Stock Photo iStock.URL
[2012.07.05 10:41:36 | 000,001,358 | ---- | M] () -- C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.07.04 17:44:54 | 001,279,969 | ---- | M] () -- C:\Users\T\Desktop\Teamgeist.ai
[2012.07.03 14:14:06 | 001,115,648 | ---- | M] () -- C:\Users\T\Desktop\IN-SZENE - Mediakonzept I - St. Arnual blüht auf.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 13:28:01 | 000,548,864 | ---- | M] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.indd
[2012.07.03 12:58:42 | 003,751,667 | ---- | M] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.pdf
[2012.07.03 11:43:13 | 000,496,174 | ---- | M] () -- C:\Users\T\Desktop\Saarspektakel-flash2.psd
[2012.07.02 14:03:52 | 000,000,051 | ---- | M] () -- C:\Users\T\Desktop\Lena Hennig.URL
[2012.07.02 11:16:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.07.02 11:14:56 | 000,001,845 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.06.28 10:43:16 | 000,000,132 | ---- | M] () -- C:\Users\T\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.06.27 15:46:25 | 000,000,056 | ---- | M] () -- C:\Users\T\Desktop\Auftraggeber « Intuity Media Lab.URL
[2012.06.26 16:20:37 | 000,047,633 | ---- | M] () -- C:\Windows\SysWow64\wuwuninst.exe
[2012.06.26 11:58:12 | 000,001,456 | ---- | M] () -- C:\Users\T\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.06.26 11:18:30 | 001,323,334 | ---- | M] () -- C:\Users\T\Desktop\LOTTO Front.ai
[2012.06.22 17:35:02 | 000,000,058 | ---- | M] () -- C:\Users\T\Desktop\Logo Faves Logo Inspiration Gallery.URL
[2012.06.18 17:25:34 | 000,000,083 | ---- | M] () -- C:\Users\T\Desktop\Font Squirrel Sans Serif Free Fonts.URL
[2012.06.18 17:06:05 | 000,000,085 | ---- | M] () -- C:\Users\T\Desktop\VTV_Klappentext.pdf (applicationpdf-Objekt).URL
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.17 17:00:35 | 000,022,528 | ---- | C] () -- C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\800000cb.@
[2012.07.17 17:00:35 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\80000000.@
[2012.07.17 16:54:37 | 000,000,061 | ---- | C] () -- C:\Users\T\Desktop\Trojaneralarm TRAtraps.gen - Spyware Hilfe.URL
[2012.07.17 15:09:32 | 000,000,502 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
[2012.07.17 15:09:31 | 000,000,502 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
[2012.07.17 15:09:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.17 14:30:54 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\U\00000001.@
[2012.07.17 14:30:23 | 025,141,301 | ---- | C] () -- C:\Users\T\Desktop\WIEDERHERGESTELLT_test.fla
[2012.07.16 16:54:03 | 000,167,629 | ---- | C] () -- C:\Users\T\Desktop\lottoinfonet-saar-anibanner.aep
[2012.07.16 16:51:14 | 003,997,194 | ---- | C] () -- C:\Users\T\Desktop\MVI_6419.flv
[2012.07.16 16:50:29 | 016,446,120 | ---- | C] () -- C:\Users\T\Desktop\MVI_6419.swf
[2012.07.16 16:50:16 | 000,008,321 | ---- | C] () -- C:\Users\T\Desktop\AC_RunActiveContent.js
[2012.07.16 14:12:41 | 000,000,670 | ---- | C] () -- C:\Users\T\Desktop\Projekte *Schaller & Partner - Werbeagentur GWA in Mannheim..website
[2012.07.13 17:54:48 | 000,158,374 | ---- | C] () -- C:\Users\T\Desktop\test.fla
[2012.07.13 15:45:52 | 011,690,063 | ---- | C] () -- C:\Users\T\Desktop\graphicriver-2360603-various-vector-badges.zip
[2012.07.11 16:43:15 | 000,709,274 | ---- | C] () -- C:\Users\T\Desktop\lotto-infonet-saar-angebot-anforndern.eps
[2012.07.11 15:57:37 | 000,000,115 | ---- | C] () -- C:\Users\T\Desktop\„DESIGNFEE Honorar Kalkulator - Design kalkulieren. Stundensatz berechnen.“ für iPhone 3GS, iPhone 4, iPhone 4S, iPod touch .URL
[2012.07.11 10:32:38 | 000,076,745 | ---- | C] () -- C:\Users\T\Desktop\facebook-header.jpg
[2012.07.11 10:29:30 | 000,301,515 | ---- | C] () -- C:\Users\T\Desktop\facebook-header.psd
[2012.07.06 14:37:59 | 000,230,441 | ---- | C] () -- C:\Users\T\Desktop\Quattrocult - Wanddisplays.JPG
[2012.07.05 15:39:21 | 000,000,080 | ---- | C] () -- C:\Users\T\Desktop\Ihr Messeausstatter Banner, Faltdisplays, RollUps, Theken, uvm..URL
[2012.07.05 15:24:21 | 002,258,609 | ---- | C] () -- C:\Users\T\Desktop\img_20120116_103452.jpeg w=400&h=298.jpg
[2012.07.05 11:57:23 | 002,363,013 | ---- | C] () -- C:\Users\T\Desktop\originale-5.psd
[2012.07.05 11:07:05 | 000,000,114 | ---- | C] () -- C:\Users\T\Desktop\Seal of Approval Isolated Stock Photo iStock.URL
[2012.07.05 11:03:29 | 000,000,103 | ---- | C] () -- C:\Users\T\Desktop\heart wax seal Stock Photo iStock.URL
[2012.07.05 10:41:36 | 000,001,358 | ---- | C] () -- C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.07.04 17:41:04 | 001,279,969 | ---- | C] () -- C:\Users\T\Desktop\Teamgeist.ai
[2012.07.03 13:55:35 | 000,020,432 | ---- | C] () -- C:\Users\T\Desktop\web-unterschrift08.jpg
[2012.07.03 13:28:00 | 000,548,864 | ---- | C] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.indd
[2012.07.03 12:56:50 | 003,751,667 | ---- | C] () -- C:\Users\T\Desktop\Flyer_DaarlerSchatzkammer.pdf
[2012.07.03 11:43:13 | 000,496,174 | ---- | C] () -- C:\Users\T\Desktop\Saarspektakel-flash2.psd
[2012.07.02 19:31:01 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.02 16:23:41 | 638,935,485 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.02 14:03:52 | 000,000,051 | ---- | C] () -- C:\Users\T\Desktop\Lena Hennig.URL
[2012.07.02 12:16:02 | 001,115,648 | ---- | C] () -- C:\Users\T\Desktop\IN-SZENE - Mediakonzept I - St. Arnual blüht auf.pdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.07.02 11:16:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.07.02 11:14:56 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.06.27 15:46:25 | 000,000,056 | ---- | C] () -- C:\Users\T\Desktop\Auftraggeber « Intuity Media Lab.URL
[2012.06.26 16:20:37 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2012.06.26 16:20:35 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.06.26 10:24:05 | 001,323,334 | ---- | C] () -- C:\Users\T\Desktop\LOTTO Front.ai
[2012.06.25 12:29:12 | 002,584,576 | ---- | C] () -- C:\Users\T\Desktop\St. Arnual blüht auf.indd
[2012.06.22 17:35:02 | 000,000,058 | ---- | C] () -- C:\Users\T\Desktop\Logo Faves Logo Inspiration Gallery.URL
[2012.06.18 17:25:34 | 000,000,083 | ---- | C] () -- C:\Users\T\Desktop\Font Squirrel Sans Serif Free Fonts.URL
[2012.06.18 17:06:05 | 000,000,085 | ---- | C] () -- C:\Users\T\Desktop\VTV_Klappentext.pdf (applicationpdf-Objekt).URL
[2012.04.10 11:03:42 | 000,000,132 | ---- | C] () -- C:\Users\T\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.04.04 16:41:57 | 000,001,456 | ---- | C] () -- C:\Users\T\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.04.02 12:52:51 | 000,007,602 | ---- | C] () -- C:\Users\T\AppData\Local\Resmon.ResmonCfg
[2012.03.28 23:00:58 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\@
[2012.03.28 23:00:58 | 000,002,048 | -HS- | C] () -- C:\Users\T\AppData\Local\{1ef05c06-45e1-6679-9cf1-5c3f7b23ac13}\@
[2012.03.28 21:52:57 | 000,041,883 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.03.26 21:41:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.26 21:41:34 | 000,029,009 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2012.05.04 14:28:39 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.07.17 16:30:42 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Dropbox
[2012.04.25 10:39:41 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\ImTOO
[2012.07.02 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Leadertech
[2012.03.30 15:44:36 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\OpenOffice.org
[2012.04.11 14:06:38 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\PACE Anti-Piracy
[2012.05.03 15:02:51 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.04.11 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Stardock
[2012.04.02 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\TeamViewer
[2012.03.28 23:18:48 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Thunderbird
[2012.06.26 13:30:55 | 000,000,000 | ---D | M] -- C:\Users\T\AppData\Roaming\Titanium
[2009.07.14 07:08:49 | 000,024,066 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.17 15:18:43 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e8afdddc-cb9a-4881-be25-5d988f1a6a86.job
[2012.07.17 15:18:43 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f41d779a-6641-4d8b-bacd-3dbaabbcb419.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.03 13:09:05 | 000,000,073 | ---- | M] ()(C:\Users\T\Desktop\?Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL) -- C:\Users\T\Desktop\→Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL
[2012.07.03 13:09:05 | 000,000,073 | ---- | C] ()(C:\Users\T\Desktop\?Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL) -- C:\Users\T\Desktop\→Umwandeln Fontdateien ttf otf fon pfb dfont afm.URL

< End of report >
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.07.2012 17:11:41 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\T\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 66,36% Memory free
15,95 Gb Paging File | 13,14 Gb Available in Paging File | 82,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 369,06 Gb Free Space | 79,26% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 249,63 Gb Free Space | 53,60% Space Free | Partition Type: NTFS
Drive J: | 3,91 Gb Total Space | 3,89 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
 
Computer Name: TOBI-BÜRO-SR | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.79
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{c83225a4-e65b-47d5-9d35-400b524cf4c0}" = Nero BackItUp 4 Essentials
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Fences" = Fences
"ffdshow_is1" = ffdshow [rev 1370] [2007-07-22]
"ImTOO SWF Converter 6" = ImTOO SWF Converter 6
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RocketDock_is1" = RocketDock 1.3.5
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"xampp" = XAMPP 1.7.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.07.2012 04:04:22 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.07.2012 04:25:20 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 04:21:33 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 08:34:19 | Computer Name = Tobi-Büro-SR | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.1.4548,
 Zeitstempel: 0x4fda5ff0  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll, 
Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00300597  ID des fehlerhaften Prozesses: 0x159c  Startzeit der fehlerhaften Anwendung:
 0x01cd63f675db5204  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 ba292129-d00b-11e1-ad7d-5404a6c028f1
 
Error - 17.07.2012 08:36:36 | Computer Name = Tobi-Büro-SR | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 7531CCA9000002F49FF189F4F875F002.exe,
 Version: 0.0.0.0, Zeitstempel: 0x4fff7bd7  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x779d1264  ID des fehlerhaften Prozesses: 0x2ac  Startzeit der fehlerhaften Anwendung:
 0x01cd6418cde5238b  Pfad der fehlerhaften Anwendung: C:\ProgramData\7531CCA9000002F49FF189F4F875F002\7531CCA9000002F49FF189F4F875F002.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0bc149f1-d00c-11e1-ad7d-5404a6c028f1
 
Error - 17.07.2012 09:06:48 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 09:20:25 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 09:56:22 | Computer Name = Tobi-Büro-SR | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Illustrator.exe, Version: 15.1.0.39,
 Zeitstempel: 0x4d76c9e3  Name des fehlerhaften Moduls: AdobeOwl.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4b958fed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67d8fe38
ID
 des fehlerhaften Prozesses: 0x1004  Startzeit der fehlerhaften Anwendung: 0x01cd6423c52a9308
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Illustrator CS5.1\Support
 Files\Contents\Windows\Illustrator.exe  Pfad des fehlerhaften Moduls: AdobeOwl.dll
Berichtskennung:
 3085e0ae-d017-11e1-a418-5404a6c028f1
 
Error - 17.07.2012 09:56:40 | Computer Name = Tobi-Büro-SR | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Illustrator.exe, Version: 15.1.0.39,
 Zeitstempel: 0x4d76c9e3  Name des fehlerhaften Moduls: AdobeOwl.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4b958fed  Ausnahmecode: 0xc000041d  Fehleroffset: 0x67d8fe38
ID
 des fehlerhaften Prozesses: 0x1004  Startzeit der fehlerhaften Anwendung: 0x01cd6423c52a9308
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Illustrator CS5.1\Support
 Files\Contents\Windows\Illustrator.exe  Pfad des fehlerhaften Moduls: AdobeOwl.dll
Berichtskennung:
 3b6f28a4-d017-11e1-a418-5404a6c028f1
 
Error - 17.07.2012 10:31:40 | Computer Name = Tobi-Büro-SR | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.07.2012 09:07:47 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 09:17:48 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 17.07.2012 09:20:44 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.07.2012 09:20:44 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 10:31:23 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.07.2012 10:32:42 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.07.2012 10:32:42 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 10:52:35 | Computer Name = Tobi-Büro-SR | Source = volsnap | ID = 393226
Description = Die Schattenkopie von Volume "E:" hat das Installationszeitlimit überschritten.
 
Error - 17.07.2012 11:00:35 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.07.2012 11:00:35 | Computer Name = Tobi-Büro-SR | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
--- --- ---


Infos zum PC: hxxp://666kb.com/i/c5lb4on7ndixmrs91.jpg

Vielen Dank und Gruß

Tobias

PS: Ich weiß nicht ob es etwas zur Sache tut aber ich hatte gestern bereits Bekanntschaft mit "Live Security Premium" gemacht - diesen aber durch diverste Anleitungen und Programme wie "SUPERAntiSpyware" und "Malwarebytes' Anti-Malware" scheinbar bezwungen.
Die Programme sind noch vorhanden.

Zudem (es ist mir heute das erstemal aufgefallen) zeigt meine Windows Firewall eine Fehlermeldung an wenn ich sie aktivieren möchte:
Zitat:
Einige der Einstellungen können von der Windows-Firewall nicht geändert werden.
Fehlercode 0x80070424
kann mir keiner weiterhelfen?
push :-/
Geändert von TT262 (17.07.2012 um 17:02 Uhr)

 

Themen zu AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2
0x8007042, 0x80070424, adobe, adobe after effects, antivir, autorun, avg, avira, bho, black, einstellungen, enigma, explorer, fehlermeldung, firefox, flash player, format, google, google earth, home, install.exe, installation, langs, live security premium, monitor.exe, mozilla, plug-in, port, realtek, registry, scan, searchscopes, security, software, superantispyware, tr/atraps.gen und tr/atraps.gen2, usb, usb 3.0, windows, windows-firewall


« Der neuer GVU-Cam-Trojaner in Abwechslung mit Bundespolizei-Trojaner o.O | Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U »


Ähnliche Themen: AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2


  1. Antivir findet immer wieder TR/atraps.gen, TR/atraps.gen2 , HTML/expKit.Gen3
    Log-Analyse und Auswertung - 17.11.2013 (12)
  2. Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (50)
  3. Avira AntiVir meldet Atraps/Gen und Gen2
    Log-Analyse und Auswertung - 09.08.2013 (3)
  4. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  5. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  6. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  7. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  8. Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an.
    Log-Analyse und Auswertung - 09.08.2012 (7)
  9. Avira meldet TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.wjr
    Log-Analyse und Auswertung - 01.08.2012 (1)
  10. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  11. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  12. Trojaner tr/atraps.gen & tr atraps.gen2 von AntiVir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (5)
  13. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  14. Antivir meldet ständig Probleme mit TR/ATRAPS.Gen2 und TR/Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (23)
  15. ANTIVIR meldet tr/sirefef.gc.1 und ATRAPS Gen2 - Was kann ich tun? Anbei Logs
    Log-Analyse und Auswertung - 13.06.2012 (1)
  16. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  17. AntiVir findet TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 02.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2 - Hallo zusammen, Seit heute meldet mir AniVir zwei Viren/Trojaner: TR/ATRAPS.Gen und TR/ATRAPS.Gen2. Laut Google scheinen die Zwei ja bereits bekannt zu sein... Ich hoffe hier kann mir jemand helfen. Ich - AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2...
Archiv
Du betrachtest: AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132