| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira findet TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.11.2013, 21:02
| #1 |
| |  Avira findet TR/ATRAPS.Gen2 Hallo ihr Lieben, ich habe seit einigen Tagen ein Problem, angefangen hat alles damit das ich keine Downloades mehr machen konnte. Die verschiedenen Browser haben verschiedene Fehlermeldungen geliefert, meistens das ein Virus in der Datei sei. Auch bei vertrauenswürdigen Internetseiten wie z.B. chip.de. Bei einem Virenscan mit Avira Free Antivirus wurden einige Funde angezeigt. Diese wurden anschließend von Avira behoben. Jetzt findet Avira immer noch einen Virus namens TR/ATRAPS.Gen2. Downloads funktionieren wieder. Im Report am Ende des Scans steht, die Datei C:\Windows\assembly\GAC\Desktop.ini wurde geblockt, konnte aber nicht gelöscht werden. Der Echtzeitschutz von Avira zeigt 2 verschiedene Meldungen an. 1. 2 Viren oder Schädliche Programme gefunden und geblockt (Ohne Namen) 2. Verschieden bezeichnete Viren die Avira in C:\Program Files\Google\Desktop\Install... gefunden hat und geblockt werden. Diese kommen etwa alle 2 min. liebe Grüße und schon mal Danke |
|
08.11.2013, 21:06
| #2 |
| /// TB-Ausbilder   | Avira findet TR/ATRAPS.Gen2 Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
09.11.2013, 00:06
| #3 |
| | Avira findet TR/ATRAPS.Gen2 Hier ist die FRST.txt
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Micha (administrator) on NOTEBOOK on 08-11-2013 23:53:36
Running from C:\Users\Micha\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Dexpot GbR) C:\Program Files\Dexpot\dexpot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
(Hauppauge Computer Works) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Opera Software) C:\Program Files\Opera\launcher.exe
(Dropbox, Inc.) C:\Users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
() C:\Program Files\Opera\17.0.1241.53_2\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SBRegRebootCleaner] - "C:\Program Files\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [{3B891BE6-3862-922A-43CE-29918CADFE1B}] - C:\Users\Micha\AppData\Roaming\Opera\XpersOpera.exe
HKCU\...\Run: [treasure] - C:\ProgramData\treasure0\iflmzccfpch.exe [232305 2013-11-08] ()
MountPoints2: {7cbcba0c-871e-11e1-b5fc-00158315a310} - H:\preinst.exe
MountPoints2: {fe11fdea-75b0-11e0-be95-002170a4c359} - G:\SETUP.EXE
Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exeSBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFDED1713FFDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=E5CAF161C7ACE139A41A525157317696&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
SearchScopes: HKCU - {BA0411C6-0489-45D6-800D-39E5E8BECD83} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default
FF user.js: detected! => C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\user.js
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E5CAF161C7ACE139A41A525157317696
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Micha\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Lavasoft Search Plugin - C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [98304 2012-12-11] ()
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [815104 2008-03-31] (Hauppauge Computer Works)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [246584 2010-06-21] ()
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-03] (SolidWorks)
S2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [x]
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [x]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\ \...\???\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [14976 2006-10-06] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [67680 2013-10-10] (Avira Operations GmbH & Co. KG)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-05-03] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-30] (GFI Software)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-04-29] (Lavasoft AB)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-08 23:53 - 2013-11-08 23:53 - 00000000 ____D C:\FRST
2013-11-08 23:50 - 2013-11-08 23:50 - 01089445 _____ (Farbar) C:\Users\Micha\Desktop\FRST.exe
2013-11-08 20:41 - 2013-11-08 20:41 - 00000005 _____ C:\Users\Micha\Desktop\Neues Textdokument.txt
2013-11-08 16:09 - 2013-11-08 16:09 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-08 13:49 - 2013-11-08 21:06 - 00000168 _____ C:\Windows\setupact.log
2013-11-08 13:49 - 2013-11-08 16:18 - 00097740 _____ C:\Windows\PFRO.log
2013-11-08 13:49 - 2013-11-08 13:49 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 01:09 - 2013-11-08 01:09 - 00675988 _____ C:\Users\Micha\Desktop\Minecraft.exe
2013-11-07 22:18 - 2013-11-07 22:18 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\ProgramData\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\Program Files\Avira
2013-11-07 22:15 - 2013-10-10 19:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-11-06 16:49 - 2013-11-08 22:08 - 00000000 ____D C:\Users\Micha\AppData\Roaming\.minecraft
2013-11-06 13:41 - 2013-11-06 13:41 - 00000000 ____D C:\Users\Micha\Low_00FEC012
2013-11-05 21:29 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2013-11-04 23:49 - 2013-11-07 19:23 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera Software
2013-11-04 23:49 - 2013-11-07 19:23 - 00000000 ____D C:\Users\Micha\AppData\Local\Opera Software
2013-11-04 22:38 - 2013-11-04 22:39 - 00007861 _____ C:\Users\Micha\Documents\Uninstall STAR WARS The Old Republic.log
2013-11-04 22:28 - 2013-11-04 22:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 22:27 - 2013-11-04 22:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-04 22:27 - 2013-11-04 22:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-04 22:08 - 2013-11-08 23:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-04 22:08 - 2013-11-04 22:08 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 21:52 - 2013-11-04 21:52 - 00000000 ____D C:\Users\Micha\AppData\Local\Macromedia
2013-11-04 21:34 - 2013-11-08 22:21 - 00000000 __SHD C:\ProgramData\treasure0
2013-11-04 17:20 - 2013-11-04 17:21 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-11-04 17:20 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Micha\AppData\Local\SWTORPerf
2013-11-04 17:18 - 2013-11-04 22:38 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-11-04 17:14 - 2013-11-04 17:20 - 00002812 _____ C:\Users\Micha\Documents\Install STAR WARS The Old Republic.log
2013-11-04 17:14 - 2013-11-04 17:14 - 00000000 ____D C:\Users\hedev
2013-11-02 20:00 - 2013-11-02 20:00 - 00000000 ____D C:\ProgramData\APN
2013-10-30 12:49 - 2013-11-08 22:02 - 00011227 _____ C:\Users\Micha\Desktop\Anwesenheit Weihnachtsfeier.xlsx
2013-10-30 12:34 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-12 21:14 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 21:14 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 21:14 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 21:14 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-12 21:14 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 21:14 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 12:46 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 12:46 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 12:46 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 12:46 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-11 12:46 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 12:46 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 12:46 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 12:46 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 12:46 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 12:46 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 12:46 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 12:46 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 12:46 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 12:46 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 12:46 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 12:46 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 12:46 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 12:46 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 12:46 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 12:46 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 12:46 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 12:46 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 12:46 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 12:46 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 12:46 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 12:46 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
==================== One Month Modified Files and Folders =======
2013-11-08 23:53 - 2013-11-08 23:53 - 00000000 ____D C:\FRST
2013-11-08 23:51 - 2011-05-03 19:42 - 00000000 ____D C:\Users\Micha\Desktop\Programme
2013-11-08 23:50 - 2013-11-08 23:50 - 01089445 _____ (Farbar) C:\Users\Micha\Desktop\FRST.exe
2013-11-08 23:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2013-11-08 23:29 - 2013-11-04 22:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-08 22:21 - 2013-11-04 21:34 - 00000000 __SHD C:\ProgramData\treasure0
2013-11-08 22:08 - 2013-11-06 16:49 - 00000000 ____D C:\Users\Micha\AppData\Roaming\.minecraft
2013-11-08 22:02 - 2013-10-30 12:49 - 00011227 _____ C:\Users\Micha\Desktop\Anwesenheit Weihnachtsfeier.xlsx
2013-11-08 21:16 - 2009-07-14 05:34 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 21:16 - 2009-07-14 05:34 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 21:13 - 2011-05-03 19:19 - 01613048 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-08 21:12 - 2012-11-11 16:42 - 00000000 ____D C:\Users\Micha\AppData\Roaming\PersBackup5
2013-11-08 21:06 - 2013-11-08 13:49 - 00000168 _____ C:\Windows\setupact.log
2013-11-08 21:06 - 2012-08-27 16:48 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-08 21:06 - 2011-11-22 10:00 - 00000000 ___RD C:\Users\Micha\Dropbox
2013-11-08 21:06 - 2011-11-22 09:56 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Dropbox
2013-11-08 21:06 - 2011-10-03 11:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-08 21:06 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 20:41 - 2013-11-08 20:41 - 00000005 _____ C:\Users\Micha\Desktop\Neues Textdokument.txt
2013-11-08 16:18 - 2013-11-08 13:49 - 00097740 _____ C:\Windows\PFRO.log
2013-11-08 16:09 - 2013-11-08 16:09 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-08 13:49 - 2013-11-08 13:49 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 01:09 - 2013-11-08 01:09 - 00675988 _____ C:\Users\Micha\Desktop\Minecraft.exe
2013-11-07 22:18 - 2013-11-07 22:18 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\ProgramData\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\Program Files\Avira
2013-11-07 22:13 - 2011-05-03 19:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Winamp
2013-11-07 22:03 - 2013-03-30 19:41 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-11-07 19:23 - 2013-11-04 23:49 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera Software
2013-11-07 19:23 - 2013-11-04 23:49 - 00000000 ____D C:\Users\Micha\AppData\Local\Opera Software
2013-11-07 19:23 - 2011-11-10 20:15 - 00000000 ____D C:\Program Files\Opera
2013-11-07 17:26 - 2013-01-28 12:38 - 00007645 _____ C:\Users\Micha\AppData\Local\Resmon.ResmonCfg
2013-11-07 16:26 - 2012-01-03 11:07 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-07 16:26 - 2011-05-03 19:25 - 00000000 ____D C:\ProgramData\Adobe
2013-11-07 13:33 - 2012-03-01 22:13 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Samsung
2013-11-07 13:33 - 2012-03-01 22:12 - 00000000 ____D C:\Program Files\Samsung
2013-11-07 13:33 - 2012-03-01 22:12 - 00000000 ____D C:\Program Files\PC Connectivity Solution
2013-11-07 13:33 - 2011-05-03 19:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-07 13:26 - 2012-01-09 19:19 - 00000000 ____D C:\Program Files\Google
2013-11-07 13:25 - 2012-01-09 19:19 - 00000000 ____D C:\Users\Micha\AppData\Local\Google
2013-11-06 16:28 - 2011-11-10 20:15 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera
2013-11-06 13:52 - 2011-05-03 20:17 - 00000000 ____D C:\Users\Micha\AppData\Roaming\SolidWorks
2013-11-06 13:51 - 2011-05-03 21:06 - 00000000 ____D C:\Users\Micha\Desktop\Zukünftige zweite Festplatte
2013-11-06 13:41 - 2013-11-06 13:41 - 00000000 ____D C:\Users\Micha\Low_00FEC012
2013-11-06 13:41 - 2011-05-03 19:20 - 00000000 ____D C:\Users\Micha
2013-11-05 17:22 - 2013-03-30 19:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Ad-Aware Antivirus
2013-11-04 22:39 - 2013-11-04 22:38 - 00007861 _____ C:\Users\Micha\Documents\Uninstall STAR WARS The Old Republic.log
2013-11-04 22:38 - 2013-11-04 17:18 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-11-04 22:29 - 2013-09-01 13:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-04 22:29 - 2011-05-30 08:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-04 22:28 - 2013-11-04 22:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 22:27 - 2013-11-04 22:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-04 22:27 - 2013-11-04 22:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-04 22:27 - 2013-01-14 12:06 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-04 22:27 - 2013-01-14 12:06 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-04 22:27 - 2013-01-14 12:05 - 00000000 ____D C:\Program Files\Java
2013-11-04 22:08 - 2013-11-04 22:08 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 22:08 - 2011-05-03 19:45 - 00000000 ____D C:\Users\Micha\AppData\Local\Adobe
2013-11-04 21:55 - 2011-05-05 19:39 - 00000000 ____D C:\Windows\pss
2013-11-04 21:52 - 2013-11-04 21:52 - 00000000 ____D C:\Users\Micha\AppData\Local\Macromedia
2013-11-04 17:21 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-11-04 17:20 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Micha\AppData\Local\SWTORPerf
2013-11-04 17:20 - 2013-11-04 17:14 - 00002812 _____ C:\Users\Micha\Documents\Install STAR WARS The Old Republic.log
2013-11-04 17:14 - 2013-11-04 17:14 - 00000000 ____D C:\Users\hedev
2013-11-04 17:03 - 2011-05-03 20:08 - 00000000 ____D C:\Windows\Panther
2013-11-03 16:11 - 2011-05-04 08:57 - 00000000 ____D C:\Users\Micha\AppData\Local\TempSWSicherungsverzeichnis
2013-11-03 00:47 - 2011-05-04 06:30 - 00000000 _____ C:\Users\Micha\AppData\Local\Temptable.xml
2013-11-02 20:15 - 2012-10-01 14:15 - 00000000 ____D C:\Users\Micha\AppData\Roaming\CADClick
2013-11-02 20:00 - 2013-11-02 20:00 - 00000000 ____D C:\ProgramData\APN
2013-11-02 20:00 - 2013-06-26 19:39 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-11-01 16:27 - 2011-07-06 10:22 - 00037457 _____ C:\Users\Micha\AppData\Local\Temp_table.xml
2013-10-20 17:54 - 2011-05-03 19:43 - 00000000 ____D C:\Users\Micha\AppData\Roaming\TrueCrypt
2013-10-15 11:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-15 10:53 - 2009-07-14 05:33 - 00473976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 10:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-14 18:41 - 2012-11-11 16:42 - 00000000 ____D C:\Users\Micha\Documents\PersBackup
2013-10-12 21:18 - 2013-08-19 13:02 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 21:15 - 2011-05-05 21:08 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 19:14 - 2013-11-07 22:15 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-10 19:14 - 2013-11-07 22:15 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-10 19:14 - 2013-11-07 22:15 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-10 19:14 - 2013-11-07 22:15 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-10 19:14 - 2013-11-07 22:15 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
Files to move or delete:
====================
ZeroAccess:
C:\Users\Micha\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Micha\AppData\Local\Temp\avgnt.exe
C:\Users\Micha\AppData\Local\Temp\BRSVC_158122878_hlp.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-31 12:28
==================== End Of Log ============================
--- --- --- --- --- --- Und hier ist die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Micha at 2013-11-08 23:54:16
Running from C:\Users\Micha\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
3Dconnexion 3DxSoftware
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Akamai NetSession Interface Service
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Areca
Atmel Software Framework (Version: 3.1.121)
Atmel Studio 6.0 (Version: 6.0.1843)
Atmel USB (Version: 10.6)
Avira Free Antivirus (Version: 14.0.0.411)
AVNavigator (HKCU Version: VSX-921)
AVRStudio4 (Version: 4.14.589)
Bluesoleil2.6.0.8 Release 070517 (Version: 2.6.0.8 Release 070517)
BRAdmin Professional 3 (Version: 3.50.0002)
Bridge Building Game
CCleaner (Version: 3.14)
Command & Conquer The First Decade (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.40.2.0131)
DAEMON Tools Toolbar (Version: 1.1.7.0190)
Dexpot (HKCU Version: 1.5.9)
Dropbox (HKCU Version: 2.0.22)
GIMP 2.6.11 (Version: 2.6.11)
Hauppauge German Help Files and Resources
Hauppauge WinTV
Hauppauge WinTV DVB-T EPG Service
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
IBM APL2 (Version: 2.0.17)
InfraRecorder
Inkscape 0.48.3.1 (Version: 0.48.3.1)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel(R) TV Wizard
InterVideo FilterSDK for Hauppauge
IrfanView (remove only) (Version: 4.28)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java(TM) 6 Update 38 (Version: 6.0.380)
JLink OB CDC Driver Package (Version: 1.2.1)
LTspice IV
MathType 6 (Version: 6.6)
MATLAB Student R2007a (Version: 7.4)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office 2003 Web Components (Version: 12.0.4518.1014)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 Express - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (Version: 10.0.30319)
MiKTeX 2.9 (Version: 2.9)
MozBackup 1.5.1
Mozilla Firefox 7.0.1 (x86 de) (Version: 7.0.1)
Mozilla Maintenance Service (Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NIBObee Library 1.4 (Version: 1.4.0.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera Stable 17.0.1241.53 (Version: 17.0.1241.53)
PC Connectivity Solution (Version: 8.15.0.0)
PDFCreator (Version: 1.2.3)
pdfforge Toolbar v6.5 (Version: 6.5)
Personal Backup 5.3 (Version: 5.3)
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
SolidWorks 2009 SP0 (Version: 17.1.0003)
Steamless Counter Strike Source Pack (Version: 1.0)
Stronghold
TeamViewer 6 (Version: 6.0.13992)
TeXnicCenter Version 1.0 Stable RC1 (Version: Version 1.0 Stable RC1)
TrueCrypt (Version: 7.1a)
UltraISO Premium V9.53
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VLC media player 1.1.9 (Version: 1.1.9)
VTPlus32 für WinTV (German)
Winamp (Version: 5.61 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
WinAVR 20100110 (remove only) (Version: 20100110)
Windows XP Mode (Version: 1.3.7600.16422)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows-Treiberpaket - Segger (jlink_ob) USB (03/13/2012 2.6.6.2) (Version: 03/13/2012 2.6.6.2)
Windows-Treiberpaket - SEGGER (usbser) Ports (01/25/2012 6.0.2600.4) (Version: 01/25/2012 6.0.2600.4)
YTD Video Downloader 4.6 (Version: 4.6)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DC85200-CD12-424B-BE8C-1456A06B00B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-04] (Adobe Systems Incorporated)
Task: {1E24F2A1-8587-4951-8633-2EA344B3F35F} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {507A5866-146A-4D79-B3DC-75F85742D3F4} - System32\Tasks\3DconnexionCreateProcess_3DxSRV.EXE => C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3DxSRV.EXE
Task: {716CD0EA-1780-4C04-8B79-EBB5B91BF626} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {72CE0CD5-E03C-4FDD-956E-27A42EDA8077} - System32\Tasks\Dexpot\2 => C:\Program Files\Dexpot\autodex.exe [2013-10-06] (Dexpot GbR)
Task: {86B01086-5E02-4B95-83AD-473416F85A65} - System32\Tasks\{8FAAD528-86D6-4B6E-9785-608319415AB5} => C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2011-05-05] ()
Task: {DBBDDFA5-8072-4DBA-B9B2-74C6C70D6FF7} - System32\Tasks\{247365D4-FAF3-4898-AD2A-FA439035642D} => C:\Program Files\Team17\Worms Armageddon\WA.exe
Task: {E80A56BC-A96C-4B53-BE57-6AACDB65EDC5} - System32\Tasks\Dexpot\Dexpot Micha => C:\Program Files\Dexpot\dexpot.exe [2013-10-06] (Dexpot GbR)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Micha\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-07 19:23 - 2013-10-21 07:41 - 00868704 _____ () C:\Program Files\Opera\17.0.1241.53_2\ffmpegsumo.dll
2013-11-07 19:23 - 2013-10-21 07:41 - 00881504 _____ () C:\Program Files\Opera\17.0.1241.53_2\libglesv2.dll
2013-11-07 19:23 - 2013-10-21 07:41 - 00109408 _____ () C:\Program Files\Opera\17.0.1241.53_2\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:449B81FC
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/08/2013 11:53:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x274
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:49:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x145c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:44:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x148c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:43:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xab4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:42:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x238
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:41:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:40:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xab0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:39:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1358
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:38:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x174c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/08/2013 11:37:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1468
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
System errors:
=============
Error: (11/08/2013 09:09:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/08/2013 09:07:58 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (11/08/2013 09:07:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (11/08/2013 09:07:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (11/08/2013 09:06:20 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst ICQ Service erreicht.
Error: (11/08/2013 09:06:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (11/08/2013 04:21:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/08/2013 04:20:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (11/08/2013 04:19:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (11/08/2013 04:18:48 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst ICQ Service erreicht.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 57%
Total physical RAM: 2037.97 MB
Available physical RAM: 859.45 MB
Total Pagefile: 4075.94 MB
Available Pagefile: 2470.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:60.01 GB) (Free:2.81 GB) NTFS
Drive d: () (Fixed) (Total:60.01 GB) (Free:11.95 GB) NTFS
Drive e: (Volume) (Fixed) (Total:345.64 GB) (Free:79.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=346 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
09.11.2013, 13:00
| #4 | ||
| Ruhe in Frieden † 2019    | Avira findet TR/ATRAPS.Gen2 Hallo Sefer, ich übernehme hier für Matthias. Da ich noch in der Ausbildung bin, müssen alle meine Schritte durch einen Ausbilder freigegeben werden. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld  Zitat:
Schritt 1 Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
|
|
11.11.2013, 22:24
| #5 |
| | Avira findet TR/ATRAPS.Gen2 Hallo, hier der Link von Virustotal: https://www.virustotal.com/de/file/658c5935c48aed1032de7983ddc5104d357cdf147eec3d759a06fc4a9d5d112a/analysis/1384201975/ Code:
ATTFilter ComboFix 13-11-11.01 - Micha 11.11.2013 21:46:22.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2038.1243 [GMT 1:00]
ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\GoogleUpdate.exe
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\L\00000004.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\L\201d3dde
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\L\76603ac3
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\00000004.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\00000008.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\000000cb.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\80000000.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\80000032.@
c:\users\Micha\AppData\Local\Google\Desktop\Install
c:\users\Micha\AppData\Local\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\2E2F~1\28F0~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\@
c:\users\Micha\AppData\Local\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\2E2F~1\28F0~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\GoogleUpdate.exe
c:\users\Micha\AppData\Roaming\inkscape\inkscapeuse.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-11 bis 2013-11-11 ))))))))))))))))))))))))))))))
.
.
2013-11-11 20:57 . 2013-11-11 20:59 -------- d-----w- c:\users\Micha\AppData\Local\temp
2013-11-08 22:53 . 2013-11-08 22:53 -------- d-----w- C:\FRST
2013-11-08 15:09 . 2013-11-08 15:09 -------- d-----w- c:\programdata\Simply Super Software
2013-11-07 21:18 . 2013-11-07 21:18 -------- d-----w- c:\users\Micha\AppData\Roaming\Avira
2013-11-07 21:15 . 2013-10-10 18:14 67680 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-11-07 21:15 . 2013-10-10 18:14 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-07 21:15 . 2013-10-10 18:14 89376 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-07 21:15 . 2013-10-10 18:14 137208 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-11-07 21:15 . 2013-11-07 21:15 -------- d-----w- c:\programdata\Avira
2013-11-07 21:15 . 2013-11-07 21:15 -------- d-----w- c:\program files\Avira
2013-11-06 15:49 . 2013-11-08 21:08 -------- d-----w- c:\users\Micha\AppData\Roaming\.minecraft
2013-11-06 12:41 . 2013-11-06 12:41 -------- d-----w- c:\users\Micha\Low_00FEC012
2013-11-05 20:29 . 2013-05-23 07:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-11-04 22:49 . 2013-11-07 18:23 -------- d-----w- c:\users\Micha\AppData\Local\Opera Software
2013-11-04 22:49 . 2013-11-07 18:23 -------- d-----w- c:\users\Micha\AppData\Roaming\Opera Software
2013-11-04 21:28 . 2013-11-04 21:28 -------- d-----w- c:\programdata\Oracle
2013-11-04 21:27 . 2013-11-04 21:27 -------- d-----w- c:\program files\Common Files\Java
2013-11-04 21:27 . 2013-11-04 21:27 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-04 21:08 . 2013-11-04 21:08 -------- d-----w- c:\programdata\McAfee
2013-11-04 20:52 . 2013-11-04 20:52 -------- d-----w- c:\users\Micha\AppData\Local\Macromedia
2013-11-04 20:34 . 2013-11-11 20:18 -------- d-sh--w- c:\programdata\treasure0
2013-11-04 16:20 . 2013-11-04 16:20 -------- d-----w- c:\users\Micha\AppData\Local\SWTORPerf
2013-11-04 16:18 . 2013-11-04 21:38 -------- d-----w- c:\program files\Common Files\BioWare
2013-11-04 16:14 . 2013-11-04 16:14 -------- d-----w- c:\users\hedev
2013-11-02 19:00 . 2013-11-02 19:00 -------- d-----w- c:\programdata\APN
2013-10-30 11:34 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-30 11:34 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-30 11:34 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-30 11:34 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-30 11:34 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-30 11:34 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-30 11:34 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-04 21:29 . 2013-09-01 12:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-04 21:29 . 2011-05-30 07:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 23:28 . 2013-10-12 20:14 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 23:27 . 2013-10-12 20:14 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27 . 2013-10-12 20:14 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 23:27 . 2013-10-12 20:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-21 03:30 . 2013-10-12 20:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 02:39 . 2013-10-12 20:14 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48 . 2013-10-11 11:46 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-11 11:46 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-11 11:46 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-08-29 01:51 . 2013-10-11 11:46 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 11:46 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 11:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-11 11:46 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-11 11:46 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-11 11:46 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-11 11:46 434688 ----a-w- c:\windows\system32\scavengeui.dll
2011-11-03 17:07 . 2011-05-03 18:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Micha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Micha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Micha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"treasure"="c:\programdata\treasure0\iflmzccfpch.exe" [2013-11-08 232305]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-10 681032]
.
c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start 3DxWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
backup=c:\windows\pss\Start 3DxWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Persbackup.lnk]
path=c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
backup=c:\windows\pss\Persbackup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Taskplaner Engine.lnk]
path=c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Engine.lnk
backup=c:\windows\pss\SolidWorks Taskplaner Engine.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-04 23:01 4489472 ----a-w- c:\users\Micha\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonMP3DownloaderHelper]
2013-05-22 18:50 400704 ----a-w- c:\users\Micha\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
2008-04-17 17:20 688128 ----a-w- c:\progra~1\WinTV\EPG Services\System\EPGClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 17:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 17:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 17:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-10-06 14976]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-04-17 560640]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2008-04-17 15616]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-05 1343400]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-10-10 1164360]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-30 13560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-10 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-03 218688]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-10-10 440392]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-10-10 67680]
S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2012-12-11 98304]
S2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-04-09 436224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2012-07-16 2416040]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;<local>
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E5CAF161C7ACE139A41A525157317696
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-{3B891BE6-3862-922A-43CE-29918CADFE1B} - c:\users\Micha\AppData\Roaming\Opera\XpersOpera.exe
HKCU-Run-{15987C81-EA79-D9A9-D96F-83B1AA3FA439} - c:\users\Micha\AppData\Roaming\inkscape\inkscapeuse.exe
HKLM-Run-SBRegRebootCleaner - c:\program files\Ad-Aware Antivirus\SBRC.exe
SafeBoot-Lavasoft Ad-Aware Service
MSConfigStartUp-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnTBMon - c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.5\ICQ.exe
MSConfigStartUp-SearchProtection - c:\programdata\Search Protection\_run.bat
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-treasure - c:\programdata\treasure0\bpvttlpxh.exe
AddRemove-Steamless Counter Strike Source Pack - l:\lanspiele\Steamless CSS\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3588)
c:\program files\Dexpot\hooxpot.dll
c:\users\Micha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\FXSRESM.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\brsvc01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\taskhost.exe
c:\program files\Dexpot\dexpot.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-11 22:05:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-11-11 21:05
.
Vor Suchlauf: 3.998.121.984 Bytes frei
Nach Suchlauf: 3.851.481.088 Bytes frei
.
- - End Of File - - E1545C6B16A5356681C979E95E139CF0
A36C5E4F47E84449FF07ED3517B43A31
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Micha (administrator) on NOTEBOOK on 11-11-2013 22:21:14
Running from C:\Users\Micha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AOSA9LE
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
() C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
(Hauppauge Computer Works) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Dexpot GbR) C:\Program Files\Dexpot\dexpot.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
() C:\Program Files\Opera\17.0.1241.53_2\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [treasure] - C:\ProgramData\treasure0\iflmzccfpch.exe [232305 2013-11-08] ()
Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exeSBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFDED1713FFDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKCU - DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=E5CAF161C7ACE139A41A525157317696&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
SearchScopes: HKCU - {BA0411C6-0489-45D6-800D-39E5E8BECD83} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default
FF user.js: detected! => C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\user.js
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E5CAF161C7ACE139A41A525157317696
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Micha\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Lavasoft Search Plugin - C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [98304 2012-12-11] ()
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [815104 2008-03-31] (Hauppauge Computer Works)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [246584 2010-06-21] ()
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-03] (SolidWorks)
S2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [x]
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [x]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [14976 2006-10-06] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [67680 2013-10-10] (Avira Operations GmbH & Co. KG)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-05-03] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-30] (GFI Software)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-04-29] (Lavasoft AB)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [x]
S3 catchme; \??\C:\Users\Micha\AppData\Local\Temp\catchme.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
U3 mbr; \??\C:\Users\Micha\AppData\Local\Temp\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-11 22:19 - 2013-11-11 22:20 - 00702632 _____ C:\Users\Micha\Downloads\ZipOpenerSetup.exe
2013-11-11 22:05 - 2013-11-11 22:05 - 00022442 _____ C:\ComboFix.txt
2013-11-11 22:01 - 2013-11-11 22:01 - 00029881 _____ C:\Windows\WindowsUpdate.log
2013-11-11 21:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-11 21:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-11 21:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-11 21:43 - 2013-11-11 22:05 - 00000000 ____D C:\Qoobox
2013-11-11 21:43 - 2013-11-11 22:03 - 00000000 ____D C:\Windows\erdnt
2013-11-11 21:36 - 2013-11-11 21:38 - 05145576 ____R (Swearware) C:\Users\Micha\Desktop\ComboFix.exe
2013-11-08 23:54 - 2013-11-08 23:54 - 00031418 _____ C:\Users\Micha\Desktop\FRST.txt
2013-11-08 23:54 - 2013-11-08 23:54 - 00018297 _____ C:\Users\Micha\Desktop\Addition.txt
2013-11-08 23:53 - 2013-11-08 23:53 - 00000000 ____D C:\FRST
2013-11-08 20:41 - 2013-11-11 21:43 - 00000555 _____ C:\Users\Micha\Desktop\Neues Textdokument.txt
2013-11-08 16:09 - 2013-11-08 16:09 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-08 13:49 - 2013-11-11 21:57 - 00098298 _____ C:\Windows\PFRO.log
2013-11-08 13:49 - 2013-11-11 21:57 - 00000280 _____ C:\Windows\setupact.log
2013-11-08 13:49 - 2013-11-08 13:49 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 01:09 - 2013-11-08 01:09 - 00675988 _____ C:\Users\Micha\Desktop\Minecraft.exe
2013-11-07 22:18 - 2013-11-07 22:18 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\ProgramData\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\Program Files\Avira
2013-11-07 22:15 - 2013-10-10 19:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-11-06 16:49 - 2013-11-08 22:08 - 00000000 ____D C:\Users\Micha\AppData\Roaming\.minecraft
2013-11-06 13:41 - 2013-11-06 13:41 - 00000000 ____D C:\Users\Micha\Low_00FEC012
2013-11-05 21:29 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2013-11-04 23:49 - 2013-11-07 19:23 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera Software
2013-11-04 23:49 - 2013-11-07 19:23 - 00000000 ____D C:\Users\Micha\AppData\Local\Opera Software
2013-11-04 22:38 - 2013-11-04 22:39 - 00007861 _____ C:\Users\Micha\Documents\Uninstall STAR WARS The Old Republic.log
2013-11-04 22:28 - 2013-11-04 22:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 22:27 - 2013-11-04 22:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-04 22:27 - 2013-11-04 22:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-04 22:08 - 2013-11-11 21:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-04 22:08 - 2013-11-04 22:08 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 21:52 - 2013-11-04 21:52 - 00000000 ____D C:\Users\Micha\AppData\Local\Macromedia
2013-11-04 21:34 - 2013-11-11 21:18 - 00000000 __SHD C:\ProgramData\treasure0
2013-11-04 17:20 - 2013-11-04 17:21 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-11-04 17:20 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Micha\AppData\Local\SWTORPerf
2013-11-04 17:18 - 2013-11-04 22:38 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-11-04 17:14 - 2013-11-04 17:20 - 00002812 _____ C:\Users\Micha\Documents\Install STAR WARS The Old Republic.log
2013-11-04 17:14 - 2013-11-04 17:14 - 00000000 ____D C:\Users\hedev
2013-11-02 20:00 - 2013-11-02 20:00 - 00000000 ____D C:\ProgramData\APN
2013-10-30 12:49 - 2013-11-11 21:26 - 00012129 _____ C:\Users\Micha\Desktop\Anwesenheit Weihnachtsfeier.xlsx
2013-10-30 12:34 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-12 21:14 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 21:14 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 21:14 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 21:14 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 21:14 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-12 21:14 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 21:14 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
==================== One Month Modified Files and Folders =======
2013-11-11 22:20 - 2013-11-11 22:19 - 00702632 _____ C:\Users\Micha\Downloads\ZipOpenerSetup.exe
2013-11-11 22:08 - 2009-07-14 05:34 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 22:08 - 2009-07-14 05:34 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 22:05 - 2013-11-11 22:05 - 00022442 _____ C:\ComboFix.txt
2013-11-11 22:05 - 2013-11-11 21:43 - 00000000 ____D C:\Qoobox
2013-11-11 22:05 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2013-11-11 22:05 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-11 22:04 - 2013-11-11 22:01 - 00029881 _____ C:\Windows\WindowsUpdate.log
2013-11-11 22:04 - 2011-05-03 19:19 - 01613048 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 22:03 - 2013-11-11 21:43 - 00000000 ____D C:\Windows\erdnt
2013-11-11 21:59 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-11-11 21:58 - 2012-08-27 16:48 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-11 21:58 - 2011-10-03 11:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-11 21:58 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2013-11-11 21:57 - 2013-11-08 13:49 - 00098298 _____ C:\Windows\PFRO.log
2013-11-11 21:57 - 2013-11-08 13:49 - 00000280 _____ C:\Windows\setupact.log
2013-11-11 21:57 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 21:56 - 2012-11-08 13:03 - 00000000 ____D C:\Users\Micha\AppData\Roaming\inkscape
2013-11-11 21:43 - 2013-11-08 20:41 - 00000555 _____ C:\Users\Micha\Desktop\Neues Textdokument.txt
2013-11-11 21:43 - 2009-07-14 05:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-11 21:42 - 2011-05-03 19:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Winamp
2013-11-11 21:38 - 2013-11-11 21:36 - 05145576 ____R (Swearware) C:\Users\Micha\Desktop\ComboFix.exe
2013-11-11 21:29 - 2013-11-04 22:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-11 21:26 - 2013-10-30 12:49 - 00012129 _____ C:\Users\Micha\Desktop\Anwesenheit Weihnachtsfeier.xlsx
2013-11-11 21:18 - 2013-11-04 21:34 - 00000000 __SHD C:\ProgramData\treasure0
2013-11-11 21:13 - 2011-11-22 10:00 - 00000000 ___RD C:\Users\Micha\Dropbox
2013-11-11 21:13 - 2011-11-22 09:56 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Dropbox
2013-11-08 23:54 - 2013-11-08 23:54 - 00031418 _____ C:\Users\Micha\Desktop\FRST.txt
2013-11-08 23:54 - 2013-11-08 23:54 - 00018297 _____ C:\Users\Micha\Desktop\Addition.txt
2013-11-08 23:53 - 2013-11-08 23:53 - 00000000 ____D C:\FRST
2013-11-08 23:51 - 2011-05-03 19:42 - 00000000 ____D C:\Users\Micha\Desktop\Programme
2013-11-08 22:08 - 2013-11-06 16:49 - 00000000 ____D C:\Users\Micha\AppData\Roaming\.minecraft
2013-11-08 21:12 - 2012-11-11 16:42 - 00000000 ____D C:\Users\Micha\AppData\Roaming\PersBackup5
2013-11-08 16:09 - 2013-11-08 16:09 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-08 13:49 - 2013-11-08 13:49 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 01:09 - 2013-11-08 01:09 - 00675988 _____ C:\Users\Micha\Desktop\Minecraft.exe
2013-11-07 22:18 - 2013-11-07 22:18 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\ProgramData\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\Program Files\Avira
2013-11-07 22:03 - 2013-03-30 19:41 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-11-07 19:23 - 2013-11-04 23:49 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera Software
2013-11-07 19:23 - 2013-11-04 23:49 - 00000000 ____D C:\Users\Micha\AppData\Local\Opera Software
2013-11-07 19:23 - 2011-11-10 20:15 - 00000000 ____D C:\Program Files\Opera
2013-11-07 17:26 - 2013-01-28 12:38 - 00007645 _____ C:\Users\Micha\AppData\Local\Resmon.ResmonCfg
2013-11-07 16:26 - 2012-01-03 11:07 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-07 16:26 - 2011-05-03 19:25 - 00000000 ____D C:\ProgramData\Adobe
2013-11-07 13:33 - 2012-03-01 22:13 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Samsung
2013-11-07 13:33 - 2012-03-01 22:12 - 00000000 ____D C:\Program Files\Samsung
2013-11-07 13:33 - 2012-03-01 22:12 - 00000000 ____D C:\Program Files\PC Connectivity Solution
2013-11-07 13:33 - 2011-05-03 19:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-07 13:26 - 2012-01-09 19:19 - 00000000 ____D C:\Program Files\Google
2013-11-07 13:25 - 2012-01-09 19:19 - 00000000 ____D C:\Users\Micha\AppData\Local\Google
2013-11-06 16:28 - 2011-11-10 20:15 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera
2013-11-06 13:52 - 2011-05-03 20:17 - 00000000 ____D C:\Users\Micha\AppData\Roaming\SolidWorks
2013-11-06 13:51 - 2011-05-03 21:06 - 00000000 ____D C:\Users\Micha\Desktop\Zukünftige zweite Festplatte
2013-11-06 13:41 - 2013-11-06 13:41 - 00000000 ____D C:\Users\Micha\Low_00FEC012
2013-11-06 13:41 - 2011-05-03 19:20 - 00000000 ____D C:\Users\Micha
2013-11-05 17:22 - 2013-03-30 19:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Ad-Aware Antivirus
2013-11-04 22:39 - 2013-11-04 22:38 - 00007861 _____ C:\Users\Micha\Documents\Uninstall STAR WARS The Old Republic.log
2013-11-04 22:38 - 2013-11-04 17:18 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-11-04 22:29 - 2013-09-01 13:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-04 22:29 - 2011-05-30 08:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-04 22:28 - 2013-11-04 22:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 22:27 - 2013-11-04 22:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-04 22:27 - 2013-11-04 22:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-04 22:27 - 2013-01-14 12:06 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-04 22:27 - 2013-01-14 12:06 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-04 22:27 - 2013-01-14 12:05 - 00000000 ____D C:\Program Files\Java
2013-11-04 22:08 - 2013-11-04 22:08 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 22:08 - 2011-05-03 19:45 - 00000000 ____D C:\Users\Micha\AppData\Local\Adobe
2013-11-04 21:55 - 2011-05-05 19:39 - 00000000 ____D C:\Windows\pss
2013-11-04 21:52 - 2013-11-04 21:52 - 00000000 ____D C:\Users\Micha\AppData\Local\Macromedia
2013-11-04 17:21 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-11-04 17:20 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Micha\AppData\Local\SWTORPerf
2013-11-04 17:20 - 2013-11-04 17:14 - 00002812 _____ C:\Users\Micha\Documents\Install STAR WARS The Old Republic.log
2013-11-04 17:14 - 2013-11-04 17:14 - 00000000 ____D C:\Users\hedev
2013-11-04 17:03 - 2011-05-03 20:08 - 00000000 ____D C:\Windows\Panther
2013-11-03 16:11 - 2011-05-04 08:57 - 00000000 ____D C:\Users\Micha\AppData\Local\TempSWSicherungsverzeichnis
2013-11-03 00:47 - 2011-05-04 06:30 - 00000000 _____ C:\Users\Micha\AppData\Local\Temptable.xml
2013-11-02 20:15 - 2012-10-01 14:15 - 00000000 ____D C:\Users\Micha\AppData\Roaming\CADClick
2013-11-02 20:00 - 2013-11-02 20:00 - 00000000 ____D C:\ProgramData\APN
2013-11-02 20:00 - 2013-06-26 19:39 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-11-01 16:27 - 2011-07-06 10:22 - 00037457 _____ C:\Users\Micha\AppData\Local\Temp_table.xml
2013-10-20 17:54 - 2011-05-03 19:43 - 00000000 ____D C:\Users\Micha\AppData\Roaming\TrueCrypt
2013-10-15 11:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-15 10:53 - 2009-07-14 05:33 - 00473976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 10:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-14 18:41 - 2012-11-11 16:42 - 00000000 ____D C:\Users\Micha\Documents\PersBackup
2013-10-12 21:18 - 2013-08-19 13:02 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 21:15 - 2011-05-05 21:08 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
Some content of TEMP:
====================
C:\Users\Micha\AppData\Local\temp\ICReinstall_ZipOpenerSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-31 12:28
==================== End Of Log ============================
--- --- --- Ich habe noch eine Frage, wie verfährt man mit Externen Festplatten, USB Sticks...ich habe diese längere Zeit nicht angeschlossen gehabt, aber wer weiß wie lange ich den Virus schon habe. Güße Micha |
|
12.11.2013, 11:12
| #6 |
| Ruhe in Frieden † 2019 | Avira findet TR/ATRAPS.Gen2 Hallo Micha, vielen Dank. Du kannst die externen Festplatten und USB-Sticks nachher anstecken, wenn wir die Kontrollscans machen und diese dann einmal mitscannen lassen. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [treasure] - C:\ProgramData\treasure0\iflmzccfpch.exe [232305 2013-11-08] ()
C:\ProgramData\treasure0\iflmzccfpch.exe
C:\Windows\assembly\GAC\Desktop.ini
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Bitte lade Dir von hier die RemoteAccess.reg Datei herunter und führe sie aus. Schritt 3 Starte noch einmal FRST.
__________________ --> Avira findet TR/ATRAPS.Gen2 |
|
12.11.2013, 18:11
| #7 |
| | Avira findet TR/ATRAPS.Gen2 Hallo, hier der Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013 01
Ran by Micha at 2013-11-12 17:50:57 Run:1
Running from C:\Users\Micha\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Run: [treasure] - C:\ProgramData\treasure0\iflmzccfpch.exe [232305 2013-11-08] ()
C:\ProgramData\treasure0\iflmzccfpch.exe
C:\Windows\assembly\GAC\Desktop.ini
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\treasure => Value not found.
"C:\ProgramData\treasure0\iflmzccfpch.exe" => File/Directory not found.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Micha (administrator) on NOTEBOOK on 12-11-2013 18:09:16
Running from C:\Users\Micha\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Dexpot GbR) C:\Program Files\Dexpot\dexpot.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
(Hauppauge Computer Works) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
() C:\Program Files\Opera\17.0.1241.53_2\opera_crashreporter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exeSBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFDED1713FFDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKCU - DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=E5CAF161C7ACE139A41A525157317696&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
SearchScopes: HKCU - {BA0411C6-0489-45D6-800D-39E5E8BECD83} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Winsock: Catalog9 36 mswsock.dll File Not found ()
Winsock: Catalog9 37 mswsock.dll File Not found ()
Winsock: Catalog9 38 mswsock.dll File Not found ()
Winsock: Catalog9 39 mswsock.dll File Not found ()
Winsock: Catalog9 40 mswsock.dll File Not found ()
Winsock: Catalog9 41 mswsock.dll File Not found ()
Winsock: Catalog9 42 mswsock.dll File Not found ()
Winsock: Catalog9 43 mswsock.dll File Not found ()
Winsock: Catalog9 44 mswsock.dll File Not found ()
Winsock: Catalog9 45 mswsock.dll File Not found ()
Winsock: Catalog9 46 mswsock.dll File Not found ()
Winsock: Catalog9 47 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default
FF user.js: detected! => C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\user.js
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E5CAF161C7ACE139A41A525157317696
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Micha\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Lavasoft Search Plugin - C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [98304 2012-12-11] ()
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [815104 2008-03-31] (Hauppauge Computer Works)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [246584 2010-06-21] ()
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-03] (SolidWorks)
S2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [x]
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [x]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\ \...\???\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [14976 2006-10-06] (AVM GmbH)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [67680 2013-10-10] (Avira Operations GmbH & Co. KG)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-05-03] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-30] (GFI Software)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-04-29] (Lavasoft AB)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [x]
S3 catchme; \??\C:\Users\Micha\AppData\Local\Temp\catchme.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-12 17:50 - 2013-11-12 17:48 - 01090275 _____ (Farbar) C:\Users\Micha\Desktop\FRST.exe
2013-11-11 22:19 - 2013-11-11 22:20 - 00702632 _____ C:\Users\Micha\Downloads\ZipOpenerSetup.exe
2013-11-11 22:05 - 2013-11-11 22:05 - 00022442 _____ C:\ComboFix.txt
2013-11-11 22:01 - 2013-11-12 17:37 - 00048529 _____ C:\Windows\WindowsUpdate.log
2013-11-11 21:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-11 21:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-11 21:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-11 21:43 - 2013-11-11 22:05 - 00000000 ____D C:\Qoobox
2013-11-11 21:43 - 2013-11-11 22:03 - 00000000 ____D C:\Windows\erdnt
2013-11-11 21:36 - 2013-11-11 21:38 - 05145576 ____R (Swearware) C:\Users\Micha\Desktop\ComboFix.exe
2013-11-08 23:54 - 2013-11-08 23:54 - 00018297 _____ C:\Users\Micha\Desktop\Addition.txt
2013-11-08 23:53 - 2013-11-08 23:53 - 00000000 ____D C:\FRST
2013-11-08 20:41 - 2013-11-12 17:37 - 00000614 _____ C:\Users\Micha\Desktop\Neues Textdokument.txt
2013-11-08 16:09 - 2013-11-08 16:09 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-08 13:49 - 2013-11-12 17:38 - 00000448 _____ C:\Windows\setupact.log
2013-11-08 13:49 - 2013-11-11 21:57 - 00098298 _____ C:\Windows\PFRO.log
2013-11-08 13:49 - 2013-11-08 13:49 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 01:09 - 2013-11-08 01:09 - 00675988 _____ C:\Users\Micha\Desktop\Minecraft.exe
2013-11-07 22:18 - 2013-11-07 22:18 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\ProgramData\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\Program Files\Avira
2013-11-07 22:15 - 2013-10-10 19:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-07 22:15 - 2013-10-10 19:14 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-11-06 16:49 - 2013-11-12 17:14 - 00000000 ____D C:\Users\Micha\AppData\Roaming\.minecraft
2013-11-06 13:41 - 2013-11-06 13:41 - 00000000 ____D C:\Users\Micha\Low_00FEC012
2013-11-05 21:29 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2013-11-04 23:49 - 2013-11-07 19:23 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera Software
2013-11-04 23:49 - 2013-11-07 19:23 - 00000000 ____D C:\Users\Micha\AppData\Local\Opera Software
2013-11-04 22:38 - 2013-11-04 22:39 - 00007861 _____ C:\Users\Micha\Documents\Uninstall STAR WARS The Old Republic.log
2013-11-04 22:28 - 2013-11-04 22:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 22:27 - 2013-11-04 22:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-04 22:27 - 2013-11-04 22:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-04 22:08 - 2013-11-12 17:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-04 22:08 - 2013-11-04 22:08 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 21:52 - 2013-11-04 21:52 - 00000000 ____D C:\Users\Micha\AppData\Local\Macromedia
2013-11-04 21:34 - 2013-11-12 17:14 - 00000000 __SHD C:\ProgramData\treasure0
2013-11-04 17:20 - 2013-11-04 17:21 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-11-04 17:20 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Micha\AppData\Local\SWTORPerf
2013-11-04 17:18 - 2013-11-04 22:38 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-11-04 17:14 - 2013-11-04 17:20 - 00002812 _____ C:\Users\Micha\Documents\Install STAR WARS The Old Republic.log
2013-11-04 17:14 - 2013-11-04 17:14 - 00000000 ____D C:\Users\hedev
2013-11-02 20:00 - 2013-11-02 20:00 - 00000000 ____D C:\ProgramData\APN
2013-10-30 12:49 - 2013-11-11 21:26 - 00012129 _____ C:\Users\Micha\Desktop\Anwesenheit Weihnachtsfeier.xlsx
2013-10-30 12:34 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
==================== One Month Modified Files and Folders =======
2013-11-12 17:51 - 2011-05-03 19:19 - 01613048 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 17:48 - 2013-11-12 17:50 - 01090275 _____ (Farbar) C:\Users\Micha\Desktop\FRST.exe
2013-11-12 17:46 - 2009-07-14 05:34 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 17:46 - 2009-07-14 05:34 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 17:38 - 2013-11-08 13:49 - 00000448 _____ C:\Windows\setupact.log
2013-11-12 17:38 - 2012-08-27 16:48 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-12 17:38 - 2011-11-22 10:00 - 00000000 ___RD C:\Users\Micha\Dropbox
2013-11-12 17:38 - 2011-11-22 09:56 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Dropbox
2013-11-12 17:38 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 17:37 - 2013-11-11 22:01 - 00048529 _____ C:\Windows\WindowsUpdate.log
2013-11-12 17:37 - 2013-11-08 20:41 - 00000614 _____ C:\Users\Micha\Desktop\Neues Textdokument.txt
2013-11-12 17:37 - 2011-10-03 11:45 - 00196608 _____ C:\Windows\system32\Ikeext.etl
2013-11-12 17:29 - 2013-11-04 22:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 17:14 - 2013-11-06 16:49 - 00000000 ____D C:\Users\Micha\AppData\Roaming\.minecraft
2013-11-12 17:14 - 2013-11-04 21:34 - 00000000 __SHD C:\ProgramData\treasure0
2013-11-12 17:02 - 2012-03-11 23:05 - 00000000 ____D C:\Users\Micha\AppData\Roaming\IMSIDesign
2013-11-12 16:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2013-11-11 22:20 - 2013-11-11 22:19 - 00702632 _____ C:\Users\Micha\Downloads\ZipOpenerSetup.exe
2013-11-11 22:05 - 2013-11-11 22:05 - 00022442 _____ C:\ComboFix.txt
2013-11-11 22:05 - 2013-11-11 21:43 - 00000000 ____D C:\Qoobox
2013-11-11 22:05 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2013-11-11 22:05 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-11 22:03 - 2013-11-11 21:43 - 00000000 ____D C:\Windows\erdnt
2013-11-11 21:59 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-11-11 21:57 - 2013-11-08 13:49 - 00098298 _____ C:\Windows\PFRO.log
2013-11-11 21:56 - 2012-11-08 13:03 - 00000000 ____D C:\Users\Micha\AppData\Roaming\inkscape
2013-11-11 21:43 - 2009-07-14 05:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-11 21:42 - 2011-05-03 19:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Winamp
2013-11-11 21:38 - 2013-11-11 21:36 - 05145576 ____R (Swearware) C:\Users\Micha\Desktop\ComboFix.exe
2013-11-11 21:26 - 2013-10-30 12:49 - 00012129 _____ C:\Users\Micha\Desktop\Anwesenheit Weihnachtsfeier.xlsx
2013-11-08 23:54 - 2013-11-08 23:54 - 00018297 _____ C:\Users\Micha\Desktop\Addition.txt
2013-11-08 23:53 - 2013-11-08 23:53 - 00000000 ____D C:\FRST
2013-11-08 23:51 - 2011-05-03 19:42 - 00000000 ____D C:\Users\Micha\Desktop\Programme
2013-11-08 21:12 - 2012-11-11 16:42 - 00000000 ____D C:\Users\Micha\AppData\Roaming\PersBackup5
2013-11-08 16:09 - 2013-11-08 16:09 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-08 13:49 - 2013-11-08 13:49 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 01:09 - 2013-11-08 01:09 - 00675988 _____ C:\Users\Micha\Desktop\Minecraft.exe
2013-11-07 22:18 - 2013-11-07 22:18 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\ProgramData\Avira
2013-11-07 22:15 - 2013-11-07 22:15 - 00000000 ____D C:\Program Files\Avira
2013-11-07 22:03 - 2013-03-30 19:41 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-11-07 19:23 - 2013-11-04 23:49 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera Software
2013-11-07 19:23 - 2013-11-04 23:49 - 00000000 ____D C:\Users\Micha\AppData\Local\Opera Software
2013-11-07 19:23 - 2011-11-10 20:15 - 00000000 ____D C:\Program Files\Opera
2013-11-07 17:26 - 2013-01-28 12:38 - 00007645 _____ C:\Users\Micha\AppData\Local\Resmon.ResmonCfg
2013-11-07 16:26 - 2012-01-03 11:07 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-07 16:26 - 2011-05-03 19:25 - 00000000 ____D C:\ProgramData\Adobe
2013-11-07 13:33 - 2012-03-01 22:13 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Samsung
2013-11-07 13:33 - 2012-03-01 22:12 - 00000000 ____D C:\Program Files\Samsung
2013-11-07 13:33 - 2012-03-01 22:12 - 00000000 ____D C:\Program Files\PC Connectivity Solution
2013-11-07 13:33 - 2011-05-03 19:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-07 13:26 - 2012-01-09 19:19 - 00000000 ____D C:\Program Files\Google
2013-11-07 13:25 - 2012-01-09 19:19 - 00000000 ____D C:\Users\Micha\AppData\Local\Google
2013-11-06 16:28 - 2011-11-10 20:15 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera
2013-11-06 13:52 - 2011-05-03 20:17 - 00000000 ____D C:\Users\Micha\AppData\Roaming\SolidWorks
2013-11-06 13:51 - 2011-05-03 21:06 - 00000000 ____D C:\Users\Micha\Desktop\Zukünftige zweite Festplatte
2013-11-06 13:41 - 2013-11-06 13:41 - 00000000 ____D C:\Users\Micha\Low_00FEC012
2013-11-06 13:41 - 2011-05-03 19:20 - 00000000 ____D C:\Users\Micha
2013-11-05 17:22 - 2013-03-30 19:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Ad-Aware Antivirus
2013-11-04 22:39 - 2013-11-04 22:38 - 00007861 _____ C:\Users\Micha\Documents\Uninstall STAR WARS The Old Republic.log
2013-11-04 22:38 - 2013-11-04 17:18 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-11-04 22:29 - 2013-09-01 13:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-04 22:29 - 2011-05-30 08:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-04 22:28 - 2013-11-04 22:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 22:27 - 2013-11-04 22:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-04 22:27 - 2013-11-04 22:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-04 22:27 - 2013-01-14 12:06 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-04 22:27 - 2013-01-14 12:06 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-04 22:27 - 2013-01-14 12:05 - 00000000 ____D C:\Program Files\Java
2013-11-04 22:08 - 2013-11-04 22:08 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 22:08 - 2011-05-03 19:45 - 00000000 ____D C:\Users\Micha\AppData\Local\Adobe
2013-11-04 21:55 - 2011-05-05 19:39 - 00000000 ____D C:\Windows\pss
2013-11-04 21:52 - 2013-11-04 21:52 - 00000000 ____D C:\Users\Micha\AppData\Local\Macromedia
2013-11-04 17:21 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-11-04 17:20 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Micha\AppData\Local\SWTORPerf
2013-11-04 17:20 - 2013-11-04 17:14 - 00002812 _____ C:\Users\Micha\Documents\Install STAR WARS The Old Republic.log
2013-11-04 17:14 - 2013-11-04 17:14 - 00000000 ____D C:\Users\hedev
2013-11-04 17:03 - 2011-05-03 20:08 - 00000000 ____D C:\Windows\Panther
2013-11-03 16:11 - 2011-05-04 08:57 - 00000000 ____D C:\Users\Micha\AppData\Local\TempSWSicherungsverzeichnis
2013-11-03 00:47 - 2011-05-04 06:30 - 00000000 _____ C:\Users\Micha\AppData\Local\Temptable.xml
2013-11-02 20:15 - 2012-10-01 14:15 - 00000000 ____D C:\Users\Micha\AppData\Roaming\CADClick
2013-11-02 20:00 - 2013-11-02 20:00 - 00000000 ____D C:\ProgramData\APN
2013-11-02 20:00 - 2013-06-26 19:39 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-11-01 16:27 - 2011-07-06 10:22 - 00037457 _____ C:\Users\Micha\AppData\Local\Temp_table.xml
2013-10-20 17:54 - 2011-05-03 19:43 - 00000000 ____D C:\Users\Micha\AppData\Roaming\TrueCrypt
2013-10-15 11:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-15 10:53 - 2009-07-14 05:33 - 00473976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 10:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-14 18:41 - 2012-11-11 16:42 - 00000000 ____D C:\Users\Micha\Documents\PersBackup
Files to move or delete:
====================
ZeroAccess:
C:\Users\Micha\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Micha\AppData\Local\temp\avgnt.exe
C:\Users\Micha\AppData\Local\temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Micha\AppData\Local\temp\InstallFlashPlayer.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-11-11 23:18
==================== End Of Log ============================
--- --- --- Grüße Micha |
|
13.11.2013, 10:11
| #8 |
| Ruhe in Frieden † 2019 | Avira findet TR/ATRAPS.Gen2 Hallo Micha, du bist leider erneut infiziert. Dann habe ich noch eine Frage, hast du diese Datei gelöscht? Code:
ATTFilter C:\ProgramData\treasure0\iflmzccfpch.exe
Starte nochmal Combofix:
|
|
14.11.2013, 18:18
| #9 |
| | Avira findet TR/ATRAPS.Gen2 Hallo, ich habe keine Dateien gelöscht. Ich musste eben Avira deinstallieren, weil er sich immer selbst wieder aktiviert hat. Auch nach der Deinstallation hat zwar ComboFix noch gesagt, das Avira aktiv ist, es ist beim scannen aber kein Fehler aufgetreten. Hier ist die log.txt von ComboFix Code:
ATTFilter ComboFix 13-11-12.01 - Micha 14.11.2013 17:51:23.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2038.1127 [GMT 1:00]
ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\GoogleUpdate.exe
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\L\00000004.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\L\76603ac3
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\00000004.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\00000008.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\000000cb.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\80000000.@
c:\program files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\80000032.@
c:\users\Micha\AppData\Local\Google\Desktop\Install
c:\users\Micha\AppData\Local\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\2E2F~1\28F0~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\@
c:\users\Micha\AppData\Local\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\2E2F~1\28F0~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\GoogleUpdate.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-14 bis 2013-11-14 ))))))))))))))))))))))))))))))
.
.
2013-11-14 16:59 . 2013-11-14 17:01 -------- d-----w- c:\users\Micha\AppData\Local\temp
2013-11-14 16:59 . 2013-11-14 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-13 19:21 . 2013-11-13 19:25 -------- d-----w- c:\users\Micha\AppData\Roaming\Configuration
2013-11-13 19:21 . 2013-11-13 19:33 -------- d-----w- c:\users\Public\Ticket
2013-11-13 19:21 . 2013-11-13 19:21 -------- d-----w- c:\users\Micha\AppData\Roaming\Backup Tickets
2013-11-13 19:20 . 2013-11-13 19:21 -------- d-----w- c:\program files\Luidia
2013-11-08 22:53 . 2013-11-08 22:53 -------- d-----w- C:\FRST
2013-11-08 15:09 . 2013-11-08 15:09 -------- d-----w- c:\programdata\Simply Super Software
2013-11-06 15:49 . 2013-11-12 16:14 -------- d-----w- c:\users\Micha\AppData\Roaming\.minecraft
2013-11-06 12:41 . 2013-11-06 12:41 -------- d-----w- c:\users\Micha\Low_00FEC012
2013-11-05 20:29 . 2013-05-23 07:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-11-04 22:49 . 2013-11-07 18:23 -------- d-----w- c:\users\Micha\AppData\Local\Opera Software
2013-11-04 22:49 . 2013-11-07 18:23 -------- d-----w- c:\users\Micha\AppData\Roaming\Opera Software
2013-11-04 21:28 . 2013-11-04 21:28 -------- d-----w- c:\programdata\Oracle
2013-11-04 21:27 . 2013-11-04 21:27 -------- d-----w- c:\program files\Common Files\Java
2013-11-04 21:27 . 2013-11-04 21:27 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-04 21:08 . 2013-11-04 21:08 -------- d-----w- c:\programdata\McAfee
2013-11-04 20:52 . 2013-11-04 20:52 -------- d-----w- c:\users\Micha\AppData\Local\Macromedia
2013-11-04 20:34 . 2013-11-12 16:14 -------- d-sh--w- c:\programdata\treasure0
2013-11-04 16:20 . 2013-11-04 16:20 -------- d-----w- c:\users\Micha\AppData\Local\SWTORPerf
2013-11-04 16:18 . 2013-11-04 21:38 -------- d-----w- c:\program files\Common Files\BioWare
2013-11-04 16:14 . 2013-11-04 16:14 -------- d-----w- c:\users\hedev
2013-11-02 19:00 . 2013-11-02 19:00 -------- d-----w- c:\programdata\APN
2013-10-30 11:34 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-30 11:34 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-30 11:34 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-30 11:34 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-30 11:34 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-30 11:34 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-30 11:34 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-04 21:29 . 2013-09-01 12:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-04 21:29 . 2011-05-30 07:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 23:28 . 2013-10-12 20:14 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 23:27 . 2013-10-12 20:14 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27 . 2013-10-12 20:14 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 23:27 . 2013-10-12 20:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-21 03:30 . 2013-10-12 20:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 02:39 . 2013-10-12 20:14 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48 . 2013-10-11 11:46 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-11 11:46 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-11 11:46 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-08-29 01:51 . 2013-10-11 11:46 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 11:46 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 11:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-11 11:46 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-11 11:46 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-11 11:46 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-11 11:46 434688 ----a-w- c:\windows\system32\scavengeui.dll
2011-11-03 17:07 . 2011-05-03 18:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Micha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Micha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Micha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start 3DxWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
backup=c:\windows\pss\Start 3DxWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Persbackup.lnk]
path=c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
backup=c:\windows\pss\Persbackup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Taskplaner Engine.lnk]
path=c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Engine.lnk
backup=c:\windows\pss\SolidWorks Taskplaner Engine.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-04 23:01 4489472 ----a-w- c:\users\Micha\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonMP3DownloaderHelper]
2013-05-22 18:50 400704 ----a-w- c:\users\Micha\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
2008-04-17 17:20 688128 ----a-w- c:\progra~1\WinTV\EPG Services\System\EPGClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 17:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 17:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 17:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-10-06 14976]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-04-17 560640]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2008-04-17 15616]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-05 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-30 13560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-03 218688]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2012-12-11 98304]
S2 eBeam Device Service;eBeam Device Service;c:\program files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe [2012-10-05 180224]
S2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-04-09 436224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2012-07-16 2416040]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;<local>
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E5CAF161C7ACE139A41A525157317696
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2148)
c:\program files\Dexpot\hooxpot.dll
c:\users\Micha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\brsvc01a.exe
c:\windows\system32\taskhost.exe
c:\program files\Dexpot\dexpot.exe
c:\windows\system32\brss01a.exe
c:\program files\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-14 18:05:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-11-14 17:05
ComboFix2.txt 2013-11-11 21:05
.
Vor Suchlauf: 4.306.739.200 Bytes frei
Nach Suchlauf: 4.268.511.232 Bytes frei
.
- - End Of File - - CD8564970AC3BA677F2664547ED1FB4E
A36C5E4F47E84449FF07ED3517B43A31
Gruß Micha |
|
15.11.2013, 09:32
| #10 | |
| Ruhe in Frieden † 2019 | Avira findet TR/ATRAPS.Gen2 Hallo Micha, Zitat:
Macht dein Rechner denn noch Probleme? Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
|
19.11.2013, 01:01
| #11 |
| Ruhe in Frieden † 2019 | Avira findet TR/ATRAPS.Gen2 Hallo Micha, ich habe schon länger keine Antwort mehr von Dir erhalten. Benötigst Du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von Dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. |
|
19.11.2013, 20:20
| #12 |
| | Avira findet TR/ATRAPS.Gen2 Hallo, Entschuldigung das es so lange gedauert hat. Hier ist der log von Malwarebytes Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.19.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16721 Micha :: NOTEBOOK [Administrator] Schutz: Aktiviert 19.11.2013 14:36:33 mbam-log-2013-11-19 (14-36-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217158 Laufzeit: 7 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 C:\ProgramData\treasure0\juqsvyqvnfk.exe (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\treasure0\xsytzecrn.exe (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Micha\AppData\Roaming\IMSIDesign\TrayIMSIDesign.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Micha\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a6c8a64a883f75498edd72f4fa087175
# engine=15943
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-19 07:04:06
# local_time=2013-11-19 08:04:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 10819250 136519037 0 0
# scanned=405597
# found=10
# cleaned=0
# scan_time=13028
sh=90F3D6FF1C80B66B4722EFC332CD70342DFE5C80 ft=1 fh=64df79db96d02fef vn="Win32/Sirefef.EZ trojan" ac=I fn="C:\FRST\Quarantine\Desktop.ini"
sh=F82D11E59042D4F6685478C73E9CD76ABE91B88E ft=1 fh=1f694d36cb0bfd19 vn="a variant of Win32/Kryptik.BOPT trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\GoogleUpdate.exe.vir"
sh=A3AA67884223F3E8F8C52AFDBC779DCB19FF00E6 ft=1 fh=046b86e38f417135 vn="Win32/Conedex.D trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\00000004.@.vir"
sh=2587B2A16644839CBF08F2943FA21CC0C8DD6E5D ft=1 fh=1aeb32f3d5992c2a vn="Win32/Conedex.T trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\00000008.@.vir"
sh=97D178F9F9541E90C2A527C3FF97A43A1B69CB25 ft=1 fh=658c8a56b6c5d815 vn="Win32/Conedex.E trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\000000cb.@.vir"
sh=D441DCB603F6F47250A711A9B25A3B6384FE72A1 ft=1 fh=52597494e97da6b7 vn="probably a variant of Win32/Sirefef.FA trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\80000000.@.vir"
sh=AD6A7C5F0C9E80E4C4A0CD54925FF5D75987F4D3 ft=1 fh=cb86aa94e6e0fd3f vn="probably a variant of Win32/Sirefef.FV trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\9519~1\A535~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\U\80000032.@.vir"
sh=F82D11E59042D4F6685478C73E9CD76ABE91B88E ft=1 fh=1f694d36cb0bfd19 vn="a variant of Win32/Kryptik.BOPT trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Micha\AppData\Local\Google\Desktop\Install\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\2E2F~1\28F0~1\E628~1\{286910d0-6ae3-bfc3-f47a-b15052e0f881}\GoogleUpdate.exe.vir"
sh=AD13393DA8DDC8C960BAA7E75B3E452D5CFB419C ft=1 fh=1a57c9f0a5b61e9a vn="Win32/Spy.Zbot.YW trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Micha\AppData\Roaming\inkscape\inkscapeuse.exe.vir"
sh=64A8386AF4748DCD6185C8469A60D57C0CCDEB8A ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.BOI trojan" ac=I fn="D:\Programme\Acronis.True.Image.Home.2011.v14.0.0.6696.German.AIO\Acronis.True.Image.Home.2011.v14.0.0.6696.GERMAN.AIO.iso"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Micha (administrator) on NOTEBOOK on 19-11-2013 20:15:24
Running from C:\Users\Micha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AOSA9LE
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Dexpot GbR) C:\Program Files\Dexpot\dexpot.exe
() C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
(Luidia, Inc.) C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
(Hauppauge Computer Works) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
(Luidia, Inc.) C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Dropbox, Inc.) C:\Users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
() C:\Program Files\Opera\17.0.1241.53_2\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Opera Software) C:\Program Files\Opera\17.0.1241.53_2\opera.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Farbar) C:\Users\Micha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AOSA9LE\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-04] (Adobe Systems Incorporated)
Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Micha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exeSBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFDED1713FFDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKCU - DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=E5CAF161C7ACE139A41A525157317696&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
SearchScopes: HKCU - {BA0411C6-0489-45D6-800D-39E5E8BECD83} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default
FF user.js: detected! => C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\user.js
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E5CAF161C7ACE139A41A525157317696
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Micha\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Lavasoft Search Plugin - C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\wc6033d7.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [98304 2012-12-11] ()
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 eBeam Device Service; C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe [180224 2012-10-05] (Luidia, Inc.)
R2 EPGService; C:\Program Files\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 HauppaugeTVServer; C:\Program Files\WinTV\HCWTVServer.exe [815104 2008-03-31] (Hauppauge Computer Works)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [246584 2010-06-21] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-03] (SolidWorks)
S2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [x]
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [x]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
==================== Drivers (Whitelisted) ====================
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [14976 2006-10-06] (AVM GmbH)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-30] (GFI Software)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-04-29] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [x]
S3 catchme; \??\C:\Users\Micha\AppData\Local\Temp\catchme.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-19 16:24 - 2013-11-19 16:24 - 00000000 ____D C:\Program Files\ESET
2013-11-19 16:22 - 2013-11-19 16:22 - 02347384 _____ (ESET) C:\Users\Micha\Desktop\esetsmartinstaller_enu.exe
2013-11-19 14:28 - 2013-11-19 14:28 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Malwarebytes
2013-11-19 14:27 - 2013-11-19 14:27 - 00001063 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-19 14:27 - 2013-11-19 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-19 14:27 - 2013-11-19 14:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-19 14:27 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-19 14:25 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-19 14:25 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-19 14:25 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-19 14:25 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-19 14:25 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-19 14:25 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 18:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:10 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:10 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:10 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:10 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:10 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:10 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:10 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:10 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:10 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:10 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 18:09 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:09 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:09 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:09 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:09 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:05 - 2013-11-14 18:05 - 00020339 _____ C:\ComboFix.txt
2013-11-13 20:23 - 2013-11-13 20:23 - 00000000 ____D C:\Users\Micha\Documents\Eigenes Workspace
2013-11-13 20:21 - 2013-11-13 20:33 - 00000000 ____D C:\Users\Public\Ticket
2013-11-13 20:21 - 2013-11-13 20:25 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Configuration
2013-11-13 20:21 - 2013-11-13 20:21 - 00003831 ____H C:\Users\Public\Downloads\127605804049365309024177155.dat
2013-11-13 20:21 - 2013-11-13 20:21 - 00000003 ___SH C:\Users\Public\Documents\rrn.dat
2013-11-13 20:21 - 2013-11-13 20:21 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Backup Tickets
2013-11-13 20:20 - 2013-11-13 20:21 - 00000000 ____D C:\Program Files\Luidia
2013-11-12 18:09 - 2013-11-12 18:09 - 00030020 _____ C:\Users\Micha\Desktop\FRST.txt
2013-11-11 22:01 - 2013-11-19 16:29 - 00507257 _____ C:\Windows\WindowsUpdate.log
2013-11-11 21:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-11 21:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-11 21:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-11 21:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-11 21:43 - 2013-11-14 18:05 - 00000000 ____D C:\Qoobox
2013-11-11 21:43 - 2013-11-11 22:03 - 00000000 ____D C:\Windows\erdnt
2013-11-11 21:36 - 2013-11-14 17:45 - 05147957 ____R (Swearware) C:\Users\Micha\Desktop\ComboFix.exe
2013-11-08 23:54 - 2013-11-08 23:54 - 00018297 _____ C:\Users\Micha\Desktop\Addition.txt
2013-11-08 23:53 - 2013-11-08 23:53 - 00000000 ____D C:\FRST
2013-11-08 20:41 - 2013-11-12 17:37 - 00000614 _____ C:\Users\Micha\Desktop\Neues Textdokument.txt
2013-11-08 16:09 - 2013-11-08 16:09 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-08 13:49 - 2013-11-19 15:22 - 00000896 _____ C:\Windows\setupact.log
2013-11-08 13:49 - 2013-11-19 15:20 - 00101996 _____ C:\Windows\PFRO.log
2013-11-08 13:49 - 2013-11-08 13:49 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 01:09 - 2013-11-08 01:09 - 00675988 _____ C:\Users\Micha\Desktop\Minecraft.exe
2013-11-06 16:49 - 2013-11-12 17:14 - 00000000 ____D C:\Users\Micha\AppData\Roaming\.minecraft
2013-11-06 13:41 - 2013-11-06 13:41 - 00000000 ____D C:\Users\Micha\Low_00FEC012
2013-11-05 21:29 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2013-11-04 23:49 - 2013-11-07 19:23 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera Software
2013-11-04 23:49 - 2013-11-07 19:23 - 00000000 ____D C:\Users\Micha\AppData\Local\Opera Software
2013-11-04 22:38 - 2013-11-04 22:39 - 00007861 _____ C:\Users\Micha\Documents\Uninstall STAR WARS The Old Republic.log
2013-11-04 22:28 - 2013-11-04 22:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 22:27 - 2013-11-04 22:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-04 22:27 - 2013-11-04 22:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-04 22:08 - 2013-11-19 19:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-04 22:08 - 2013-11-04 22:08 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 21:52 - 2013-11-04 21:52 - 00000000 ____D C:\Users\Micha\AppData\Local\Macromedia
2013-11-04 21:34 - 2013-11-19 14:45 - 00000000 __SHD C:\ProgramData\treasure0
2013-11-04 17:20 - 2013-11-04 17:21 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-11-04 17:20 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Micha\AppData\Local\SWTORPerf
2013-11-04 17:18 - 2013-11-04 22:38 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-11-04 17:14 - 2013-11-04 17:20 - 00002812 _____ C:\Users\Micha\Documents\Install STAR WARS The Old Republic.log
2013-11-04 17:14 - 2013-11-04 17:14 - 00000000 ____D C:\Users\hedev
2013-11-02 20:00 - 2013-11-02 20:00 - 00000000 ____D C:\ProgramData\APN
2013-10-30 12:49 - 2013-11-14 18:43 - 00012356 _____ C:\Users\Micha\Desktop\Anwesenheit Weihnachtsfeier.xlsx
2013-10-30 12:34 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-30 12:34 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
==================== One Month Modified Files and Folders =======
2013-11-19 19:29 - 2013-11-11 22:01 - 00507257 _____ C:\Windows\WindowsUpdate.log
2013-11-19 19:29 - 2013-11-04 22:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-19 16:24 - 2013-11-19 16:24 - 00000000 ____D C:\Program Files\ESET
2013-11-19 16:22 - 2013-11-19 16:22 - 02347384 _____ (ESET) C:\Users\Micha\Desktop\esetsmartinstaller_enu.exe
2013-11-19 16:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2013-11-19 15:41 - 2011-05-03 19:19 - 01613238 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-19 15:29 - 2009-07-14 05:34 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 15:29 - 2009-07-14 05:34 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 15:22 - 2013-11-08 13:49 - 00000896 _____ C:\Windows\setupact.log
2013-11-19 15:22 - 2012-08-27 16:48 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-19 15:22 - 2011-11-22 10:00 - 00000000 ___RD C:\Users\Micha\Dropbox
2013-11-19 15:22 - 2011-11-22 09:56 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Dropbox
2013-11-19 15:22 - 2011-10-03 11:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-19 15:22 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-19 15:20 - 2013-11-08 13:49 - 00101996 _____ C:\Windows\PFRO.log
2013-11-19 15:19 - 2011-05-03 19:30 - 00000000 ____D C:\Program Files\DAEMON Tools Toolbar
2013-11-19 14:52 - 2013-08-19 13:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-19 14:52 - 2011-05-03 19:42 - 00000000 ____D C:\Users\Micha\Desktop\Programme
2013-11-19 14:49 - 2011-05-03 20:08 - 00000000 ____D C:\Windows\Panther
2013-11-19 14:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-19 14:45 - 2013-11-04 21:34 - 00000000 __SHD C:\ProgramData\treasure0
2013-11-19 14:45 - 2012-03-11 23:05 - 00000000 ____D C:\Users\Micha\AppData\Roaming\IMSIDesign
2013-11-19 14:28 - 2013-11-19 14:28 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Malwarebytes
2013-11-19 14:27 - 2013-11-19 14:27 - 00001063 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-19 14:27 - 2013-11-19 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-19 14:27 - 2013-11-19 14:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-19 14:23 - 2011-05-05 21:08 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 18:43 - 2013-10-30 12:49 - 00012356 _____ C:\Users\Micha\Desktop\Anwesenheit Weihnachtsfeier.xlsx
2013-11-14 18:05 - 2013-11-14 18:05 - 00020339 _____ C:\ComboFix.txt
2013-11-14 18:05 - 2013-11-11 21:43 - 00000000 ____D C:\Qoobox
2013-11-14 18:01 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-11-14 17:45 - 2013-11-11 21:36 - 05147957 ____R (Swearware) C:\Users\Micha\Desktop\ComboFix.exe
2013-11-14 17:45 - 2009-07-14 05:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-13 20:33 - 2013-11-13 20:21 - 00000000 ____D C:\Users\Public\Ticket
2013-11-13 20:25 - 2013-11-13 20:21 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Configuration
2013-11-13 20:25 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-13 20:23 - 2013-11-13 20:23 - 00000000 ____D C:\Users\Micha\Documents\Eigenes Workspace
2013-11-13 20:21 - 2013-11-13 20:21 - 00003831 ____H C:\Users\Public\Downloads\127605804049365309024177155.dat
2013-11-13 20:21 - 2013-11-13 20:21 - 00000003 ___SH C:\Users\Public\Documents\rrn.dat
2013-11-13 20:21 - 2013-11-13 20:21 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Backup Tickets
2013-11-13 20:21 - 2013-11-13 20:20 - 00000000 ____D C:\Program Files\Luidia
2013-11-13 20:21 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-13 18:55 - 2011-05-04 06:30 - 00000000 _____ C:\Users\Micha\AppData\Local\Temptable.xml
2013-11-13 17:12 - 2011-05-04 08:57 - 00000000 ____D C:\Users\Micha\AppData\Local\TempSWSicherungsverzeichnis
2013-11-13 16:37 - 2011-05-03 20:17 - 00000000 ____D C:\Users\Micha\AppData\Roaming\SolidWorks
2013-11-12 18:09 - 2013-11-12 18:09 - 00030020 _____ C:\Users\Micha\Desktop\FRST.txt
2013-11-12 17:37 - 2013-11-08 20:41 - 00000614 _____ C:\Users\Micha\Desktop\Neues Textdokument.txt
2013-11-12 17:14 - 2013-11-06 16:49 - 00000000 ____D C:\Users\Micha\AppData\Roaming\.minecraft
2013-11-11 22:05 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2013-11-11 22:03 - 2013-11-11 21:43 - 00000000 ____D C:\Windows\erdnt
2013-11-11 21:56 - 2012-11-08 13:03 - 00000000 ____D C:\Users\Micha\AppData\Roaming\inkscape
2013-11-11 21:42 - 2011-05-03 19:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Winamp
2013-11-08 23:54 - 2013-11-08 23:54 - 00018297 _____ C:\Users\Micha\Desktop\Addition.txt
2013-11-08 23:53 - 2013-11-08 23:53 - 00000000 ____D C:\FRST
2013-11-08 21:12 - 2012-11-11 16:42 - 00000000 ____D C:\Users\Micha\AppData\Roaming\PersBackup5
2013-11-08 16:09 - 2013-11-08 16:09 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-08 13:49 - 2013-11-08 13:49 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 01:09 - 2013-11-08 01:09 - 00675988 _____ C:\Users\Micha\Desktop\Minecraft.exe
2013-11-07 22:03 - 2013-03-30 19:41 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-11-07 19:23 - 2013-11-04 23:49 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera Software
2013-11-07 19:23 - 2013-11-04 23:49 - 00000000 ____D C:\Users\Micha\AppData\Local\Opera Software
2013-11-07 19:23 - 2011-11-10 20:15 - 00000000 ____D C:\Program Files\Opera
2013-11-07 17:26 - 2013-01-28 12:38 - 00007645 _____ C:\Users\Micha\AppData\Local\Resmon.ResmonCfg
2013-11-07 16:26 - 2012-01-03 11:07 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-07 16:26 - 2011-05-03 19:25 - 00000000 ____D C:\ProgramData\Adobe
2013-11-07 13:33 - 2012-03-01 22:13 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Samsung
2013-11-07 13:33 - 2012-03-01 22:12 - 00000000 ____D C:\Program Files\Samsung
2013-11-07 13:33 - 2012-03-01 22:12 - 00000000 ____D C:\Program Files\PC Connectivity Solution
2013-11-07 13:33 - 2011-05-03 19:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-07 13:26 - 2012-01-09 19:19 - 00000000 ____D C:\Program Files\Google
2013-11-07 13:25 - 2012-01-09 19:19 - 00000000 ____D C:\Users\Micha\AppData\Local\Google
2013-11-06 16:28 - 2011-11-10 20:15 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Opera
2013-11-06 13:51 - 2011-05-03 21:06 - 00000000 ____D C:\Users\Micha\Desktop\Zukünftige zweite Festplatte
2013-11-06 13:41 - 2013-11-06 13:41 - 00000000 ____D C:\Users\Micha\Low_00FEC012
2013-11-06 13:41 - 2011-05-03 19:20 - 00000000 ____D C:\Users\Micha
2013-11-05 17:22 - 2013-03-30 19:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Ad-Aware Antivirus
2013-11-04 22:39 - 2013-11-04 22:38 - 00007861 _____ C:\Users\Micha\Documents\Uninstall STAR WARS The Old Republic.log
2013-11-04 22:38 - 2013-11-04 17:18 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-11-04 22:29 - 2013-09-01 13:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-04 22:29 - 2011-05-30 08:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-04 22:28 - 2013-11-04 22:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 22:27 - 2013-11-04 22:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-04 22:27 - 2013-11-04 22:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-04 22:27 - 2013-01-14 12:06 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-04 22:27 - 2013-01-14 12:06 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-04 22:27 - 2013-01-14 12:05 - 00000000 ____D C:\Program Files\Java
2013-11-04 22:08 - 2013-11-04 22:08 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 22:08 - 2011-05-03 19:45 - 00000000 ____D C:\Users\Micha\AppData\Local\Adobe
2013-11-04 21:55 - 2011-05-05 19:39 - 00000000 ____D C:\Windows\pss
2013-11-04 21:52 - 2013-11-04 21:52 - 00000000 ____D C:\Users\Micha\AppData\Local\Macromedia
2013-11-04 17:21 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-11-04 17:20 - 2013-11-04 17:20 - 00000000 ____D C:\Users\Micha\AppData\Local\SWTORPerf
2013-11-04 17:20 - 2013-11-04 17:14 - 00002812 _____ C:\Users\Micha\Documents\Install STAR WARS The Old Republic.log
2013-11-04 17:14 - 2013-11-04 17:14 - 00000000 ____D C:\Users\hedev
2013-11-02 20:15 - 2012-10-01 14:15 - 00000000 ____D C:\Users\Micha\AppData\Roaming\CADClick
2013-11-02 20:00 - 2013-11-02 20:00 - 00000000 ____D C:\ProgramData\APN
2013-11-02 20:00 - 2013-06-26 19:39 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-11-01 16:27 - 2011-07-06 10:22 - 00037457 _____ C:\Users\Micha\AppData\Local\Temp_table.xml
2013-10-20 17:54 - 2011-05-03 19:43 - 00000000 ____D C:\Users\Micha\AppData\Roaming\TrueCrypt
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-11 23:18
==================== End Of Log ============================
--- --- --- Grüße Micha |
|
20.11.2013, 09:28
| #13 |
| Ruhe in Frieden † 2019 | Avira findet TR/ATRAPS.Gen2 Hallo Micha, alles gut .Noch zwei Löschungen: Schritt 1 Lösche zunächst einmal den Fund von ESET Code:
ATTFilter D:\Programme\Acronis.True.Image.Home.2011.v14.0.0.6696.German.AIO\Acronis.True.Image.Home.2011.v14.0.0.6696.GERMAN.AIO.iso
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\treasure0
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 3 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Aktualisierung einstellen Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man entweder direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link auf tun: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu TFC Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
|
20.11.2013, 16:45
| #14 |
| | Avira findet TR/ATRAPS.Gen2 Hallo, ich habe alles gemacht, was du geschrieben hast. Leider war danach die Log von FRST weg. Finde ich den noch woanders, kann ich FRST einfach noch mal laufen lassen? Grüße Micha |
|
21.11.2013, 13:53
| #15 |
| Ruhe in Frieden † 2019 | Avira findet TR/ATRAPS.Gen2 Hallo Micha, delfix hat leider das Log vom FRST-fix gelöscht. Um sicherzugehen, dass der Ordner auch wirklich gelöscht wurde, mache bitte folgendes: Schritt 1 Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument, achte unbedingt darauf, dass im Text nichts verändert wurde Code:
ATTFilter if exist c:\ProgramData\treasure0 (goto a
) else (
goto b)
:a
rd /q c:\ProgramData\treasure0
echo Ordner gelöscht >del.txt
goto c
:b
echo Ordner nicht gefunden >del.txt
:c
notepad del.txt
|
|
| Themen zu Avira findet TR/ATRAPS.Gen2 |
| antivirus, avira, browser, c:\windows, datei, fehlermeldungen, files, free, funktionieren, geblockt, geliefert, gelöscht, google, internetseite, namens, problem, programme, scan, schutz, seite, seiten, tr/atraps.gen, verschiedene, virenscan, virus, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
