Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.08.2012, 22:35   #1
Herr Ribbeck
 
Trojaner TR/ATRAPS.Gen2 in c:\windows\installer... - Standard

Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...



Hallo zusammen,

mein Avira Free Antivir zeigt mir seit einigen Stunden immer mal wieder den Fund des folgenden Trojaners an: TR/ATRAPS.Gen2

Habe nach gleichen Fällen im Forum gesucht und als erste Maßnahme nun den OTL installiert und drüber laufen lassen.
Hier die Log-Files:

OTL.Txt
Code:
ATTFilter
OTL logfile created on: 04.08.2012 21:49:18 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Elmar\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 24,41% Memory free
1,94 Gb Paging File | 0,42 Gb Available in Paging File | 21,71% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,94 Gb Total Space | 17,80 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,60 Gb Free Space | 26,02% Space Free | Partition Type: NTFS
Drive F: | 14,90 Gb Total Space | 14,85 Gb Free Space | 99,67% Space Free | Partition Type: FAT32
 
Computer Name: ELMAR-PC | User Name: Elmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Elmar\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Elmar\AppData\Local\Temp\25082339.exe (Shuttle)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ef6e3eb351fe12a5766be7c956c35d95\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Users\Elmar\AppData\Local\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Winamp\winampa.exe ()
MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll ()
MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (kwflower) -- system32\DRIVERS\kwflower.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (Aspi32) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (kvpndev) -- C:\Windows\System32\drivers\kvpndrv.sys (Kerio Technologies Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (NAL) -- C:\Windows\System32\drivers\iqvw32.sys (Intel Corporation )
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (k750bus) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
DRV - (k750obex) -- C:\Windows\System32\drivers\k750obex.sys (MCCI)
DRV - (k750mgmt) -- C:\Windows\System32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdm) -- C:\Windows\System32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\Windows\System32\drivers\k750mdfl.sys (MCCI)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\dlportio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=6080828
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ixquick.com/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: D:\Program Files\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: D:\Program Files\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: D:\Program Files\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\browserrecord [2009.01.17 14:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 11:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 21:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.18 20:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.03.26 20:09:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 11:22:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 21:02:24 | 000,000,000 | ---D | M]
 
[2010.12.01 21:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elmar\AppData\Roaming\mozilla\Extensions
[2010.12.01 21:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elmar\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.04 14:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elmar\AppData\Roaming\mozilla\Firefox\Profiles\udbl80xh.default\extensions
[2010.12.29 22:07:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Elmar\AppData\Roaming\mozilla\Firefox\Profiles\udbl80xh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.10 22:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.20 11:22:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.11 19:31:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.11 19:31:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.11 19:31:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.11 19:31:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 19:31:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.11 19:31:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tuloxFreeWBE] C:\Program Files\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [nynytdulnunp] C:\Users\Elmar\nynytdulnunp.exe (Shuttle)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF71D97C-08C8-411E-B4FE-2A8169472BD0}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6710F80-7574-45E0-B12D-14E354DCE842}: DhcpNameServer = 192.168.100.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Safe Extern\Pics\Spanien Sylvester 2007\CIMG3363.JPG
O24 - Desktop BackupWallPaper: C:\Safe Extern\Pics\Spanien Sylvester 2007\CIMG3363.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{0e660690-b4be-11dd-9060-0021700e3273}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{0e660690-b4be-11dd-9060-0021700e3273}\Shell\open\Command - "" = rundll32.exe .\\mjvideo.dll,InstallM
O33 - MountPoints2\{67d917fc-eee4-11de-b4dc-0021700e3273}\Shell - "" = AutoRun
O33 - MountPoints2\{67d917fc-eee4-11de-b4dc-0021700e3273}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a7c6a639-84cb-11dd-8e0a-0021700e3273}\Shell\AutoRun\command - "" = F:\ -- File not found
O33 - MountPoints2\{a7c6a639-84cb-11dd-8e0a-0021700e3273}\Shell\open\Command - "" = rundll32.exe .\\racpldag.dll,InstallM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.04 21:47:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Elmar\Desktop\OTL.exe
[2012.08.04 18:21:12 | 000,087,008 | ---- | C] (Shuttle) -- C:\Users\Elmar\nynytdulnunp.exe
[2012.07.28 12:10:18 | 000,000,000 | ---D | C] -- C:\Users\Elmar\Desktop\Elmar
[2012.07.11 20:51:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 20:49:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 20:49:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 20:49:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 20:49:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 20:49:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 20:49:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 20:49:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 19:50:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.10 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Elmar\AppData\Roaming\Canon
[2012.07.10 20:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.07.10 20:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012.07.10 20:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.08.04 21:47:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Elmar\Desktop\OTL.exe
[2012.08.04 21:23:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 21:23:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 21:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.04 21:18:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.04 19:34:48 | 000,647,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.04 19:34:48 | 000,603,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.04 19:34:48 | 000,132,220 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.04 19:34:48 | 000,109,246 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.04 18:25:38 | 000,000,000 | ---- | M] () -- C:\Users\Elmar\Desktop\httpwww.beleuchtung-mit-led.deindex.phpcatc46_LED-Einbauleuchte.htmlXTCsidlrinrkgmnpkkkk3mpo47f6s6r4
[2012.08.04 18:20:39 | 000,087,008 | ---- | M] (Shuttle) -- C:\Users\Elmar\nynytdulnunp.exe
[2012.08.04 17:29:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 14:09:59 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.07.29 18:26:58 | 000,000,118 | ---- | M] () -- C:\Users\Elmar\Desktop\Hewlett Packard OfficeJet 6500A Plus Wireless - Preis ab €128,65 - CHIP Online.URL
[2012.07.29 16:25:00 | 000,130,560 | ---- | M] () -- C:\Users\Elmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.22 13:58:59 | 001,512,665 | ---- | M] () -- C:\Users\Elmar\Desktop\Installationshandbuch Ambrogio_L200_L300_ 01-09 für Händler.pdf
[2012.07.12 18:48:32 | 000,356,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 20:06:49 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\CanoScan Toolbox 5.0.lnk
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.08.04 21:45:57 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\U\800000cb.@
[2012.08.04 21:45:56 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\U\80000000.@
[2012.08.04 18:25:38 | 000,000,000 | ---- | C] () -- C:\Users\Elmar\Desktop\httpwww.beleuchtung-mit-led.deindex.phpcatc46_LED-Einbauleuchte.htmlXTCsidlrinrkgmnpkkkk3mpo47f6s6r4
[2012.08.04 18:21:40 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\U\00000001.@
[2012.07.29 18:26:58 | 000,000,118 | ---- | C] () -- C:\Users\Elmar\Desktop\Hewlett Packard OfficeJet 6500A Plus Wireless - Preis ab €128,65 - CHIP Online.URL
[2012.07.28 12:11:08 | 000,195,045 | ---- | C] () -- C:\Users\Elmar\Desktop\dscf0225.jpg
[2012.07.22 13:58:52 | 001,512,665 | ---- | C] () -- C:\Users\Elmar\Desktop\Installationshandbuch Ambrogio_L200_L300_ 01-09 für Händler.pdf
[2012.07.10 20:06:34 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan Toolbox 5.0.lnk
[2012.06.08 10:45:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.06.08 10:44:45 | 000,182,264 | ---- | C] () -- C:\Windows\System32\BpShellEx.dll
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.01.16 11:11:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\@
[2012.01.16 11:11:24 | 000,002,048 | -HS- | C] () -- C:\Users\Elmar\AppData\Local\{1224c6c7-ab42-faef-6960-a501c5dd0a20}\@
[2011.12.08 10:16:40 | 000,179,544 | ---- | C] () -- C:\Users\Elmar\Siteco Beleuchtung Halle Geldern.pdf
[2011.12.08 10:16:39 | 000,147,615 | ---- | C] () -- C:\Users\Elmar\BA-1_Index-)_Grundriss Erdgeschoss_1-100.pdf
[2011.12.08 10:16:38 | 000,057,169 | ---- | C] () -- C:\Users\Elmar\Siteco Beleuchtung Materialaufstellung.pdf
[2011.12.08 10:16:37 | 000,211,347 | ---- | C] () -- C:\Users\Elmar\BA-2_Index-)_Ansichten -Schnitte_1-100.pdf
[2011.01.25 18:09:25 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.01.25 18:09:25 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.12.24 16:46:53 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008.11.09 20:36:31 | 000,000,104 | ---- | C] () -- C:\Users\Elmar\AppData\Roaming\wklnhst.dat
[2008.11.04 20:32:25 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.10.06 18:43:23 | 000,000,680 | ---- | C] () -- C:\Users\Elmar\AppData\Local\d3d9caps.dat
[2008.09.15 19:54:40 | 000,130,560 | ---- | C] () -- C:\Users\Elmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:ACFD4D41A0553C3E

< End of report >
         

und hier noch die Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 04.08.2012 21:49:18 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Elmar\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 24,41% Memory free
1,94 Gb Paging File | 0,42 Gb Available in Paging File | 21,71% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,94 Gb Total Space | 17,80 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,60 Gb Free Space | 26,02% Space Free | Partition Type: NTFS
Drive F: | 14,90 Gb Total Space | 14,85 Gb Free Space | 99,67% Space Free | Partition Type: FAT32
 
Computer Name: ELMAR-PC | User Name: Elmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{13CE6A18-2936-49E5-B10C-148A12C035DD}" = Kaufmann 2012 Professional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38AD6EA4-BBC1-4A95-B792-9950D48E2171}" = Kerio Visual C++ 2005 redistributable permanent package
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7E633D02-4F36-4FE2-8BFC-97FFDC1BE9DC}" = WISO Web-Kaufmann V3
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"389F9A39E4CA33F4CF20445A75F0F68DDC07CE7B" = Windows-Treiberpaket - Das (WinUSB) USB  (10/21/2010 1.2.7)
"3CAABDB4D5E19760A561BDB6506A3E8432AE8457" = Windows-Treiberpaket - Das (Siudi) USB  (09/20/2010 1.6.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CloneCD" = CloneCD
"DMXControl" = DMXControl 2.10
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"FreeStyler_is1" = FreeStyler
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"Online Poststelle_is1" = Online Poststelle - Druckertreiber 2.1.102
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenVPN" = OpenVPN 2.2.2
"Pinball" = 3D Pinball from Plus! for Windows 95
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 6.0" = RealPlayer
"Trillian" = Trillian
"tulox Freeware-Wörterbuch (Englisch)" = tulox Freeware-Wörterbuch (Englisch)
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVWiz" = Intel(R) TV Wizard
"vcSlider Control" = vcSlider Control
"VLC media player" = VLC media player 0.9.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.07.2012 14:01:06 | Computer Name = Elmar-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MediaServer.exe, Version 0.0.0.0, Zeitstempel
 0x4e3309c6, fehlerhaftes Modul libapr.dll, Version 0.0.0.0, Zeitstempel 0x4a8a1aa1,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00006e44,  Prozess-ID 0xd08, Anwendungsstartzeit
 01cd5ec5e1454a5a.
 
Error - 11.07.2012 13:39:07 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2012 12:48:54 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 08:43:45 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 13:44:35 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 17:09:28 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.07.2012 04:13:17 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.07.2012 11:30:29 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.07.2012 14:01:52 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.07.2012 11:34:05 | Computer Name = Elmar-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 04.08.2012 15:57:42 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:58:44 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:58:44 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:58:45 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:58:45 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:18 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:19 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:19 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:32 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2012 15:59:32 | Computer Name = Elmar-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         

Ich habe noch nie großartig mit Viren oder Trojanern zu tun gehabt und freue mich umsomehr, dass es dieses Forum gibt. Wirklich eine klasse Einrichtung!

Gruß
Elmar

Alt 06.08.2012, 20:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ATRAPS.Gen2 in c:\windows\installer... - Standard

Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...



Zitat:
mein Avira Free Antivir zeigt mir seit einigen Stunden immer mal wieder den Fund des folgenden Trojaners an: TR/ATRAPS.Gen2
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...
ad-aware, antivir, autorun, avira, bho, error, excel, firefox, flash player, format, google earth, hewlett packard, home, install.exe, logfile, mozilla, officejet, realtek, registry, rundll, scan, security, software, trojaner, trojaner tr/atraps.gen, usb, viren, vista, windows, wiso



Ähnliche Themen: Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...


  1. TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC
    Log-Analyse und Auswertung - 27.07.2013 (23)
  2. TR/ATRAPS.Gen2 gefunden in Windows\installer
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (53)
  3. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  4. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  5. Avira: TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer...
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (9)
  6. "TR/ATRAPS.Gen2 in C:\Windows\Installer\{8cf887ed-840d-0eaa-7d51-11911c07a980}\U\80000032.@"
    Log-Analyse und Auswertung - 13.10.2012 (16)
  7. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  8. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  9. TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  10. TR/ATRAPS.Gen2 in C:\Windows\Installer\{f6f92717-f7b0-1b2a-ac00-1327096c2974}\U\800000cb.@
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...}
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (5)
  12. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\WINDOWS\Installer\...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  13. TR/ATRAPS GEN2 in Windows Installer und Lokale Einstellungen
    Log-Analyse und Auswertung - 11.07.2012 (1)
  14. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...} und JAVA/Dldr.Lamar.CI
    Mülltonne - 09.07.2012 (2)
  15. TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (14)
  16. TR/ATRAPS.Gen2 und TR/Sirefef.AG.35 in C:Windows\Installer\
    Log-Analyse und Auswertung - 14.06.2012 (3)
  17. (2x) TR/ATRAPS.Gen2 und Sirefef.AG.35 werden ständig von Avira erkannt (Installer-Virus)
    Mülltonne - 05.06.2012 (1)

Zum Thema Trojaner TR/ATRAPS.Gen2 in c:\windows\installer... - Hallo zusammen, mein Avira Free Antivir zeigt mir seit einigen Stunden immer mal wieder den Fund des folgenden Trojaners an: TR/ATRAPS.Gen2 Habe nach gleichen Fällen im Forum gesucht und als - Trojaner TR/ATRAPS.Gen2 in c:\windows\installer......
Archiv
Du betrachtest: Trojaner TR/ATRAPS.Gen2 in c:\windows\installer... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.