|
Plagegeister aller Art und deren Bekämpfung: Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.07.2012, 17:26 | #1 |
| Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 Hallo Zusammen, Avira AntiVir hat mir gemeldet, dass mein Rechner von tr/atraps.gen und tr/atraps.gen2 befallen ist. Ich hab mit Google herausgefunden, dass es sich hierbei um Rootkits handelt die Onlinebanking-Daten abgreifen wollen. Ich habe mir dann, wie hier empfohlen Malwarebytes Anti-Malware runtergeladen, den Quickscan ausgeführt uznd die FUnde entfernt. Hier ist das Log-File von Malwarebytes: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.01.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bobby Peru :: LCK_ [Administrator] Schutz: Aktiviert 01.07.2012 18:08:33 mbam-log-2012-07-01 (18-08-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230548 Laufzeit: 6 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DAT8C8B.tmp.exe (Trojan.FakeAlert) -> Daten: C:\Users\BOBBYP~1\AppData\Local\Temp\DAT8C8B.tmp.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bobby Peru\AppData\Local\Temp\DAT8C8B.tmp.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hier der OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.07.2012 18:35:43 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bobby Peru\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 43,28% Memory free 5,98 Gb Paging File | 3,73 Gb Available in Paging File | 62,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 57,07 Gb Free Space | 57,07% Space Free | Partition Type: NTFS Drive D: | 350,74 Gb Total Space | 125,04 Gb Free Space | 35,65% Space Free | Partition Type: NTFS Computer Name: LCK_ | User Name: Bobby Peru | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.01 18:31:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby Peru\Downloads\OTL.exe PRC - [2012.07.01 16:16:14 | 000,049,152 | ---- | M] (Mustek Systems) -- C:\Users\BOBBYP~1\AppData\Local\Temp\18385778.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bobby Peru\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.21 21:13:01 | 000,932,528 | ---- | M] () -- C:\Users\Bobby Peru\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.05.10 19:16:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 19:16:36 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.10 19:16:36 | 000,210,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe PRC - [2012.05.10 19:16:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.08 18:01:40 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe PRC - [2011.03.06 14:19:18 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.03.06 13:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.12.07 18:20:02 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe PRC - [2010.12.07 18:19:54 | 000,224,680 | ---- | M] () -- C:\Windows\SysWOW64\AsusService.exe PRC - [2010.12.07 18:19:52 | 001,248,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe PRC - [2010.07.19 21:26:00 | 000,383,792 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe PRC - [2010.07.19 21:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 21:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2010.05.21 23:38:30 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009.08.12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe ========== Modules (No Company Name) ========== MOD - [2012.05.21 21:13:01 | 000,932,528 | ---- | M] () -- C:\Users\Bobby Peru\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.05.21 23:38:30 | 000,947,488 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\SysNative\svchost.exe -- (SharedAccess) SRV - [2012.07.01 16:18:02 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.21 22:22:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 19:16:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 19:16:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.03.06 14:19:18 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.06 13:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.12.07 18:19:54 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\AsusService.exe -- (AsusService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.10 19:16:37 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.10 19:16:37 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.06 13:46:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.24 15:13:04 | 006,180,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.07.29 07:24:55 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.08 19:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.05.21 09:46:34 | 000,341,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.05.21 09:45:44 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.05.21 09:45:44 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.05.21 09:45:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.05.21 09:45:42 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.05.08 17:42:26 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.11.19 15:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2010.05.27 01:52:32 | 000,006,144 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\ASUS\LiveUpdate\DetectSys.sys -- (DETECT PS2: ) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.09 22:19:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 22:22:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.05 00:53:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 22:22:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.05 00:53:31 | 000,000,000 | ---D | M] [2012.06.04 14:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Extensions [2012.06.04 14:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a} [2012.06.30 21:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Firefox\Profiles\6mi96ws9.default\extensions [2012.05.28 18:50:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Firefox\Profiles\6mi96ws9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.06.24 19:10:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Firefox\Profiles\6mi96ws9.default\extensions\firefox@ghostery.com [2012.01.28 08:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.21 22:22:03 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.14 23:16:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.14 23:16:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:16:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:16:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:16:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:16:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LiveUpdate] C:\windows\SysNative\AsusSender.exe (ASUSTek Computer Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [CapsHook] C:\windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Eee Docking] C:\Program Files (x86)\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OOBESetup] C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Bobby Peru\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Bobby Peru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bobby Peru\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA15046-E9F0-4C3D-B9FD-D1A9BB4423BC}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c8713378-5cbf-11e1-b858-742f68d62029}\Shell - "" = AutoRun O33 - MountPoints2\{c8713378-5cbf-11e1-b858-742f68d62029}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.01 18:06:21 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Roaming\Malwarebytes [2012.07.01 18:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.01 18:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.01 18:05:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.07.01 18:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.01 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{215CA7BB-B7B7-435A-99DF-C758205EA16F} [2012.07.01 17:00:09 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{E0EF5206-C3AD-4E70-8993-9F8BAB14209A} [2012.07.01 16:59:31 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{3C21B855-3634-4516-A5D4-55D791B51FB6} [2012.07.01 16:59:21 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{1E67044D-314B-43AD-A243-07EA0E8D8128} [2012.07.01 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{3F0423DF-3B0F-4F02-9A7B-F5CAF322F14D} [2012.07.01 16:58:47 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{F40BC6F7-F99D-4C75-B449-59F2E03B4EF0} [2012.07.01 14:35:40 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{955CB9A4-0191-43BC-AF9C-174383F75D3F} [2012.07.01 14:33:11 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{9AE89A33-8DA5-4994-B6D3-3369CC9F2FE8} [2012.07.01 14:33:00 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{B09BF20A-E9D0-48A5-B423-3B8FB0B68EB0} [2012.07.01 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{1ABA07ED-A594-42CE-B3D1-F4603495FFBF} [2012.07.01 14:32:09 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{BB88CDFC-4C75-41C4-B362-AFFB3CAF696C} [2012.07.01 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{A3F289FC-5F3A-4947-9B7A-DB553A707962} [2012.07.01 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{8F82BC3B-828C-41AE-B31D-F948F2FE2D07} [2012.06.26 18:25:52 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{B151DDE5-34BB-4FA7-BF32-5E95042D4803} [2012.06.26 18:25:52 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{0D9B5353-2E9C-4941-B09E-81CF6CA72795} [2012.06.24 13:05:30 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\Macromedia [2012.06.04 18:25:17 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\Desktop\Fotos entwickeln [2012.06.04 14:46:16 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Roaming\Google [2012.06.04 14:45:58 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google AdWords Editor [2012.06.04 14:45:53 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\Google [2009.02.13 12:02:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\devcon_amd64.exe ========== Files - Modified Within 30 Days ========== File not found -- C:\windows\SysNative\ [2012.07.01 18:31:03 | 000,000,000 | ---- | M] () -- C:\Users\Bobby Peru\defogger_reenable [2012.07.01 18:05:46 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.01 17:49:08 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.07.01 15:36:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.01 14:34:05 | 000,240,330 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\Rickmer_Rickmers_Bild_31_Werner_Buenning_gr.jpg [2012.07.01 14:33:54 | 000,311,206 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\Rathaus_Innenhof_Bild_26_Michael_Pfohlmann_gr.jpg [2012.07.01 14:32:39 | 000,246,421 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\Katharinenfleet_15_Werner_Buennig_gr.jpg [2012.07.01 11:22:24 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 11:22:23 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 11:14:16 | 000,001,050 | ---- | M] () -- C:\Users\Bobby Peru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.01 11:14:05 | 000,001,028 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\Dropbox.lnk [2012.07.01 11:10:19 | 2408,046,592 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 07:57:49 | 000,063,371 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\301760_236653716438419_1600843573_n.jpg [2012.06.14 23:12:42 | 000,414,968 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.06.14 18:23:42 | 001,550,634 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.06.14 18:23:42 | 000,665,578 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.06.14 18:23:42 | 000,627,420 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.06.14 18:23:42 | 000,133,758 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.06.14 18:23:42 | 000,110,140 | ---- | M] () -- C:\windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== File not found -- C:\windows\SysNative\ [2012.07.01 18:38:06 | 000,022,016 | ---- | C] () -- C:\windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\800000cb.@ [2012.07.01 18:38:05 | 000,016,896 | ---- | C] () -- C:\windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\80000000.@ [2012.07.01 18:31:03 | 000,000,000 | ---- | C] () -- C:\Users\Bobby Peru\defogger_reenable [2012.07.01 18:05:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.01 16:17:18 | 000,001,696 | ---- | C] () -- C:\windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\00000001.@ [2012.07.01 14:34:04 | 000,240,330 | ---- | C] () -- C:\Users\Bobby Peru\Desktop\Rickmer_Rickmers_Bild_31_Werner_Buenning_gr.jpg [2012.07.01 14:33:53 | 000,311,206 | ---- | C] () -- C:\Users\Bobby Peru\Desktop\Rathaus_Innenhof_Bild_26_Michael_Pfohlmann_gr.jpg [2012.07.01 14:32:37 | 000,246,421 | ---- | C] () -- C:\Users\Bobby Peru\Desktop\Katharinenfleet_15_Werner_Buennig_gr.jpg [2012.06.22 07:57:32 | 000,063,371 | ---- | C] () -- C:\Users\Bobby Peru\Desktop\301760_236653716438419_1600843573_n.jpg [2012.01.28 04:22:52 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\@ [2012.01.28 04:22:52 | 000,002,048 | -HS- | C] () -- C:\Users\Bobby Peru\AppData\Local\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\@ [2012.01.28 03:36:40 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2011.06.08 18:05:06 | 000,224,680 | ---- | C] () -- C:\windows\SysWow64\AsusService.exe [2011.06.08 18:05:06 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2011.06.08 18:01:55 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.06.08 18:00:48 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys [2011.06.08 18:00:46 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys [2011.06.08 18:00:25 | 000,000,405 | ---- | C] () -- C:\windows\Reboot.ini [2011.06.08 17:53:19 | 000,013,931 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat ========== LOP Check ========== [2012.01.28 03:40:31 | 000,000,000 | ---D | M] -- C:\Users\Bobby Peru\AppData\Roaming\ASUS WebStorage [2012.07.01 11:14:23 | 000,000,000 | ---D | M] -- C:\Users\Bobby Peru\AppData\Roaming\Dropbox [2012.04.22 12:14:13 | 000,000,000 | ---D | M] -- C:\Users\Bobby Peru\AppData\Roaming\elsterformular [2012.07.01 02:25:47 | 000,000,000 | ---D | M] -- C:\Users\Bobby Peru\AppData\Roaming\Spotify [2012.04.29 23:09:19 | 000,003,150 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und der OTL EXTRA Log: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.07.2012 18:35:43 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bobby Peru\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 43,28% Memory free 5,98 Gb Paging File | 3,73 Gb Available in Paging File | 62,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 57,07 Gb Free Space | 57,07% Space Free | Partition Type: NTFS Drive D: | 350,74 Gb Total Space | 125,04 Gb Free Space | 35,65% Space Free | Partition Type: NTFS Computer Name: LCK_ | User Name: Bobby Peru | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.54 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.19.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety "422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "Total Uninstall 6_is1" = Total Uninstall 6.0.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook "{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1999042-FC82-4098-96B8-510A857C8EA8}" = Google AdWords Editor "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "Avira AntiVir Desktop" = Avira Free Antivirus "DivX Setup" = DivX-Setup "Eee Docking_is1" = Eee Docking 3.8.3 "ElsterFormular 13.2.0.8623p" = ElsterFormular "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MusicBrainz Tagger 0.10.5" = MusicBrainz Tagger 0.10.5 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Professional 2010 "OOBERegBackup_is1" = OOBERegBackup "ScreenSaverPatch_is1" = ScreenSaverPatch "The GodFather" = The GodFather "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.06.2012 18:49:42 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10234 Error - 20.06.2012 18:49:43 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 20.06.2012 18:49:43 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 11466 Error - 20.06.2012 18:49:43 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 11466 Error - 21.06.2012 02:20:19 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.06.2012 02:20:19 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1185 Error - 21.06.2012 02:20:19 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1185 Error - 21.06.2012 02:20:20 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.06.2012 02:20:20 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2199 Error - 21.06.2012 02:20:20 | Computer Name = lck_ | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2199 [ System Events ] Error - 03.06.2012 17:13:57 | Computer Name = lck_ | Source = Service Control Manager | ID = 7011 Description = Error - 04.06.2012 04:57:23 | Computer Name = lck_ | Source = DCOM | ID = 10010 Description = Error - 04.06.2012 06:21:48 | Computer Name = lck_ | Source = Service Control Manager | ID = 7026 Description = Error - 04.06.2012 06:22:37 | Computer Name = lck_ | Source = DCOM | ID = 10005 Description = Error - 04.06.2012 06:22:37 | Computer Name = lck_ | Source = Service Control Manager | ID = 7009 Description = Error - 04.06.2012 06:22:37 | Computer Name = lck_ | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2012 06:22:38 | Computer Name = lck_ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007041d Error - 04.06.2012 06:23:55 | Computer Name = lck_ | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2012 06:23:55 | Computer Name = lck_ | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\ASUS\LiveUpdate\DetectSys.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 06.06.2012 01:10:36 | Computer Name = lck_ | Source = Service Control Manager | ID = 7011 Description = < End of report > Ich hoffe die Infos sind ausreichend (falls nicht bitte kurzes Feedback welche Infos ich noch nachliefern soll) und ihr könnt mir weiterhelfen, was als nächstes zu tun ist. Danke! Geändert von BobbyPeru (01.07.2012 um 17:56 Uhr) |
02.07.2012, 15:37 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2Zitat:
__________________ |
02.07.2012, 16:13 | #3 |
| Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 Natürlich, sorry!!
__________________Hier ist der Log: Avira Free Antivirus Erstellungsdatum der Reportdatei: Sonntag, 1. Juli 2012 16:34 Es wird nach 3819275 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : LCK_ Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 10.05.2012 17:16:36 AVSCAN.DLL : 12.3.0.15 66256 Bytes 10.05.2012 17:16:36 LUKE.DLL : 12.3.0.15 68304 Bytes 10.05.2012 17:16:37 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.05.2012 17:16:37 AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 17:16:37 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:06:01 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 22:49:06 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:13:49 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 21:34:27 VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 21:34:27 VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 21:34:27 VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 21:34:27 VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 21:34:27 VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 21:34:27 VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 21:34:27 VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 21:34:27 VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 21:34:27 VBASE014.VDF : 7.11.34.125 2048 Bytes 29.06.2012 21:34:27 VBASE015.VDF : 7.11.34.126 2048 Bytes 29.06.2012 21:34:27 VBASE016.VDF : 7.11.34.127 2048 Bytes 29.06.2012 21:34:27 VBASE017.VDF : 7.11.34.128 2048 Bytes 29.06.2012 21:34:28 VBASE018.VDF : 7.11.34.129 2048 Bytes 29.06.2012 21:34:28 VBASE019.VDF : 7.11.34.130 2048 Bytes 29.06.2012 21:34:28 VBASE020.VDF : 7.11.34.131 2048 Bytes 29.06.2012 21:34:28 VBASE021.VDF : 7.11.34.132 2048 Bytes 29.06.2012 21:34:28 VBASE022.VDF : 7.11.34.133 2048 Bytes 29.06.2012 21:34:28 VBASE023.VDF : 7.11.34.134 2048 Bytes 29.06.2012 21:34:28 VBASE024.VDF : 7.11.34.135 2048 Bytes 29.06.2012 21:34:28 VBASE025.VDF : 7.11.34.136 2048 Bytes 29.06.2012 21:34:28 VBASE026.VDF : 7.11.34.137 2048 Bytes 29.06.2012 21:34:28 VBASE027.VDF : 7.11.34.138 2048 Bytes 29.06.2012 21:34:28 VBASE028.VDF : 7.11.34.139 2048 Bytes 29.06.2012 21:34:28 VBASE029.VDF : 7.11.34.140 2048 Bytes 29.06.2012 21:34:28 VBASE030.VDF : 7.11.34.141 2048 Bytes 29.06.2012 21:34:28 VBASE031.VDF : 7.11.34.164 59392 Bytes 30.06.2012 21:34:28 Engineversion : 8.2.10.102 AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 21:12:33 AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 21:27:57 AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 07:06:37 AESBX.DLL : 8.2.5.12 606578 Bytes 17.06.2012 21:28:27 AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02 AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 21:27:56 AEOFFICE.DLL : 8.1.2.40 201082 Bytes 30.06.2012 21:34:32 AEHEUR.DLL : 8.1.4.58 4993399 Bytes 30.06.2012 21:34:32 AEHELP.DLL : 8.1.23.2 258422 Bytes 30.06.2012 21:34:29 AEGEN.DLL : 8.1.5.30 422261 Bytes 17.06.2012 21:28:25 AEEXP.DLL : 8.1.0.58 82292 Bytes 30.06.2012 21:34:32 AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58 AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 21:12:45 AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58 AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.05.2012 17:16:36 AVPREF.DLL : 12.3.0.15 51920 Bytes 10.05.2012 17:16:36 AVREP.DLL : 12.3.0.15 179208 Bytes 10.05.2012 17:16:37 AVARKT.DLL : 12.3.0.15 211408 Bytes 10.05.2012 17:16:36 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.05.2012 17:16:36 SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.05.2012 17:16:37 AVSMTP.DLL : 12.3.0.15 63440 Bytes 10.05.2012 17:16:36 NETNT.DLL : 12.3.0.15 17104 Bytes 10.05.2012 17:16:37 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 10.05.2012 17:16:36 RCTEXT.DLL : 12.3.0.15 98512 Bytes 10.05.2012 17:16:36 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ff0141b\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Sonntag, 1. Juli 2012 16:34 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess '18385778.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RunDll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Boingo Wi-Fi.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'syncablesMAPI.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CapsHook.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SuperHybridEngine.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HotkeyService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HotKeyMon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'javaw.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SpotifyWebHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LiveUpdate.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'syncables.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AsusService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\80000000.@' C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\80000000.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '552bccf3.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\800000cb.@' C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\800000cb.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dbce354.qua' verschoben! Ende des Suchlaufs: Sonntag, 1. Juli 2012 16:35 Benötigte Zeit: 00:36 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 769 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 767 Dateien ohne Befall 1 Archive wurden durchsucht 0 Warnungen 2 Hinweise Gestern Abend habe ich nochmal den Malware Scanner laufen lassen, nachdem er die gefundenen Dateien gelöscht hat und der Rechner neu gestartet wurde hat sich das Recovery von Win7 eingeschaltet, da die Dateien die gelöscht wurden wohl nicht hätten gelöscht werden sollten.. ähem... Naja, Recovery hat recovert und jetzt finden weder Antivir noch diverse Malware Scanner einen Befall. Ich hab allerdings mehrfach gelesen, dass dies eine trügerische Sicherheit sein soll. Danke schonmal!! |
03.07.2012, 10:28 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 |
800000cb.@, administrator, anti-malware, antivir, appdata, autostart, avira, avira antivir, befall, dateien, dateisystem, document, explorer, feedback, firefox 13.0.1, gelöscht, google, hallo zusammen, heuristiks/extra, heuristiks/shuriken, install.exe, log-file, malwarebytes, microsoft, microsoft office word, nvidia update, nvpciflt.sys, plug-in, quarantäne, rechner, rootkits, searchscopes, software, speicher, spotify web helper, sweetpacks, temp, test, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, trojan.fakealert, usb 3.0, wickel |