multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess

Chesser · 26.08.2012, 13:19

Hallo!

Erst einmal ein super Lob an dieses gut durchstrukturierte und hilfreiche Forum und Daumen hoch an die Leute, die sich hier jeden Tag um die Probleme anderer kümmern! Hoffentlich kannn mir auch jemand helfen. Schon einmal Danke im Voraus!

Vor wenigen Tagen ist mir ein Virusbefall aufgefallen. Es war der Virus TR/ATRAPS.Gen2. Ein Bankkonten Spionage Virus. Da ich eh kein Onlinebanking betreibe bin ich nicht sofort in Panik ausgebrochen, sondern sagte mir "Ich kümmere mich die nächsten Tage mal darum. Was mir dann aber auffiel, Avira Antivir nach dem Scan immer abstürzte. Es kam später ein zweit und ein Dritte dazu und gestern abend stellte ich fest, dass die Firewall dekativiert war und sich nicht mehr aktivieren lässt. Daher bin ich jetzt gerade schon sehr besorgt um meinen Laptop.
Folgende Viren wurden also bisher angezeigt.
TR/ATRAPS.Gen2
TR/Sirefef.16896
BDS/ZeroAccess.* (endung weiß ich nicht mehr)
Firewall aus.

Es folgen nun die vorgeschlagenen Arbeitsschritte.

Extras.TxtOTL Extras logfile created on: 8/26/2012 1:31:01 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.62% Memory free
8.00 Gb Paging File | 5.97 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 22.41 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 90.88 Gb Free Space | 67.62% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE1305-35D5-56F3-8B91-5BF29A8DB939}" = ATI Catalyst Install Manager
"{5F0C3F07-B6EF-C641-C4BD-7E202A194121}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03998AF6-3578-A45F-7653-2C6FF60CF2C1}" = Zoosk Messenger
"{0824E481-EB8E-A53B-5CA6-6EC82B29240F}" = CCC Help Russian
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13581A3D-28FF-4DDC-0E6D-E585F4E432AE}" = CCC Help Korean
"{1A786741-2D69-38F8-25A0-87D483FF893F}" = CCC Help French
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{35BEFF48-53E9-C955-5D24-D9F207C82954}" = CCC Help Portuguese
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43923CFF-E3EF-EC15-8F7A-D50F11AC8E38}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{552636E5-1274-9229-10A6-EE56638524D3}" = CCC Help German
"{5A186C42-F699-1207-7D8B-034120FBEFD4}" = CCC Help Dutch
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{724015FC-1175-CE89-667E-5C715EEB5052}" = CCC Help Italian
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78704F80-9845-BA22-DD52-DF1F88D8C8E8}" = CCC Help Czech
"{78CDB125-7541-33BA-11E0-55CF7346FD9D}" = CCC Help Chinese Standard
"{7A4A6C58-C772-DEB7-ADE5-7AA3D8393FDA}" = CCC Help English
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7F6ED92F-459D-E40B-BD80-B87B3E852C0A}" = Catalyst Control Center Graphics Previews Vista
"{80E91367-66B4-9D48-D78E-17C3B5AFB83C}" = Catalyst Control Center Graphics Light
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{83C99425-1095-A10F-8622-D949180EFA83}" = CCC Help Norwegian
"{86209DE5-0642-1ADA-3060-0698374B84A1}" = CCC Help Danish
"{86286ABC-4081-4BD3-B710-190B314BCE18}" = ChessBase Reader
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{9091F4E3-6A00-562A-DDF6-ECB1704F45B2}" = CCC Help Spanish
"{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy
"{97635F88-6774-7C96-B872-A4949A4FE06B}" = ccc-core-static
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A3E59DE5-46A8-68FB-7A2E-4507D2B7C1EC}" = Catalyst Control Center Localization All
"{A765D3FB-AE33-FAA0-E725-21E6558D8147}" = CCC Help Finnish
"{A8033DE8-2D2C-8730-5D35-8800C92560DE}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{AEAC0128-8947-0E77-860F-3BD0735F31E5}" = CCC Help Turkish
"{B8D52C7C-9460-7F82-C092-C0197B1138A1}" = CCC Help Swedish
"{BF192C65-04BE-3F5D-632F-51132799CDE0}" = Catalyst Control Center Graphics Full New
"{C50ED22A-B0D3-16D8-BE55-947DA0E6F986}" = CCC Help Thai
"{D0809476-5FF0-7724-27CB-BE73D216624A}" = CCC Help Hungarian
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DB5C5CB4-3519-1D95-EF98-0356ABFAFAF8}" = CCC Help Japanese
"{E52C74AA-4E7E-51ED-B738-0D24922BE597}" = Catalyst Control Center Graphics Full Existing
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F71AA0EC-15E4-6F63-3C9C-7E8D8D756EC5}" = CCC Help Chinese Traditional
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE2F63F8-EB6C-493B-954D-DCB29ECAC423}" = ChessBase Reader
"{FEE0F194-7D6C-A7BF-F12E-96ABE64F5132}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"FL Studio 10" = FL Studio 10
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2012 3:25:55 PM | Computer Name = ***-PC | Source = VSS | ID = 12310
Description =

Error - 8/16/2012 3:25:55 PM | Computer Name = ***-PC | Source = VSS | ID = 12298
Description =

Error - 8/16/2012 7:10:46 PM | Computer Name = ***-PC | Source = VSS | ID = 12310
Description =

Error - 8/16/2012 7:10:46 PM | Computer Name = ***-PC | Source = VSS | ID = 12298
Description =

Error - 8/17/2012 8:53:47 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ipmGui.exe, Version: 12.3.0.15, Zeitstempel:
0x4fa05906 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8e2bf220 ID des fehlerhaften Prozesses:
0x1ed4 Startzeit der fehlerhaften Anwendung: 0x01cd7c7754b411a9 Pfad der fehlerhaften
Anwendung: C:\program files (x86)\avira\antivir desktop\ipmGui.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 953901f8-e86a-11e1-99b1-e0cb4e0b5c88

Error - 8/19/2012 4:02:11 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.8.0.158, Zeitstempel:
0x4f4de709 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0c10c9ba ID des fehlerhaften Prozesses:
0xa20 Startzeit der fehlerhaften Anwendung: 0x01cd7e4471596af6 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: c2f32108-ea38-11e1-be5a-e0cb4e0b5c88

Error - 8/19/2012 9:16:24 PM | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =

Error - 8/23/2012 4:10:29 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: Flash64_11_3_300_271.ocx,
Version: 11.3.300.271, Zeitstempel: 0x5026fc1d Ausnahmecode: 0xc0000005 Fehleroffset:
0x0000000000674d95 ID des fehlerhaften Prozesses: 0xfa4 Startzeit der fehlerhaften
Anwendung: 0x01cd81062c98bb75 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_271.ocx
Berichtskennung:
0022433d-ecfa-11e1-b47e-e0cb4e0b5c88

Error - 8/23/2012 7:26:51 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel:
0x4626b2f4 Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4fa119ef Ausnahmecode: 0xc0000005 Fehleroffset: 0x6a5ccfde ID des fehlerhaften
Prozesses: 0xf40 Startzeit der fehlerhaften Anwendung: 0x01cd818692af7cca Pfad der
fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{5ED0C29F-92E9-4E39-BEC1-F9F8F2505394}\ICQ7.exe
Pfad
des fehlerhaften Moduls: MoveIt.dll Berichtskennung: 03e8d82f-ed7a-11e1-bcf2-e0cb4e0b5c88

Error - 8/25/2012 7:18:56 PM | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.33 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1cf4 Startzeit:
01cd8312fae11ad3 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
Desktop\avscan.exe Berichts-ID: 094b8cd2-ef0b-11e1-b8fe-e0cb4e0b5c88

[ Media Center Events ]
Error - 7/6/2012 10:42:52 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:42:52 - Fehler beim Herstellen der Internetverbindung. 16:42:52
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 10:43:01 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:42:57 - Fehler beim Herstellen der Internetverbindung. 16:42:57
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 11:43:03 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:43:03 - Fehler beim Herstellen der Internetverbindung. 17:43:03
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 11:43:11 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:43:08 - Fehler beim Herstellen der Internetverbindung. 17:43:08
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 12:43:15 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:43:15 - Fehler beim Herstellen der Internetverbindung. 18:43:15
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 12:43:26 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:43:20 - Fehler beim Herstellen der Internetverbindung. 18:43:20
- Serververbindung konnte nicht hergestellt werden..

Error - 7/19/2012 8:44:14 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:44:14 - Fehler beim Herstellen der Internetverbindung. 14:44:14
- Serververbindung konnte nicht hergestellt werden..

Error - 7/19/2012 8:44:33 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:44:20 - Fehler beim Herstellen der Internetverbindung. 14:44:20
- Serververbindung konnte nicht hergestellt werden..

Error - 7/19/2012 9:44:38 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:44:38 - Fehler beim Herstellen der Internetverbindung. 15:44:38
- Serververbindung konnte nicht hergestellt werden..

Error - 7/19/2012 9:44:45 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:44:44 - Fehler beim Herstellen der Internetverbindung. 15:44:44
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/25/2012 8:08:34 AM | Computer Name = ***-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.

Error - 8/26/2012 7:25:25 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/26/2012 7:25:25 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/26/2012 7:25:27 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =

< End of report >

OTL.Txt
OTL logfile created on: 8/26/2012 1:31:01 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.62% Memory free
8.00 Gb Paging File | 5.97 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 22.41 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 90.88 Gb Free Space | 67.62% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012/08/08 21:15:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/02/19 00:33:37 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/16 20:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/24 22:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 06:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2006/06/08 15:41:18 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/13 01:29:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 01:28:18 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/11 13:54:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 13:52:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 13:52:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 13:52:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2007/06/15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2005/07/30 21:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\OdiOlDVR.dll
MOD - [2004/06/21 10:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\SysWOW64\OdiAPI.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/22 04:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent)
SRV:64bit: - [2009/07/10 03:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV:64bit: - [2009/06/26 00:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/08/15 06:23:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/02/19 00:32:50 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/26 01:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 20:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service)
DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER)
DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.landesschachbundbremen.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 15 00 3A 7C CF CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C730FC16-6818-4479-9BE4-4E070FB1B4DB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C730FC16-6818-4479-9BE4-4E070FB1B4DB}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5018 [2011/06/14 20:13:31 | 000,000,000 | ---D | M]

[2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions
[2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012/08/17 09:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/08/17 09:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/08/05 21:56:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/19 20:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com
[2011/03/01 23:22:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/16 21:21:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011/06/18 05:30:30 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc=
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Upgrade] C:\Users\***\AppData\Roaming\Mozilla\{A3FF5A97-8015-4F8E-98E4-C4FCF66C2055}\Upgrade.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 213.191.74.19 62.109.123.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95196CC1-CBD1-443B-9EB8-1FE51AC565EC}: DhcpNameServer = 192.168.2.1 213.191.74.19 62.109.123.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A7C588-07B5-48AB-AB54-A3A379575C5E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 01:13:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/08/23 10:06:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/20 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012/08/20 01:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZooskMessenger
[2012/08/13 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zuxxez
[2012/08/11 03:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012/07/28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SimCity 4
[2012/07/28 19:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/26 13:34:55 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 13:34:55 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 13:25:32 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\BootTime.ini
[2012/08/26 13:25:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc8fd8f80600f2.job
[2012/08/26 13:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/26 13:24:53 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 13:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 13:22:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/26 13:20:40 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012/08/26 13:20:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/08/24 15:16:59 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2012/08/22 14:50:04 | 000,002,304 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/08/22 02:25:33 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/20 19:54:02 | 000,017,365 | ---- | M] () -- C:\Users\***\Desktop\arbeit.odt
[2012/08/20 12:26:16 | 000,328,704 | ---- | M] () -- C:\Windows\SysNative\services.exe
[2012/08/16 14:30:46 | 000,299,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 19:52:33 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/08/14 03:21:02 | 217,122,342 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/09 22:11:01 | 000,000,595 | ---- | M] () -- C:\Windows\eReg.dat
[2012/08/03 03:22:59 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/26 13:20:40 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012/08/26 13:20:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012/08/23 00:50:35 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@
[2012/08/23 00:07:37 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@
[2012/08/20 12:24:24 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@
[2012/08/20 03:43:59 | 000,017,365 | ---- | C] () -- C:\Users\***\Desktop\arbeit.odt
[2012/08/20 01:03:44 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZooskMessenger.lnk
[2012/08/14 03:21:02 | 217,122,342 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/28 19:45:53 | 000,000,595 | ---- | C] () -- C:\Windows\eReg.dat
[2012/07/10 22:22:34 | 000,647,168 | ---- | C] () -- C:\Program Files (x86)\tetris.exe
[2012/06/26 13:10:29 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2012/06/26 13:10:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2012/03/15 20:26:34 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012/02/28 18:10:22 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/02/27 04:11:06 | 000,000,082 | ---- | C] () -- C:\Windows\ChssBase.ini
[2012/01/11 12:25:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@
[2012/01/11 12:25:12 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@
[2011/05/26 18:16:26 | 000,000,043 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2011/02/19 17:28:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/19 01:12:39 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/19 00:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/18 21:09:46 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/18 21:09:46 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2011/05/11 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5015
[2011/06/08 13:10:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5016
[2011/06/10 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5017
[2011/06/14 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5018
[2012/05/10 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase
[2011/11/16 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cudylu
[2011/09/29 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eruh
[2012/02/21 01:54:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eType
[2012/02/28 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011/05/11 12:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012/06/16 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs
[2011/03/01 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011/11/25 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Osebr
[2011/11/25 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quexdi
[2012/08/11 03:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/06/14 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012/01/19 03:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uverd
[2012/03/05 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wise Registry Cleaner
[2011/06/14 21:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2011/09/28 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yhef
[2012/07/13 10:20:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

x64 basierter- PC. Gmer wurde nicht angewendet

Ich hoffe ich habe nichts vergessen. Schon einmal ein riesiges Dankeschön im Voraus.

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess

Log-Analyse und Auswertung: multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess

Ähnliche Themen: multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess