![]() |
|
Log-Analyse und Auswertung: multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccessWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess Hallo! Erst einmal ein super Lob an dieses gut durchstrukturierte und hilfreiche Forum und Daumen hoch an die Leute, die sich hier jeden Tag um die Probleme anderer kümmern! Hoffentlich kannn mir auch jemand helfen. Schon einmal Danke im Voraus! Vor wenigen Tagen ist mir ein Virusbefall aufgefallen. Es war der Virus TR/ATRAPS.Gen2. Ein Bankkonten Spionage Virus. Da ich eh kein Onlinebanking betreibe bin ich nicht sofort in Panik ausgebrochen, sondern sagte mir "Ich kümmere mich die nächsten Tage mal darum. Was mir dann aber auffiel, Avira Antivir nach dem Scan immer abstürzte. Es kam später ein zweit und ein Dritte dazu und gestern abend stellte ich fest, dass die Firewall dekativiert war und sich nicht mehr aktivieren lässt. Daher bin ich jetzt gerade schon sehr besorgt um meinen Laptop. Folgende Viren wurden also bisher angezeigt. TR/ATRAPS.Gen2 TR/Sirefef.16896 BDS/ZeroAccess.* (endung weiß ich nicht mehr) Firewall aus. Es folgen nun die vorgeschlagenen Arbeitsschritte. Extras.TxtOTL Extras logfile created on: 8/26/2012 1:31:01 PM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.62% Memory free 8.00 Gb Paging File | 5.97 Gb Available in Paging File | 74.68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149.04 Gb Total Space | 22.41 Gb Free Space | 15.03% Space Free | Partition Type: NTFS Drive D: | 134.40 Gb Total Space | 90.88 Gb Free Space | 67.62% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid "{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BDE1305-35D5-56F3-8B91-5BF29A8DB939}" = ATI Catalyst Install Manager "{5F0C3F07-B6EF-C641-C4BD-7E202A194121}" = ccc-utility64 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03998AF6-3578-A45F-7653-2C6FF60CF2C1}" = Zoosk Messenger "{0824E481-EB8E-A53B-5CA6-6EC82B29240F}" = CCC Help Russian "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{13581A3D-28FF-4DDC-0E6D-E585F4E432AE}" = CCC Help Korean "{1A786741-2D69-38F8-25A0-87D483FF893F}" = CCC Help French "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{35BEFF48-53E9-C955-5D24-D9F207C82954}" = CCC Help Portuguese "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{43923CFF-E3EF-EC15-8F7A-D50F11AC8E38}" = Catalyst Control Center Core Implementation "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver "{552636E5-1274-9229-10A6-EE56638524D3}" = CCC Help German "{5A186C42-F699-1207-7D8B-034120FBEFD4}" = CCC Help Dutch "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{724015FC-1175-CE89-667E-5C715EEB5052}" = CCC Help Italian "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{78704F80-9845-BA22-DD52-DF1F88D8C8E8}" = CCC Help Czech "{78CDB125-7541-33BA-11E0-55CF7346FD9D}" = CCC Help Chinese Standard "{7A4A6C58-C772-DEB7-ADE5-7AA3D8393FDA}" = CCC Help English "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{7F6ED92F-459D-E40B-BD80-B87B3E852C0A}" = Catalyst Control Center Graphics Previews Vista "{80E91367-66B4-9D48-D78E-17C3B5AFB83C}" = Catalyst Control Center Graphics Light "{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding "{83C99425-1095-A10F-8622-D949180EFA83}" = CCC Help Norwegian "{86209DE5-0642-1ADA-3060-0698374B84A1}" = CCC Help Danish "{86286ABC-4081-4BD3-B710-190B314BCE18}" = ChessBase Reader "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{9091F4E3-6A00-562A-DDF6-ECB1704F45B2}" = CCC Help Spanish "{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy "{97635F88-6774-7C96-B872-A4949A4FE06B}" = ccc-core-static "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A3E59DE5-46A8-68FB-7A2E-4507D2B7C1EC}" = Catalyst Control Center Localization All "{A765D3FB-AE33-FAA0-E725-21E6558D8147}" = CCC Help Finnish "{A8033DE8-2D2C-8730-5D35-8800C92560DE}" = CCC Help Polish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1 "{AEAC0128-8947-0E77-860F-3BD0735F31E5}" = CCC Help Turkish "{B8D52C7C-9460-7F82-C092-C0197B1138A1}" = CCC Help Swedish "{BF192C65-04BE-3F5D-632F-51132799CDE0}" = Catalyst Control Center Graphics Full New "{C50ED22A-B0D3-16D8-BE55-947DA0E6F986}" = CCC Help Thai "{D0809476-5FF0-7724-27CB-BE73D216624A}" = CCC Help Hungarian "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader "{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader "{DB5C5CB4-3519-1D95-EF98-0356ABFAFAF8}" = CCC Help Japanese "{E52C74AA-4E7E-51ED-B738-0D24922BE597}" = Catalyst Control Center Graphics Full Existing "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart "{F71AA0EC-15E4-6F63-3C9C-7E8D8D756EC5}" = CCC Help Chinese Traditional "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player "{FE2F63F8-EB6C-493B-954D-DCB29ECAC423}" = ChessBase Reader "{FEE0F194-7D6C-A7BF-F12E-96ABE64F5132}" = CCC Help Greek "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASIO4ALL" = ASIO4ALL "ASUS_Screensaver" = ASUS_Screensaver "Avira AntiVir Desktop" = Avira Free Antivirus "com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger "eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook! "FL Studio 10" = FL Studio 10 "Google Chrome" = Google Chrome "IL Download Manager" = IL Download Manager "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "USB Mass Storage Filter Driver" = Multimedia Card Reader "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.00 (32-Bit) "Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/16/2012 3:25:55 PM | Computer Name = ***-PC | Source = VSS | ID = 12310 Description = Error - 8/16/2012 3:25:55 PM | Computer Name = ***-PC | Source = VSS | ID = 12298 Description = Error - 8/16/2012 7:10:46 PM | Computer Name = ***-PC | Source = VSS | ID = 12310 Description = Error - 8/16/2012 7:10:46 PM | Computer Name = ***-PC | Source = VSS | ID = 12298 Description = Error - 8/17/2012 8:53:47 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ipmGui.exe, Version: 12.3.0.15, Zeitstempel: 0x4fa05906 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8e2bf220 ID des fehlerhaften Prozesses: 0x1ed4 Startzeit der fehlerhaften Anwendung: 0x01cd7c7754b411a9 Pfad der fehlerhaften Anwendung: C:\program files (x86)\avira\antivir desktop\ipmGui.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 953901f8-e86a-11e1-99b1-e0cb4e0b5c88 Error - 8/19/2012 4:02:11 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.8.0.158, Zeitstempel: 0x4f4de709 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0c10c9ba ID des fehlerhaften Prozesses: 0xa20 Startzeit der fehlerhaften Anwendung: 0x01cd7e4471596af6 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: c2f32108-ea38-11e1-be5a-e0cb4e0b5c88 Error - 8/19/2012 9:16:24 PM | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 8/23/2012 4:10:29 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: Flash64_11_3_300_271.ocx, Version: 11.3.300.271, Zeitstempel: 0x5026fc1d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000674d95 ID des fehlerhaften Prozesses: 0xfa4 Startzeit der fehlerhaften Anwendung: 0x01cd81062c98bb75 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_271.ocx Berichtskennung: 0022433d-ecfa-11e1-b47e-e0cb4e0b5c88 Error - 8/23/2012 7:26:51 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel: 0x4626b2f4 Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fa119ef Ausnahmecode: 0xc0000005 Fehleroffset: 0x6a5ccfde ID des fehlerhaften Prozesses: 0xf40 Startzeit der fehlerhaften Anwendung: 0x01cd818692af7cca Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{5ED0C29F-92E9-4E39-BEC1-F9F8F2505394}\ICQ7.exe Pfad des fehlerhaften Moduls: MoveIt.dll Berichtskennung: 03e8d82f-ed7a-11e1-bcf2-e0cb4e0b5c88 Error - 8/25/2012 7:18:56 PM | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm avscan.exe, Version 12.3.0.33 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1cf4 Startzeit: 01cd8312fae11ad3 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe Berichts-ID: 094b8cd2-ef0b-11e1-b8fe-e0cb4e0b5c88 [ Media Center Events ] Error - 7/6/2012 10:42:52 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 16:42:52 - Fehler beim Herstellen der Internetverbindung. 16:42:52 - Serververbindung konnte nicht hergestellt werden.. Error - 7/6/2012 10:43:01 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 16:42:57 - Fehler beim Herstellen der Internetverbindung. 16:42:57 - Serververbindung konnte nicht hergestellt werden.. Error - 7/6/2012 11:43:03 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 17:43:03 - Fehler beim Herstellen der Internetverbindung. 17:43:03 - Serververbindung konnte nicht hergestellt werden.. Error - 7/6/2012 11:43:11 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 17:43:08 - Fehler beim Herstellen der Internetverbindung. 17:43:08 - Serververbindung konnte nicht hergestellt werden.. Error - 7/6/2012 12:43:15 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 18:43:15 - Fehler beim Herstellen der Internetverbindung. 18:43:15 - Serververbindung konnte nicht hergestellt werden.. Error - 7/6/2012 12:43:26 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 18:43:20 - Fehler beim Herstellen der Internetverbindung. 18:43:20 - Serververbindung konnte nicht hergestellt werden.. Error - 7/19/2012 8:44:14 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 14:44:14 - Fehler beim Herstellen der Internetverbindung. 14:44:14 - Serververbindung konnte nicht hergestellt werden.. Error - 7/19/2012 8:44:33 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 14:44:20 - Fehler beim Herstellen der Internetverbindung. 14:44:20 - Serververbindung konnte nicht hergestellt werden.. Error - 7/19/2012 9:44:38 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 15:44:38 - Fehler beim Herstellen der Internetverbindung. 15:44:38 - Serververbindung konnte nicht hergestellt werden.. Error - 7/19/2012 9:44:45 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 15:44:44 - Fehler beim Herstellen der Internetverbindung. 15:44:44 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 8/25/2012 8:08:34 AM | Computer Name = ***-PC | Source = Microsoft-Windows-HAL | ID = 12 Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error - 8/26/2012 7:25:25 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 8/26/2012 7:25:25 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 8/26/2012 7:25:27 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = < End of report > OTL.Txt OTL logfile created on: 8/26/2012 1:31:01 PM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.62% Memory free 8.00 Gb Paging File | 5.97 Gb Available in Paging File | 74.68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149.04 Gb Total Space | 22.41 Gb Free Space | 15.03% Space Free | Partition Type: NTFS Drive D: | 134.40 Gb Total Space | 90.88 Gb Free Space | 67.62% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012/08/08 21:15:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011/02/19 00:33:37 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/07/16 20:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/06/24 22:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/08/14 06:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2006/06/08 15:41:18 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe ========== Modules (No Company Name) ========== MOD - [2012/06/13 01:29:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012/06/13 01:28:18 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/05/11 13:54:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/05/11 13:52:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/11 13:52:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 13:52:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe MOD - [2007/06/15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007/06/02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll MOD - [2005/07/30 21:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\OdiOlDVR.dll MOD - [2004/06/21 10:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\SysWOW64\OdiAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/08/12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2009/08/22 04:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent) SRV:64bit: - [2009/07/10 03:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV:64bit: - [2009/06/26 00:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2012/08/15 06:23:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011/02/19 00:32:50 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009/06/26 01:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/18 20:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service) DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER) DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.landesschachbundbremen.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 15 00 3A 7C CF CB 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {C730FC16-6818-4479-9BE4-4E070FB1B4DB} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C730FC16-6818-4479-9BE4-4E070FB1B4DB}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5018 [2011/06/14 20:13:31 | 000,000,000 | ---D | M] [2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions [2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012/08/17 09:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012/08/17 09:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/08/05 21:56:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/09/19 20:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com [2011/03/01 23:22:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/16 21:21:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2011/06/18 05:30:30 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc= CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Upgrade] C:\Users\***\AppData\Roaming\Mozilla\{A3FF5A97-8015-4F8E-98E4-C4FCF66C2055}\Upgrade.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 213.191.74.19 62.109.123.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95196CC1-CBD1-443B-9EB8-1FE51AC565EC}: DhcpNameServer = 192.168.2.1 213.191.74.19 62.109.123.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A7C588-07B5-48AB-AB54-A3A379575C5E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/26 01:13:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012/08/23 10:06:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012/08/20 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2012/08/20 01:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZooskMessenger [2012/08/13 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zuxxez [2012/08/11 03:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2012/07/28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SimCity 4 [2012/07/28 19:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis [2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/26 13:34:55 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/26 13:34:55 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/26 13:25:32 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\BootTime.ini [2012/08/26 13:25:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc8fd8f80600f2.job [2012/08/26 13:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/26 13:24:53 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2012/08/26 13:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/26 13:22:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/26 13:20:40 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012/08/26 13:20:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012/08/24 15:16:59 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini [2012/08/22 14:50:04 | 000,002,304 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/08/22 02:25:33 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/20 19:54:02 | 000,017,365 | ---- | M] () -- C:\Users\***\Desktop\arbeit.odt [2012/08/20 12:26:16 | 000,328,704 | ---- | M] () -- C:\Windows\SysNative\services.exe [2012/08/16 14:30:46 | 000,299,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/15 19:52:33 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/08/14 03:21:02 | 217,122,342 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/08/09 22:11:01 | 000,000,595 | ---- | M] () -- C:\Windows\eReg.dat [2012/08/03 03:22:59 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/26 13:20:40 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012/08/26 13:20:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012/08/23 00:50:35 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@ [2012/08/23 00:07:37 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@ [2012/08/20 12:24:24 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@ [2012/08/20 03:43:59 | 000,017,365 | ---- | C] () -- C:\Users\***\Desktop\arbeit.odt [2012/08/20 01:03:44 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZooskMessenger.lnk [2012/08/14 03:21:02 | 217,122,342 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/07/28 19:45:53 | 000,000,595 | ---- | C] () -- C:\Windows\eReg.dat [2012/07/10 22:22:34 | 000,647,168 | ---- | C] () -- C:\Program Files (x86)\tetris.exe [2012/06/26 13:10:29 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll [2012/06/26 13:10:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll [2012/03/15 20:26:34 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2012/02/28 18:10:22 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012/02/27 04:11:06 | 000,000,082 | ---- | C] () -- C:\Windows\ChssBase.ini [2012/01/11 12:25:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@ [2012/01/11 12:25:12 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@ [2011/05/26 18:16:26 | 000,000,043 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat [2011/02/19 17:28:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/02/19 01:12:39 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/02/19 00:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/02/18 21:09:46 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011/02/18 21:09:46 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT [2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== LOP Check ========== [2011/05/11 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5015 [2011/06/08 13:10:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5016 [2011/06/10 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5017 [2011/06/14 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5018 [2012/05/10 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase [2011/11/16 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/09/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cudylu [2011/09/29 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eruh [2012/02/21 01:54:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eType [2012/02/28 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2011/05/11 12:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock [2012/06/16 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs [2011/03/01 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011/11/25 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Osebr [2011/11/25 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quexdi [2012/08/11 03:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011/06/14 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs [2012/01/19 03:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uverd [2012/03/05 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wise Registry Cleaner [2011/06/14 21:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm [2011/09/28 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yhef [2012/07/13 10:20:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > x64 basierter- PC. Gmer wurde nicht angewendet Ich hoffe ich habe nichts vergessen. Schon einmal ein riesiges Dankeschön im Voraus. |
Themen zu multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess |
adobe, antivir, autorun, avg, avira, ebanking, error, explorer, firefox, flash player, format, google, home, homepage, install.exe, installation, langs, logfile, olympus, plug-in, programm, realtek, registry, registry cleaner, rundll, scan, security, software, super, svchost.exe, tr/atraps.gen2., usb 2.0, vdeck.exe, viren, windows |