AntiVir findet TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2

JimPhelps · 01.06.2012, 16:25

Hallo zusammen,

heute hat mein AntiVir plötzlich Alarm geschlagen und findet nun ständig "TR/ATRAPS.Gen" bzw. "TR/ATRAPS.Gen2".

Ich habe Windows 7 64bit und verwende Avira AntiVir Premium

Ich habe bisher, gemäß des Threads http://www.trojaner-board.de/69886-a...-beachten.html folgende Dinge getan:

1) Defogger ausgeführt

2) OTL ausgeführt
OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.06.2012 16:57:47 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 80,23% Memory free
15,73 Gb Paging File | 13,94 Gb Available in Paging File | 88,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 121,61 Gb Free Space | 62,29% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 241,75 Gb Free Space | 89,39% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 5,72 Gb Free Space | 76,78% Space Free | Partition Type: FAT32
Drive Z: | 1843,01 Gb Total Space | 2995,24 Gb Free Space | 162,52% Space Free | Partition Type: NTFS
 
Computer Name: OFFICE-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.01 16:57:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.04 10:18:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.02.02 15:32:52 | 000,018,432 | ---- | M] () -- C:\Users\User\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.28 18:56:14 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.06.28 18:56:14 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.06.28 18:56:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 18:28:08 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011.01.03 20:43:51 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011.01.03 20:43:51 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2011.01.02 00:41:45 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.06.17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.04 10:18:05 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.15 07:13:46 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010.09.27 09:37:32 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.05 18:57:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.04 10:18:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.02 15:32:52 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\User\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe -- (ReminderFoxUpdater)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.28 18:56:14 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.06.28 18:56:14 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.06.28 18:56:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 18:28:08 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.03 20:43:51 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010.11.15 09:27:13 | 000,049,152 | ---- | M] (AxoNet Software GmbH) [Auto | Running] -- C:\Programme\Windows Home Server\LightsOutClientService.exe -- (LoClntService)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.07 18:04:12 | 000,231,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2009.10.07 18:03:40 | 000,489,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2009.10.07 18:03:40 | 000,109,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\esClient.exe -- (esClient)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.11 22:22:20 | 000,828,912 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.06.28 18:56:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 18:56:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.09.27 14:26:04 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010.09.07 22:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2010.08.24 19:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2010.07.27 10:36:22 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2010.06.10 04:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.26 11:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009.01.09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 83 14 A4 FC 25 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {53B63122-0CA2-4688-B5B0-E76656409D53}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{53B63122-0CA2-4688-B5B0-E76656409D53}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.04 10:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.09 21:22:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7v4wa746.default\extensions\mail@shopping-preise.de [2012.03.09 21:26:25 | 000,000,000 | ---D | M]
 
[2011.01.02 00:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.25 22:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\7v4wa746.default\extensions
[2012.02.28 22:38:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\7v4wa746.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.13 21:38:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\7v4wa746.default\extensions\addon@reminderfox.org
[2012.04.29 17:51:14 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\7v4wa746.default\extensions\ffxtlbr@funmoods.com
[2012.03.09 21:26:25 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\7v4wa746.default\extensions\mail@shopping-preise.de
[2012.02.14 22:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.25 22:52:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.05.25 22:52:32 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012.05.06 01:30:52 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7V4WA746.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.04 10:18:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.15 22:40:01 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (Funmoods BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ReminderFox) - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - C:\Users\User\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus_Sonderedition_Download-Version\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\Machine\Scripts\Startup\Homeserver.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Download with mvc-ipad-software-suite-pro - C:\Program Files (x86)\mediAvatar\iPad Software Suite Pro\upod_link.HTM File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Download with mvc-ipad-software-suite-pro - C:\Program Files (x86)\mediAvatar\iPad Software Suite Pro\upod_link.HTM File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB3CC090-E74B-475F-AC0F-E1EDCC94DD20}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8CAEC60-83DD-446A-8C32-88D9E2045F9E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.21 17:56:12 | 000,000,000 | ---D | M] - Z:\Auto -- [ NTFS ]
O33 - MountPoints2\{52159913-2325-11e0-9949-0024548b54c6}\Shell - "" = AutoRun
O33 - MountPoints2\{52159913-2325-11e0-9949-0024548b54c6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cb93f8d0-a0d7-11e0-8056-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cb93f8d0-a0d7-11e0-8056-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 16:57:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.05.25 22:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2012.05.25 22:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.05.25 22:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.05.19 10:22:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.14 19:45:45 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\2012_Mai_Polterabend_Inga
[2012.05.13 11:11:20 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\temp
[2012.05.04 10:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.04 10:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.01 17:02:22 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 17:02:22 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 16:57:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.06.01 16:57:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.01 16:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.01 16:53:08 | 2037,739,519 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.01 16:52:04 | 000,000,020 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.06.01 16:51:21 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.06.01 16:29:20 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.01 16:29:20 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 16:29:20 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 16:29:20 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 16:29:20 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.17 20:35:04 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.05.12 14:03:02 | 000,211,456 | ---- | M] () -- C:\Users\User\Desktop\Mini-Hilfe Kamera.pub
[2012.05.12 13:19:00 | 002,141,049 | ---- | M] () -- C:\Users\User\Desktop\Vertrag - All in One.pdf
[2012.05.11 18:11:21 | 002,853,628 | ---- | M] () -- C:\Users\User\Desktop\sb-900.PDF
 
========== Files Created - No Company Name ==========
 
[2012.06.01 16:52:03 | 000,000,020 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.06.01 16:51:20 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.05.12 13:18:56 | 002,141,049 | ---- | C] () -- C:\Users\User\Desktop\Vertrag - All in One.pdf
[2012.05.11 18:20:43 | 002,853,628 | ---- | C] () -- C:\Users\User\Desktop\sb-900.PDF
[2012.05.06 14:39:05 | 000,211,456 | ---- | C] () -- C:\Users\User\Desktop\Mini-Hilfe Kamera.pub
[2012.03.31 13:25:53 | 000,006,592 | ---- | C] () -- C:\Windows\gwpreset.ini
[2012.03.31 13:25:53 | 000,001,067 | ---- | C] () -- C:\Windows\goldwave.ini
[2012.03.09 21:26:21 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.10.12 20:28:43 | 000,006,144 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.17 00:28:24 | 000,002,739 | ---- | C] () -- C:\Windows\mobjects.ini
[2011.07.10 20:33:12 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.06.08 19:32:57 | 000,211,288 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.01.04 21:58:54 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.01.03 20:45:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011.01.03 20:45:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.01.02 23:10:37 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.02 00:06:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2011.01.07 21:39:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.02.13 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AnvSoft
[2011.07.11 22:22:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AquaSoft
[2011.01.05 19:43:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Blackberry Desktop
[2011.01.30 12:45:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2012.01.08 19:12:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.14 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dailymedia
[2012.02.28 22:39:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2011.03.19 12:05:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.17 23:34:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\elsterformular
[2012.05.29 21:15:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011.01.04 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software
[2011.06.10 21:02:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2011.01.02 00:29:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012.04.27 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX
[2011.12.26 14:35:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mediAvatar
[2011.01.05 19:42:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Research In Motion
[2011.06.25 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SaalDesignSoftware
[2011.10.31 18:39:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011.01.01 21:16:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Home Server
[2012.04.06 11:21:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Program Files\Windows Home Server:{4D006700-7700-7900-7200-460069007300}

< End of report >

--- --- ---

Extras.txt:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.06.2012 16:57:47 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 80,23% Memory free
15,73 Gb Paging File | 13,94 Gb Available in Paging File | 88,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 121,61 Gb Free Space | 62,29% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 241,75 Gb Free Space | 89,39% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 5,72 Gb Free Space | 76,78% Space Free | Partition Type: FAT32
Drive Z: | 1843,01 Gb Total Space | 2995,24 Gb Free Space | 162,52% Space Free | Partition Type: NTFS
 
Computer Name: OFFICE-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory[Liste] -- mshta.exe "Z:\Programme und Verschiedenes\Dateienliste erstellen\pcwDirlist.hta" "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{692F4201-AB4C-4795-9F42-123F0601F8B7}" = LightsOut Client
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BEB1F3E-D965-460B-B7D6-4E4B50A679A7}" = MAGIX Screenshare
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{235BBFC6-D863-4066-A01A-3BD504C31031}" = Nero 7 Premium
"{24F1E81A-7742-4DC0-8766-2FFC367D026A}" = MAGIX Video deluxe 17 Plus Sonderedition Download-Version
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
"{2AEC19D2-037B-4099-9AE0-267CAD0B522C}" = YouTube Downloader Toolbar v5.8
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{2FAA2415-618E-4EC0-8253-3CDA076C84D6}" = AquaSoft DiaShow 7 Ultimate
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{46D3B906-C93E-9CC7-D47F-0B04B343BEFA}" = Saal Design Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{842030D5-3615-43D1-A0CB-644C8D70E957}" = MAGIX Speed burnR (MSI)
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1" = FotoMorph version 13.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.3.3
"AquaSoft DiaShow 7 Ultimate" = AquaSoft DiaShow 7 Ultimate
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Daumenkino" = Daumenkino
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to iPad Converter_is1" = Free Video to iPad Converter version 2.3.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"FreePDF_XP" = FreePDF (Remove only)
"funmoods" = Funmoods on IE and Chrome
"GoldWave v4.26" = GoldWave v4.26
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HaaliMkx" = Haali Media Splitter
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"LightsOut Client" = LightsOut Client
"m.objects v5" = m.objects v5
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotos auf CD & DVD 9 D" = MAGIX Fotos auf CD & DVD 9 9.0.1.16 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus Sonderedition Download-Version
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Ravensburger tiptoi" = Ravensburger tiptoi
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SaalDesignSoftware" = Saal Design Software
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.09.2011 13:23:47 | Computer Name = Office-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.2.4262 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 161c    Startzeit:
 01cc76275e1a3217    Endzeit: 77    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 f53f682b-e21a-11e0-ad3e-0024548b54c6  
 
Error - 18.09.2011 14:57:48 | Computer Name = Office-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.2.4262 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1494    Startzeit:
 01cc7634cbe344e9    Endzeit: 63    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 16ac4b1d-e228-11e0-ad3e-0024548b54c6  
 
Error - 02.10.2011 06:04:16 | Computer Name = Office-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.4518.1014,
 Zeitstempel: 0x45428035  Name des fehlerhaften Moduls: oart.dll, Version: 12.0.4518.1014,
 Zeitstempel: 0x454283f8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c61d  ID des fehlerhaften
 Prozesses: 0xe74  Startzeit der fehlerhaften Anwendung: 0x01cc80e777ae5f88  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office12\oart.dll
Berichtskennung:
 e2b5a278-ecdd-11e0-a7b2-0024548b54c6
 
Error - 12.10.2011 15:49:42 | Computer Name = Office-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NvXDSync.exe, Version: 7.17.12.6099,
 Zeitstempel: 0x4cb9d6d6  Name des fehlerhaften Moduls: NVXDApiX.dll, Version: 7.17.12.6099,
 Zeitstempel: 0x4cb9dc54  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0000000000266978
ID
 des fehlerhaften Prozesses: 0x4f8  Startzeit der fehlerhaften Anwendung: 0x01cc88f6c29c3962
Pfad
 der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll
Berichtskennung:
 53951d42-f50b-11e0-b0f6-0024548b54c6
 
Error - 26.10.2011 01:22:55 | Computer Name = Office-PC | Source = Microsoft Office 12 | ID = 2000
Description = 
 
Error - 29.10.2011 13:18:36 | Computer Name = Office-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lightroom.exe, Version: 3.5.0.10,
 Zeitstempel: 0x4e71c610  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c8f9  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0xd3c  Startzeit der fehlerhaften Anwendung: 0x01cc965ebd22e7bf
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop Lightroom  3.5\Lightroom.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 09003959-0252-11e1-9bc3-0024548b54c6
 
Error - 04.11.2011 10:07:18 | Computer Name = Office-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 7.0.1.4288 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1304    Startzeit:
 01cc9afacece6be5    Endzeit: 172    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 486b03fd-06ee-11e1-bedf-0024548b54c6  
 
Error - 27.11.2011 15:03:43 | Computer Name = Office-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShowTime.exe, Version: 3.2.3.1, Zeitstempel:
 0x455cad60  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00038da9  ID des fehlerhaften Prozesses:
 0x1004  Startzeit der fehlerhaften Anwendung: 0x01ccad3734a24544  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 862398bc-192a-11e1-aaf3-0024548b54c6
 
Error - 27.11.2011 15:03:45 | Computer Name = Office-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShowTime.exe, Version: 3.2.3.1, Zeitstempel:
 0x455cad60  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00038da9  ID des fehlerhaften Prozesses:
 0x1004  Startzeit der fehlerhaften Anwendung: 0x01ccad3734a24544  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 87455101-192a-11e1-aaf3-0024548b54c6
 
Error - 03.12.2011 13:09:59 | Computer Name = Office-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NvXDSync.exe, Version: 7.17.12.6099,
 Zeitstempel: 0x4cb9d6d6  Name des fehlerhaften Moduls: NVXDApiX.dll, Version: 7.17.12.6099,
 Zeitstempel: 0x4cb9dc54  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0000000000266978
ID
 des fehlerhaften Prozesses: 0xb24  Startzeit der fehlerhaften Anwendung: 0x01ccb1aa282808b7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll
Berichtskennung:
 a12e2f36-1dd1-11e1-93f9-0024548b54c6
 
[ System Events ]
Error - 15.05.2012 13:03:53 | Computer Name = Office-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.05.2012 06:32:25 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Center TV Archive Transfer Service erreicht.
 
Error - 17.05.2012 06:32:25 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" wurde
 aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 18.05.2012 10:22:22 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Center TV Archive Transfer Service erreicht.
 
Error - 18.05.2012 10:22:22 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" wurde
 aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 01.06.2012 10:53:23 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 01.06.2012 10:53:52 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Sentinel HASP License Manager erreicht.
 
Error - 01.06.2012 10:53:52 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sentinel HASP License Manager" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 01.06.2012 10:53:52 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.06.2012 10:53:52 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
 
< End of report >

--- --- ---

Anbei auch noch ein derzeit typisches Log von AntiVir.
Kann mir jemand helfen?

Viele Grüße,
Jim Phelps

JimPhelps · 02.06.2012, 08:23

So, ich habe mich nun doch gestern dazu entschlossen, das System neu aufzuspielen. Sicher ist sicher. :-/

Der Thread hier könnte also geschlossen werden.

AntiVir findet TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2

Plagegeister aller Art und deren Bekämpfung: AntiVir findet TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2

AntiVir findet TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2

AntiVir findet TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2

Ähnliche Themen: AntiVir findet TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2

02.06.2012, 08:23	#2
JimPhelps	AntiVir findet TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2 So, ich habe mich nun doch gestern dazu entschlossen, das System neu aufzuspielen. Sicher ist sicher. :-/ Der Thread hier könnte also geschlossen werden. __________________