Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 laut Avira - was nun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.10.2012, 10:22   #1
Conny_1986
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



Hallo,
ich habe seit gestern abend folgendes Problem mit meinem Laptop:
Fast minütlich zeigt mir Avira den Fund TR/ATRAPS.Gen2 an, der zwar in Quarantäne verschoben wird, aber immer wieder auftritt. Nach einiger Recherche via Google gehe ich davon aus, dass es sich um einen Trojaner handelt, und auch hier im Forum habe ich schon einige Themen gefunden, die dieses Thema behandeln.
Da ich aber ein ziemlicher Laie bin, wollte ich nachfragen was nun genau in meinem Fall zu tun ist, bevor ich die Anweisungen aus anderen Themen befolge und evt mein System noch mehr schädige.
Zu meinem Latop - läuft mit Windows7, hat 32Bit. Werde mich bemühen weitere Infos bereitzustellen, sofern dies notwendig ist.

Ich hoffe, dass mir hier jemand weiterhelfen kann.

Danke schon mal im Vorraus & freundliche Grüße,
Conny

Alt 09.10.2012, 10:30   #2
Jig Saw
/// Helfer-Team
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



,

beachte bitte diesen Link und arbeite diesen ab:
http://www.trojaner-board.de/69886-a...-beachten.html
Danach wird sich dir ein Helfer annehmen. Falls dennoch Fragen zu den einzelnen Schritten offen bleiben, einfach nachfragen.
Zusätzlich wäre noch der Befund von Avira interessant. Dazu bei Avira unter Befunde/ Ereignisse die Informationen posten (ich habe leider kein Avira hier, um es detailliert zu beschreiben).
__________________

__________________

Alt 09.10.2012, 15:48   #3
Conny_1986
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



habe jetzt soweit alles nach der anleitung durchgeführt

OTL.TXTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.10.2012 12:54:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Conny\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1022,18 Mb Total Physical Memory | 522,73 Mb Available Physical Memory | 51,14% Memory free
2,00 Gb Paging File | 1,16 Gb Available in Paging File | 58,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 28,62 Gb Free Space | 38,45% Space Free | Partition Type: NTFS
 
Computer Name: CONNY-PC | User Name: Conny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 12:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011.06.28 15:08:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 23:58:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.04 04:14:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.02.18 13:28:44 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.02.18 13:26:44 | 001,047,368 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.17 06:42:06 | 000,105,632 | ---- | M] (Corel) -- C:\Programme\Common Files\Corel\Standby\Standby.exe
PRC - [2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.05.09 13:04:24 | 000,090,112 | ---- | M] (IDT, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe
PRC - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.10.26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2006.09.28 21:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 15:14:14 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.28 15:08:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 23:58:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.08 18:10:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.08 16:34:45 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.02.18 13:26:44 | 001,047,368 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.18 13:22:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.05.09 13:04:24 | 000,090,112 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.28 15:08:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 15:08:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.08 15:46:53 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.09 13:05:36 | 000,650,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.11.08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.02.20 16:44:00 | 004,457,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 D8 16 71 95 5A CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = Suche
IE - HKCU\..\SearchScopes,DefaultScope = {48639E64-816C-1E71-A11F-AF2D7041DC94}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.27 22:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.10.16 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions
[2010.10.16 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.09 01:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: news.ORF.at
CHR - Extension: Skype Click to Call = C:\Users\Conny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Programme\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Programme\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Programme\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [dmctut] C:\Users\Conny\AppData\Roaming\dmctut.dll (Ray Hinchliffe)
O4 - HKLM..\Run: [HKLM] C:\Windows\System32\firefox\firefox.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [shlbme] rundll32.exe  File not found
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [uadup] rundll32.exe  File not found
O4 - HKCU..\Run: [HKCU] C:\Windows\System32\firefox\firefox.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\firefox\firefox.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\firefox\firefox.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32670B16-D541-40F7-885B-B09C62CBE8D8}: DhcpNameServer = 10.0.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF991DB5-4927-4658-80EF-FB7C3AAD8598}: DhcpNameServer = 192.168.100.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 12:53:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe
[2012.10.09 12:49:53 | 000,000,000 | ---D | C] -- C:\Users\Conny\Desktop\Files für TB
[2012.10.08 11:31:48 | 000,177,664 | ---- | C] (Ray Hinchliffe) -- C:\Users\Conny\AppData\Roaming\dmctut.dll
[2012.09.21 15:48:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\firefox
[2012.09.21 15:48:37 | 001,075,200 | ---- | C] (WinZip Computing, S.L.) -- C:\Users\Conny\AppData\Roaming\zip.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 12:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe
[2012.10.09 12:50:59 | 000,000,000 | ---- | M] () -- C:\Users\Conny\defogger_reenable
[2012.10.09 12:38:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 12:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 12:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 10:56:10 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 10:56:10 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 10:51:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.09 10:50:46 | 803,872,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.08 11:31:48 | 000,177,664 | ---- | M] (Ray Hinchliffe) -- C:\Users\Conny\AppData\Roaming\dmctut.dll
[2012.09.21 16:54:12 | 000,000,792 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs
[2012.09.21 15:48:46 | 000,154,283 | -H-- | M] () -- C:\Users\Conny\AppData\Roaming\Conny-wchelper.dll
[2012.09.21 15:48:37 | 001,075,200 | ---- | M] (WinZip Computing, S.L.) -- C:\Users\Conny\AppData\Roaming\zip.exe
[2012.09.21 15:48:36 | 000,101,955 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\me.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 12:50:59 | 000,000,000 | ---- | C] () -- C:\Users\Conny\defogger_reenable
[2012.09.21 16:54:12 | 000,000,792 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs
[2012.09.21 15:48:46 | 000,154,283 | -H-- | C] () -- C:\Users\Conny\AppData\Roaming\Conny-wchelper.dll
[2012.09.21 15:48:36 | 000,101,955 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\me.jpg
[2012.07.11 15:58:51 | 000,124,928 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\uadup.dll
[2012.06.13 22:34:05 | 000,139,776 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\shlbme.dll
[2011.06.19 19:39:29 | 000,000,000 | ---- | C] () -- C:\Users\Conny\AppData\Local\{C0CA2758-088B-4F9C-BC10-F4006C93096B}
[2011.06.19 19:23:02 | 000,000,000 | ---- | C] () -- C:\Users\Conny\AppData\Local\{7739FDA9-E4C6-4111-A493-5CECDEC9604B}
[2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\Users\Conny\AppData\Local\i2152v11p7d4sg8
[2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\ProgramData\i2152v11p7d4sg8
[2011.03.07 18:33:49 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.07 18:33:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.10.16 18:47:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.14 12:19:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\ED5232CE4B.sys
[2010.09.14 12:19:45 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.08 19:04:27 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.10.09 10:51:14 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1256000398-2896390412-820788443-1000\$5a4e273500eb688096663104a53ef100\n. -- File not found
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$5a4e273500eb688096663104a53ef100\n. -- File not found
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.21 15:54:44 | 000,000,000 | -H-D | M] -- C:\Users\Conny\AppData\Roaming\CC0D762A
[2011.08.07 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\DVDVideoSoft
[2011.08.07 15:41:52 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.14 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\IrfanView
[2011.09.21 13:05:44 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\LimeWire
[2010.10.16 18:47:10 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\Thunderbird
[2010.08.08 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\TuneUp Software
[2010.09.14 15:39:41 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\Ulead Systems
[2012.07.13 14:28:55 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\xsecva
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

EXTRA.TXTOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.10.2012 12:54:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Conny\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1022,18 Mb Total Physical Memory | 522,73 Mb Available Physical Memory | 51,14% Memory free
2,00 Gb Paging File | 1,16 Gb Available in Paging File | 58,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 28,62 Gb Free Space | 38,45% Space Free | Partition Type: NTFS
 
Computer Name: CONNY-PC | User Name: Conny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = PC Camera (0022.2009.1125.1004)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.13
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PPTmovie" = PPTexpert PPTmovie
"Search Toolbar" = Search Toolbar
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2012 06:53:18 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xea8  Startzeit der fehlerhaften Anwendung: 0x01cda60c4a751263  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 8847c3dd-11ff-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 06:54:18 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x514  Startzeit der fehlerhaften Anwendung: 0x01cda60c6e78b7e1  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: ac2a086f-11ff-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 06:55:18 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x84c  Startzeit der fehlerhaften Anwendung: 0x01cda60c925637bf  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: d007884d-11ff-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 06:56:19 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xf1c  Startzeit der fehlerhaften Anwendung: 0x01cda60cb63d4105  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: f3ec2f39-11ff-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 06:57:19 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xaa8  Startzeit der fehlerhaften Anwendung: 0x01cda60cda1b0d2e  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 17cc5dbc-1200-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 06:58:19 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x780  Startzeit der fehlerhaften Anwendung: 0x01cda60cfdfd51c0  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 3bb104a8-1200-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 06:59:20 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xfc  Startzeit der fehlerhaften Anwendung: 0x01cda60d21e45b06  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 5fd1465e-1200-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 07:00:20 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xa50  Startzeit der fehlerhaften Anwendung: 0x01cda60d45ffd808  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 83b12896-1200-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 07:01:20 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xe78  Startzeit der fehlerhaften Anwendung: 0x01cda60d69e6e14e  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: a7d62f00-1200-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 07:02:21 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xfe4  Startzeit der fehlerhaften Anwendung: 0x01cda60d8e04c0aa  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: cbb61138-1200-11e2-a1b8-0013a907be37
 
Error - 09.10.2012 07:03:21 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x238  Startzeit der fehlerhaften Anwendung: 0x01cda60db1e7053c  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: efcf2be0-1200-11e2-a1b8-0013a907be37
 
[ System Events ]
Error - 08.10.2012 18:26:25 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Tosrfcom
 
Error - 08.10.2012 18:27:00 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 08.10.2012 18:27:00 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 08.10.2012 18:27:00 | Computer Name = Conny-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2012 04:50:54 | Computer Name = Conny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?10.?2012 um 10:18:31 unerwartet heruntergefahren.
 
Error - 09.10.2012 04:51:07 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 09.10.2012 04:51:07 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 09.10.2012 04:51:07 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 09.10.2012 04:51:58 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Tosrfcom
 
Error - 09.10.2012 06:38:30 | Computer Name = Conny-PC | Source = DCOM | ID = 10010
Description = 
 
[ TuneUp Events ]
Error - 08.04.2011 15:10:21 | Computer Name = Conny-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---

GMER.TXT
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-09 16:32:10
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 HTS541080G9SA00 rev.MB4OC65D
Running: 6dmm24cz.exe; Driver: C:\Users\Conny\AppData\Local\Temp\fgloqpog.sys


---- System - GMER 1.0.15 ----

SSDT            8BF90076                                                                                  ZwCreateSection
SSDT            8BF9007B                                                                                  ZwSetContextThread
SSDT            8BF90017                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                           82A7E579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                    82AA2F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 340                                                       82AAA840 4 Bytes  [76, 00, F9, 8B]
.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0                                                       82AAABE0 4 Bytes  [7B, 00, F9, 8B]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                       82AAACB8 4 Bytes  [17, 00, F9, 8B]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                  section is writeable [0x8C426340, 0x295597, 0xE8000020]
.text           autochk.exe                                                                               00771204 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text           autochk.exe                                                                               0077120C 1 Byte  [00]
.text           autochk.exe                                                                               00771210 6 Bytes  [BC, E6, 77, 46, 00, 00]
.text           autochk.exe                                                                               00771217 3 Bytes  [80, F2, 0C] {XOR DL, 0xc}
.text           autochk.exe                                                                               0077121C 1 Byte  [00]
.text           ...                                                                                       

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[676] ADVAPI32.dll!RegSetValueExA          76741B96 5 Bytes  JMP 10161C00 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] ADVAPI32.dll!RegSetValueExW          76741C82 5 Bytes  JMP 10161CC0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] ADVAPI32.dll!RegSetValueW            7675FA72 5 Bytes  JMP 10161B40 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] ADVAPI32.dll!RegSetValueA            7678F529 5 Bytes  JMP 10161A80 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!CreateDialogParamW        77B79BFF 5 Bytes  JMP 10161E90 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!CreateWindowExW           77B80E51 5 Bytes  JMP 6CD17AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!CreateDialogParamA        77B93E79 5 Bytes  JMP 10162010 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxIndirectParamW   77BA4AA7 1 Byte  [E9]
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxIndirectParamW   77BA4AA7 5 Bytes  JMP 6CE658AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!TrackPopupMenu            77BA4B3B 5 Bytes  JMP 10161170 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxParamW           77BA564A 5 Bytes  JMP 101621F0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!TrackPopupMenuEx          77BA5F72 1 Byte  [E9]
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!TrackPopupMenuEx          77BA5F72 5 Bytes  JMP 101612D0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxParamA           77BBCF6A 5 Bytes  JMP 10162100 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxIndirectParamA   77BBD29C 5 Bytes  JMP 6CE6590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxIndirectA       77BCE8C9 5 Bytes  JMP 6CE657DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxIndirectW       77BCE9C3 5 Bytes  JMP 6CE65772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxExA             77BCEA29 5 Bytes  JMP 6CE65710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxExW             77BCEA4D 5 Bytes  JMP 6CE656AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxA               77BCEA71 5 Bytes  JMP 10162370 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxW               77BCEABF 5 Bytes  JMP 10162450 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[676] ole32.dll!OleLoadFromStream          76175B88 5 Bytes  JMP 6CE65B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] ADVAPI32.dll!RegSetValueExA         76741B96 5 Bytes  JMP 057C1C00 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] ADVAPI32.dll!RegSetValueExW         76741C82 5 Bytes  JMP 057C1CC0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] ADVAPI32.dll!RegSetValueW           7675FA72 5 Bytes  JMP 057C1B40 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] ADVAPI32.dll!RegSetValueA           7678F529 5 Bytes  JMP 057C1A80 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateDialogParamW       77B79BFF 5 Bytes  JMP 057C1E90 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!UnhookWindowsHookEx      77B7CC7B 5 Bytes  JMP 6CD27E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CallNextHookEx           77B7CC8F 5 Bytes  JMP 6CD094EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateWindowExW          77B80E51 5 Bytes  JMP 6CD17AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!SetWindowsHookExW        77B8210A 5 Bytes  JMP 6CCC4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateDialogParamA       77B93E79 5 Bytes  JMP 057C2010 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxIndirectParamW  77BA4AA7 1 Byte  [E9]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxIndirectParamW  77BA4AA7 5 Bytes  JMP 6CE658AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!TrackPopupMenu           77BA4B3B 5 Bytes  JMP 057C1170 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxParamW          77BA564A 5 Bytes  JMP 057C21F0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!TrackPopupMenuEx         77BA5F72 1 Byte  [E9]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!TrackPopupMenuEx         77BA5F72 5 Bytes  JMP 057C12D0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxParamA          77BBCF6A 5 Bytes  JMP 057C2100 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxIndirectParamA  77BBD29C 5 Bytes  JMP 6CE6590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxIndirectA      77BCE8C9 5 Bytes  JMP 6CE657DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxIndirectW      77BCE9C3 5 Bytes  JMP 6CE65772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxExA            77BCEA29 5 Bytes  JMP 6CE65710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxExW            77BCEA4D 5 Bytes  JMP 6CE656AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxA              77BCEA71 5 Bytes  JMP 057C2370 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxW              77BCEABF 5 Bytes  JMP 057C2450 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] ole32.dll!OleLoadFromStream         76175B88 5 Bytes  JMP 6CE65B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2840] ole32.dll!CoCreateInstance          761C57FC 5 Bytes  JMP 6CD18595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library         c:\windows\system32\y (*** hidden *** ) @ C:\Windows\system32\svchost.exe [912]           0x00E40000                                                                                                                                           
Library         c:\windows\system32\y (*** hidden *** ) @ C:\Windows\Explorer.EXE [1728]                  0x02390000                                                                                                                                           

---- EOF - GMER 1.0.15 ----
         
--- --- ---


AVIRA-MELDUNG

Funde
Objekt: 80000032.@ Fund: TR/ATRAPS.Gen2 Aktion: In Quarantäne verschieben

Zusammenfassung:
Name: TR/ATRAPS.Gen2
Entdeckt am: 08/05/2008
Art: Trojan
In freier Wildbahn: Ja
Gemeldete Infektionen: Niedrig
Verbreitungspotenzial: Niedrig
Schadenspotenzial: Niedrig
Statische Datei: Nein
Engine Version: 7.08.00.16

Allgemein Alias:

Ähnliche Erkennung:
• TR/ATRAPS.Gen
__________________

Alt 15.10.2012, 07:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



Hi,

Sorry dass Du vergessen wurdest


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.10.2012, 18:45   #5
Conny_1986
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-17.05 - Conny 17.10.2012  19:11:56.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.43.1031.18.1022.258 [GMT 2:00]
ausgeführt von:: c:\users\Conny\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\ED5232CE4B.sys
c:\programdata\lsass.exe
c:\programdata\netdislw.pad
c:\users\Conny\AppData\Roaming\Conny-wchelper.dll
c:\users\Conny\AppData\Roaming\dmctut.dll
c:\users\Conny\AppData\Roaming\shlbme.dll
c:\users\Conny\AppData\Roaming\uadup.dll
c:\users\Conny\AppData\Roaming\zip.exe
c:\windows\system32\firefox
c:\windows\system32\firefox\firefox.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-17 bis 2012-10-17  ))))))))))))))))))))))))))))))
.
.
2012-09-21 14:54 . 2012-09-21 14:54	792	----a-w-	c:\users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 13:14 . 2012-05-28 03:28	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 13:14 . 2012-05-28 03:28	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49	176936	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-20 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-20 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 13:14]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 00:33]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 00:33]
.
2012-03-10 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job
- c:\program files\TuneUp Utilities 2010\OneClick.exe [2010-02-18 11:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.250
TCP: Interfaces\{32670B16-D541-40F7-885B-B09C62CBE8D8}: DhcpNameServer = 10.0.0.250
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-shlbme - (no file)
HKLM-Run-uadup - (no file)
HKLM-Run-dmctut - c:\users\Conny\AppData\Roaming\dmctut.dll
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2548)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-17  19:35:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-17 17:35
.
Vor Suchlauf: 9 Verzeichnis(se), 31.604.740.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 32.106.774.528 Bytes frei
.
- - End Of File - - AFE93A7B5D46691EDB41348187BCB5CA
         
--- --- ---


Alt 18.10.2012, 06:07   #6
schrauber
/// the machine
/// TB-Ausbilder
 

TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



Hi,


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




Malwarebytes' Anti-Malware
  • Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:
(nach dem scannen auf den Button klicken und Funde löschen lassen!)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Und ein frisches OTL logfile bitte.
__________________
--> TR/ATRAPS.Gen2 laut Avira - was nun?

Alt 18.10.2012, 18:35   #7
Conny_1986
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



# AdwCleaner v2.005 - Datei am 18/10/2012 um 19:34:45 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (32 bits)
# Benutzer : Conny - CONNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Conny\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Conny\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Conny\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Conny\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{315E6370-55B1-43EA-B02C-C9E1D336B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFC3EA2A-3047-447C-B9C8-AEEDFE3C20B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-1256000398-2896390412-820788443-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-1256000398-2896390412-820788443-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v5.0.375.125

Datei : C:\Users\Conny\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3845 octets] - [18/10/2012 19:34:45]

########## EOF - C:\AdwCleaner[R1].txt - [3905 octets] ##########

# AdwCleaner v2.005 - Datei am 18/10/2012 um 19:36:55 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (32 bits)
# Benutzer : Conny - CONNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Conny\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Conny\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Conny\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Conny\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{315E6370-55B1-43EA-B02C-C9E1D336B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFC3EA2A-3047-447C-B9C8-AEEDFE3C20B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v5.0.375.125

Datei : C:\Users\Conny\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3974 octets] - [18/10/2012 19:34:45]
AdwCleaner[S1].txt - [3585 octets] - [18/10/2012 19:36:55]

########## EOF - C:\AdwCleaner[S1].txt - [3645 octets] ##########

Alt 18.10.2012, 19:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



Dann noch den Rest bitte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.10.2012, 20:22   #9
Conny_1986
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



kommt schon noch.. AVG ist immer noch nicht fertig mit dem Scan

Alt 18.10.2012, 20:32   #10
schrauber
/// the machine
/// TB-Ausbilder
 

TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



AVG?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.10.2012, 07:15   #11
Conny_1986
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



bin über den download-link zur malwarebytes - antimalware bei avg gelandet. hab mich auch noch gewundert, warum das notwendig sein soll.
werbeslogan wurde offenbar gut in die seite eingebaut..
whatever, also nochmal vorn vorn.

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.10.19.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Conny :: CONNY-PC [Administrator]

Schutz: Aktiviert

19.10.2012 08:32:20
mbam-log-2012-10-19 (08-32-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382698
Laufzeit: 1 Stunde(n), 21 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\dmctut.dll.vir (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\shlbme.dll.vir (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\uadup.dll.vir (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 19.10.2012, 16:31   #12
schrauber
/// the machine
/// TB-Ausbilder
 

TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



Dann noch das frische OTL logfile bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.10.2012, 00:54   #13
Conny_1986
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\zip.exe.vir a variant of MSIL/Injector.AOB trojan
C:\Users\Conny\Downloads\C60F.tmp Win32/Toolbar.SearchSuite application
C:\Users\Conny\Downloads\just_tired_fotos.jpg.zipped.exe a variant of MSIL/Injector.AOB trojan

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.10.2012 01:45:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Conny\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1022,18 Mb Total Physical Memory | 366,91 Mb Available Physical Memory | 35,89% Memory free
2,00 Gb Paging File | 0,99 Gb Available in Paging File | 49,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 27,79 Gb Free Space | 37,33% Space Free | Partition Type: NTFS
 
Computer Name: CONNY-PC | User Name: Conny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 12:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011.06.28 15:08:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 23:58:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.04 04:14:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.02.18 13:28:44 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.02.18 13:26:44 | 001,047,368 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.17 06:42:06 | 000,105,632 | ---- | M] (Corel) -- C:\Programme\Common Files\Corel\Standby\Standby.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.05.09 13:04:24 | 000,090,112 | ---- | M] (IDT, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe
PRC - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.10.26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2006.09.28 21:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.09 15:14:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.28 15:08:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 23:58:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.08 18:10:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.08 16:34:45 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.02.18 13:26:44 | 001,047,368 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.18 13:22:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.05.09 13:04:24 | 000,090,112 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Conny\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.10.19 08:30:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 15:08:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 15:08:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.08 15:46:53 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.09 13:05:36 | 000,650,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.11.08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.02.20 16:44:00 | 004,457,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 D8 16 71 95 5A CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.27 22:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.10.16 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions
[2010.10.16 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.09 01:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: news.ORF.at
CHR - Extension: Skype Click to Call = C:\Users\Conny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687\
 
O1 HOSTS File: ([2012.10.17 19:27:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32670B16-D541-40F7-885B-B09C62CBE8D8}: DhcpNameServer = 10.0.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF991DB5-4927-4658-80EF-FB7C3AAD8598}: DhcpNameServer = 192.168.100.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.19 08:29:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.19 08:23:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.19 08:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.19 08:17:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.18 22:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.18 19:55:13 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Roaming\AVG2013
[2012.10.18 19:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.10.18 19:47:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.18 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Local\MFAData
[2012.10.18 19:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.10.18 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Local\Avg2013
[2012.10.17 19:28:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.17 19:24:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.17 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Local\temp
[2012.10.17 19:08:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.17 19:08:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.17 19:08:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.17 19:07:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.10.17 19:07:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.17 18:59:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.09 12:53:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe
[2012.10.09 12:49:53 | 000,000,000 | ---D | C] -- C:\Users\Conny\Desktop\Files für TB
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.20 01:31:45 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.20 01:31:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.20 01:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.19 16:30:57 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.19 16:30:57 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.19 16:26:51 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.10.19 16:25:53 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.19 16:25:26 | 803,872,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.19 08:30:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.19 08:17:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.17 19:27:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.09 15:26:54 | 000,020,824 | ---- | M] () -- C:\Users\Conny\Desktop\gmer-scan.rtf
[2012.10.09 13:18:51 | 000,302,592 | ---- | M] () -- C:\Users\Conny\Desktop\6dmm24cz.exe
[2012.10.09 13:17:56 | 000,002,034 | ---- | M] () -- C:\Users\Conny\Desktop\Avira-Meldung.rtf
[2012.10.09 12:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe
[2012.10.09 12:50:59 | 000,000,000 | ---- | M] () -- C:\Users\Conny\defogger_reenable
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.21 16:54:12 | 000,000,792 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs
[2012.09.21 15:48:36 | 000,101,955 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\me.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.19 08:17:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.17 19:08:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.17 19:08:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.17 19:08:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.17 19:08:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.17 19:08:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.09 15:26:54 | 000,020,824 | ---- | C] () -- C:\Users\Conny\Desktop\gmer-scan.rtf
[2012.10.09 13:18:51 | 000,302,592 | ---- | C] () -- C:\Users\Conny\Desktop\6dmm24cz.exe
[2012.10.09 13:17:56 | 000,002,034 | ---- | C] () -- C:\Users\Conny\Desktop\Avira-Meldung.rtf
[2012.10.09 12:50:59 | 000,000,000 | ---- | C] () -- C:\Users\Conny\defogger_reenable
[2012.09.21 16:54:12 | 000,000,792 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs
[2012.09.21 15:48:36 | 000,101,955 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\me.jpg
[2011.06.19 19:39:29 | 000,000,000 | ---- | C] () -- C:\Users\Conny\AppData\Local\{C0CA2758-088B-4F9C-BC10-F4006C93096B}
[2011.06.19 19:23:02 | 000,000,000 | ---- | C] () -- C:\Users\Conny\AppData\Local\{7739FDA9-E4C6-4111-A493-5CECDEC9604B}
[2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\Users\Conny\AppData\Local\i2152v11p7d4sg8
[2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\ProgramData\i2152v11p7d4sg8
[2011.03.07 18:33:49 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.07 18:33:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.09.14 12:19:45 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.08 19:04:27 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.18 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\AVG2013
[2012.09.21 15:54:44 | 000,000,000 | -H-D | M] -- C:\Users\Conny\AppData\Roaming\CC0D762A
[2011.08.07 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\DVDVideoSoft
[2011.08.07 15:41:52 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.14 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\IrfanView
[2011.09.21 13:05:44 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\LimeWire
[2010.10.16 18:47:10 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\Thunderbird
[2012.10.18 19:54:01 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\TuneUp Software
[2010.09.14 15:39:41 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\Ulead Systems
[2012.07.13 14:28:55 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\xsecva
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 20.10.2012, 14:46   #14
schrauber
/// the machine
/// TB-Ausbilder
 

TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



Hi,

wie läuft der Rechner?


Downloads-Ordner bitte leeren und anschliessend Papierkorb leeren.



Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
[2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\Users\Conny\AppData\Local\i2152v11p7d4sg8
[2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\ProgramData\i2152v11p7d4sg8
:Commands
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.10.2012, 21:09   #15
Conny_1986
 
TR/ATRAPS.Gen2 laut Avira - was nun? - Standard

TR/ATRAPS.Gen2 laut Avira - was nun?



bisher kam die trojaner-meldung nicht mehr

hier noch das file:

All processes killed
========== OTL ==========
C:\Users\Conny\AppData\Local\i2152v11p7d4sg8 moved successfully.
C:\ProgramData\i2152v11p7d4sg8 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Conny
->Temp folder emptied: 942433 bytes
->Temporary Internet Files folder emptied: 58476496 bytes
->Java cache emptied: 184518 bytes
->Google Chrome cache emptied: 157630741 bytes
->Flash cache emptied: 23296 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 207,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10212012_215917

Files\Folders moved on Reboot...
File move failed. C:\Windows\S46FC2DEC.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Antwort

Themen zu TR/ATRAPS.Gen2 laut Avira - was nun?
andere, anderen, avira, folge, folgendes, forum, fund, gestern, google, hoffe, infos, laptop, nachfrage, problem, quarantäne, schei, system, thema, theme, themen, tr/atraps.gen, trojaner, verschoben, weiterhelfen, windows



Ähnliche Themen: TR/ATRAPS.Gen2 laut Avira - was nun?


  1. Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (50)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira in $Recycle.bin gemeldet.
    Log-Analyse und Auswertung - 18.12.2012 (31)
  3. TR/ATRAPS.Gen & TR/ATRAPS.Gen2 durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (3)
  4. Avira: TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer...
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (9)
  5. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  6. TR/ATRAPS Gen und TR/ATRAPS Gen2 C:\RECYCLER\S-1-5-21-3287549451-3649138221-mit Avira endeckt. Mit Malewarebytes entfernt. Logfiles angefügt
    Log-Analyse und Auswertung - 13.10.2012 (2)
  7. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  8. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  9. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  10. Avira findet dauernd TR/ATRAPS.Gen und TR/ATRAPS.Gen2, was muss ich machen damit es verschwindet ?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (25)
  11. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  12. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  13. Avira Antivirus Premium 2012: Funde von TR/ATRAPS.GEN TR/ATRAPS.GEN2 TR/Sirefef.P.666 BDS/ZAccess.T
    Log-Analyse und Auswertung - 25.07.2012 (3)
  14. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  15. Ich komme allein nicht weiter, Avira findet TR/ATRAPS.gen - TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (5)
  16. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  17. TR/ATRAPS.GEN und TR/ATRAPS.GEN2 von Avira und Malwarebytes nicht aufzufinden
    Log-Analyse und Auswertung - 10.06.2012 (1)

Zum Thema TR/ATRAPS.Gen2 laut Avira - was nun? - Hallo, ich habe seit gestern abend folgendes Problem mit meinem Laptop: Fast minütlich zeigt mir Avira den Fund TR/ATRAPS.Gen2 an, der zwar in Quarantäne verschoben wird, aber immer wieder auftritt. - TR/ATRAPS.Gen2 laut Avira - was nun?...
Archiv
Du betrachtest: TR/ATRAPS.Gen2 laut Avira - was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.