Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...

Herr Ribbeck · 04.08.2012, 21:35

Hallo zusammen,

mein Avira Free Antivir zeigt mir seit einigen Stunden immer mal wieder den Fund des folgenden Trojaners an: TR/ATRAPS.Gen2

Habe nach gleichen Fällen im Forum gesucht und als erste Maßnahme nun den OTL installiert und drüber laufen lassen.
Hier die Log-Files:

OTL.Txt

Code:

ATTFilter

OTL logfile created on: 04.08.2012 21:49:18 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Elmar\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 24,41% Memory free
1,94 Gb Paging File | 0,42 Gb Available in Paging File | 21,71% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,94 Gb Total Space | 17,80 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,60 Gb Free Space | 26,02% Space Free | Partition Type: NTFS
Drive F: | 14,90 Gb Total Space | 14,85 Gb Free Space | 99,67% Space Free | Partition Type: FAT32
 
Computer Name: ELMAR-PC | User Name: Elmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Elmar\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Elmar\AppData\Local\Temp\25082339.exe (Shuttle)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ef6e3eb351fe12a5766be7c956c35d95\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Users\Elmar\AppData\Local\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Winamp\winampa.exe ()
MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll ()
MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (kwflower) -- system32\DRIVERS\kwflower.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (Aspi32) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (kvpndev) -- C:\Windows\System32\drivers\kvpndrv.sys (Kerio Technologies Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (NAL) -- C:\Windows\System32\drivers\iqvw32.sys (Intel Corporation )
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (k750bus) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
DRV - (k750obex) -- C:\Windows\System32\drivers\k750obex.sys (MCCI)
DRV - (k750mgmt) -- C:\Windows\System32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdm) -- C:\Windows\System32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\Windows\System32\drivers\k750mdfl.sys (MCCI)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\dlportio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=6080828
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ixquick.com/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: D:\Program Files\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: D:\Program Files\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: D:\Program Files\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\browserrecord [2009.01.17 14:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 11:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 21:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.18 20:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.03.26 20:09:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 11:22:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 21:02:24 | 000,000,000 | ---D | M]
 
[2010.12.01 21:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elmar\AppData\Roaming\mozilla\Extensions
[2010.12.01 21:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elmar\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.04 14:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elmar\AppData\Roaming\mozilla\Firefox\Profiles\udbl80xh.default\extensions
[2010.12.29 22:07:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Elmar\AppData\Roaming\mozilla\Firefox\Profiles\udbl80xh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.10 22:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.20 11:22:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.11 19:31:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.11 19:31:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.11 19:31:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.11 19:31:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 19:31:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.11 19:31:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tuloxFreeWBE] C:\Program Files\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [nynytdulnunp] C:\Users\Elmar\nynytdulnunp.exe (Shuttle)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF71D97C-08C8-411E-B4FE-2A8169472BD0}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6710F80-7574-45E0-B12D-14E354DCE842}: DhcpNameServer = 192.168.100.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Safe Extern\Pics\Spanien Sylvester 2007\CIMG3363.JPG
O24 - Desktop BackupWallPaper: C:\Safe Extern\Pics\Spanien Sylvester 2007\CIMG3363.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{0e660690-b4be-11dd-9060-0021700e3273}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{0e660690-b4be-11dd-9060-0021700e3273}\Shell\open\Command - "" = rundll32.exe .\\mjvideo.dll,InstallM
O33 - MountPoints2\{67d917fc-eee4-11de-b4dc-0021700e3273}\Shell - "" = AutoRun
O33 - MountPoints2\{67d917fc-eee4-11de-b4dc-0021700e3273}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a7c6a639-84cb-11dd-8e0a-0021700e3273}\Shell\AutoRun\command - "" = F:\ -- File not found
O33 - MountPoints2\{a7c6a639-84cb-11dd-8e0a-0021700e3273}\Shell\open\Command - "" = rundll32.exe .\\racpldag.dll,InstallM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.04 21:47:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Elmar\Desktop\OTL.exe
[2012.08.04 18:21:12 | 000,087,008 | ---- | C] (Shuttle) -- C:\Users\Elmar\nynytdulnunp.exe
[2012.07.28 12:10:18 | 000,000,000 | ---D | C] -- C:\Users\Elmar\Desktop\Elmar
[2012.07.11 20:51:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 20:49:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 20:49:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 20:49:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 20:49:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 20:49:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 20:49:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 20:49:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 19:50:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.10 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Elmar\AppData\Roaming\Canon
[2012.07.10 20:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.07.10 20:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012.07.10 20:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.08.04 21:47:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Elmar\Desktop\OTL.exe
[2012.08.04 21:23:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 21:23:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 21:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.04 21:18:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.04 19:34:48 | 000,647,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.04 19:34:48 | 000,603,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.04 19:34:48 | 000,132,220 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.04 19:34:48 | 000,109,246 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.04 18:25:38 | 000,000,000 | ---- | M] () -- C:\Users\Elmar\Desktop\httpwww.beleuchtung-mit-led.deindex.phpcatc46_LED-Einbauleuchte.htmlXTCsidlrinrkgmnpkkkk3mpo47f6s6r4
[2012.08.04 18:20:39 | 000,087,008 | ---- | M] (Shuttle) -- C:\Users\Elmar\nynytdulnunp.exe
[2012.08.04 17:29:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 14:09:59 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.07.29 18:26:58 | 000,000,118 | ---- | M] () -- C:\Users\Elmar\Desktop\Hewlett Packard OfficeJet 6500A Plus Wireless - Preis ab €128,65 - CHIP Online.URL
[2012.07.29 16:25:00 | 000,130,560 | ---- | M] () -- C:\Users\Elmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.22 13:58:59 | 001,512,665 | ---- | M] () -- C:\Users\Elmar\Desktop\Installationshandbuch Ambrogio_L200_L300_ 01-09 für Händler.pdf
[2012.07.12 18:48:32 | 000,356,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 20:06:49 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\CanoScan Toolbox 5.0.lnk
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.08.04 21:45:57 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\U\800000cb.@
[2012.08.04 21:45:56 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\U\80000000.@
[2012.08.04 18:25:38 | 000,000,000 | ---- | C] () -- C:\Users\Elmar\Desktop\httpwww.beleuchtung-mit-led.deindex.phpcatc46_LED-Einbauleuchte.htmlXTCsidlrinrkgmnpkkkk3mpo47f6s6r4
[2012.08.04 18:21:40 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\U\00000001.@
[2012.07.29 18:26:58 | 000,000,118 | ---- | C] () -- C:\Users\Elmar\Desktop\Hewlett Packard OfficeJet 6500A Plus Wireless - Preis ab €128,65 - CHIP Online.URL
[2012.07.28 12:11:08 | 000,195,045 | ---- | C] () -- C:\Users\Elmar\Desktop\dscf0225.jpg
[2012.07.22 13:58:52 | 001,512,665 | ---- | C] () -- C:\Users\Elmar\Desktop\Installationshandbuch Ambrogio_L200_L300_ 01-09 für Händler.pdf
[2012.07.10 20:06:34 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan Toolbox 5.0.lnk
[2012.06.08 10:45:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.06.08 10:44:45 | 000,182,264 | ---- | C] () -- C:\Windows\System32\BpShellEx.dll
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.01.16 11:11:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\@
[2012.01.16 11:11:24 | 000,002,048 | -HS- | C] () -- C:\Users\Elmar\AppData\Local\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\@
[2011.12.08 10:16:40 | 000,179,544 | ---- | C] () -- C:\Users\Elmar\Siteco Beleuchtung Halle Geldern.pdf
[2011.12.08 10:16:39 | 000,147,615 | ---- | C] () -- C:\Users\Elmar\BA-1_Index-)_Grundriss Erdgeschoss_1-100.pdf
[2011.12.08 10:16:38 | 000,057,169 | ---- | C] () -- C:\Users\Elmar\Siteco Beleuchtung Materialaufstellung.pdf
[2011.12.08 10:16:37 | 000,211,347 | ---- | C] () -- C:\Users\Elmar\BA-2_Index-)_Ansichten -Schnitte_1-100.pdf
[2011.01.25 18:09:25 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.01.25 18:09:25 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.12.24 16:46:53 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008.11.09 20:36:31 | 000,000,104 | ---- | C] () -- C:\Users\Elmar\AppData\Roaming\wklnhst.dat
[2008.11.04 20:32:25 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.10.06 18:43:23 | 000,000,680 | ---- | C] () -- C:\Users\Elmar\AppData\Local\d3d9caps.dat
[2008.09.15 19:54:40 | 000,130,560 | ---- | C] () -- C:\Users\Elmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:ACFD4D41A0553C3E

< End of report >

und hier noch die Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 04.08.2012 21:49:18 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Elmar\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 24,41% Memory free
1,94 Gb Paging File | 0,42 Gb Available in Paging File | 21,71% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,94 Gb Total Space | 17,80 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,60 Gb Free Space | 26,02% Space Free | Partition Type: NTFS
Drive F: | 14,90 Gb Total Space | 14,85 Gb Free Space | 99,67% Space Free | Partition Type: FAT32
 
Computer Name: ELMAR-PC | User Name: Elmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{13CE6A18-2936-49E5-B10C-148A12C035DD}" = Kaufmann 2012 Professional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38AD6EA4-BBC1-4A95-B792-9950D48E2171}" = Kerio Visual C++ 2005 redistributable permanent package
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7E633D02-4F36-4FE2-8BFC-97FFDC1BE9DC}" = WISO Web-Kaufmann V3
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"389F9A39E4CA33F4CF20445A75F0F68DDC07CE7B" = Windows-Treiberpaket - Das (WinUSB) USB  (10/21/2010 1.2.7)
"3CAABDB4D5E19760A561BDB6506A3E8432AE8457" = Windows-Treiberpaket - Das (Siudi) USB  (09/20/2010 1.6.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CloneCD" = CloneCD
"DMXControl" = DMXControl 2.10
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"FreeStyler_is1" = FreeStyler
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"Online Poststelle_is1" = Online Poststelle - Druckertreiber 2.1.102
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenVPN" = OpenVPN 2.2.2
"Pinball" = 3D Pinball from Plus! for Windows 95
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 6.0" = RealPlayer
"Trillian" = Trillian
"tulox Freeware-Wörterbuch (Englisch)" = tulox Freeware-Wörterbuch (Englisch)
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVWiz" = Intel(R) TV Wizard
"vcSlider Control" = vcSlider Control
"VLC media player" = VLC media player 0.9.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.07.2012 14:01:06 | Computer Name = Elmar-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MediaServer.exe, Version 0.0.0.0, Zeitstempel
 0x4e3309c6, fehlerhaftes Modul libapr.dll, Version 0.0.0.0, Zeitstempel 0x4a8a1aa1,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00006e44,  Prozess-ID 0xd08, Anwendungsstartzeit
 01cd5ec5e1454a5a.
 
Error - 11.07.2012 13:39:07 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2012 12:48:54 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 08:43:45 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 13:44:35 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 17:09:28 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.07.2012 04:13:17 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.07.2012 11:30:29 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.07.2012 14:01:52 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.07.2012 11:34:05 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 04.08.2012 15:57:42 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:58:44 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:58:44 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:58:45 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:58:45 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:18 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:19 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:19 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:32 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:32 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >

Ich habe noch nie großartig mit Viren oder Trojanern zu tun gehabt und freue mich umsomehr, dass es dieses Forum gibt. Wirklich eine klasse Einrichtung!

Gruß
Elmar

cosinus · 06.08.2012, 19:29

Zitat:

mein Avira Free Antivir zeigt mir seit einigen Stunden immer mal wieder den Fund des folgenden Trojaners an: TR/ATRAPS.Gen2

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...

Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...

Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...

Ähnliche Themen: Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...