|
Log-Analyse und Auswertung: Avira findet TR/ATRAPS.Gen2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.11.2013, 01:05 | #1 |
| Avira findet TR/ATRAPS.Gen2 Hallo mein AntiVir zeigt mir an das ich wohl einen Virus TR/ATRAPS.Gen2, TR/ATRAPS.Gen auf meinem Rechner habe. Ich bitte um Hilfe. Ich habe mir schon Farbar's Recovery Scan runtergeladen und bekomme folgende Ergebnisse: FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013 Ran by MartinG (administrator) on MARTIN on 30-11-2013 00:39:54 Running from C:\Users\MartinG\Downloads Windows 8 Pro (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dropbox, Inc.) C:\Users\MartinG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKCU\...\Run: [Google Update] - C:\Users\MartinG\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-28] (Google Inc.) HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) MountPoints2: {1c957086-4522-11e2-be68-14dae9bd9a8f} - "F:\autorun.exe" HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-11-14] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1316640 2013-10-31] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation) Startup: C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\MartinG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SparkleShare.lnk ShortcutTarget: SparkleShare.lnk -> C:\Program Files (x86)\SparkleShare\SparkleShare.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPCB1B347B-638E-4405-B02A-A0B59AE74483&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD581D6D4C0D8CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPCB1B347B-638E-4405-B02A-A0B59AE74483&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPCB1B347B-638E-4405-B02A-A0B59AE74483&q={searchTerms}&SSPV= BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found () Winsock: Catalog9 02 mswsock.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog5-x64 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found () Winsock: Catalog9-x64 02 mswsock.dll File Not found () Winsock: Catalog9-x64 03 mswsock.dll File Not found () Winsock: Catalog9-x64 04 mswsock.dll File Not found () Winsock: Catalog9-x64 05 mswsock.dll File Not found () Winsock: Catalog9-x64 06 mswsock.dll File Not found () Winsock: Catalog9-x64 07 mswsock.dll File Not found () Winsock: Catalog9-x64 08 mswsock.dll File Not found () Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\MartinG\AppData\Roaming\Mozilla\Firefox\Profiles\bipx5ahi.default FF NewTab: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPCB1B347B-638E-4405-B02A-A0B59AE74483 FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Homepage: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPCB1B347B-638E-4405-B02A-A0B59AE74483&SSPV= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\MartinG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\MartinG\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\MartinG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\MartinG\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\MartinG\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\MartinG\AppData\Roaming\Mozilla\Firefox\Profiles\bipx5ahi.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\MartinG\AppData\Roaming\Mozilla\Firefox\Profiles\bipx5ahi.default\Extensions\ich@maltegoetz.de FF Extension: Adblock Plus - C:\Users\MartinG\AppData\Roaming\Mozilla\Firefox\Profiles\bipx5ahi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPCB1B347B-638E-4405-B02A-A0B59AE74483&SSPV= CHR RestoreOnStartup: "http:\/\/search.conduit.com\/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPCB1B347B-638E-4405-B02A-A0B59AE74483&SSPV="],"restore_on_startup":4},"sync":{"suppress_start":true},"sync_promo":{"startup_count":10,"view_count":3},"translate_accepted_count":{"en":0,"nl":7},"translate_blocked_languages":["de"],"translate_denied_count":{"en":1,"nl":0},"translate_whitelists":{"nl":"de" CHR Extension: (Google Drive) - C:\Users\MartinG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\MartinG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\MartinG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - C:\Users\MartinG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0 CHR Extension: (Google Wallet) - C:\Users\MartinG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\MartinG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [63488 2012-10-28] (IvoSoft) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [1735968 2013-10-31] (Conduit) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-28] () S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{d99fb83a-68b0-3642-1afd-98972cc75023}\ \...\???\{d99fb83a-68b0-3642-1afd-98972cc75023}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-18] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-11-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-13] (DT Soft Ltd) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-18] () R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-30 00:39 - 2013-11-30 00:40 - 00019039 _____ C:\Users\MartinG\Downloads\FRST.txt 2013-11-30 00:39 - 2013-11-30 00:39 - 00000000 ____D C:\FRST 2013-11-30 00:38 - 2013-11-30 00:38 - 01959024 _____ (Farbar) C:\Users\MartinG\Downloads\FRST64.exe 2013-11-29 22:41 - 2013-11-29 22:41 - 00000000 ____D C:\Program Files (x86)\Google 2013-11-29 22:17 - 2013-11-29 22:23 - 00000000 ____D C:\Users\MartinG\Downloads\Iron Man 3 2013 2013-11-29 22:05 - 2013-11-29 22:05 - 00000851 _____ C:\Users\MartinG\Desktop\µTorrent.lnk 2013-11-29 22:05 - 2013-11-29 22:05 - 00000000 ____D C:\Users\MartinG\AppData\Local\SearchProtect 2013-11-29 22:05 - 2013-11-29 22:05 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2013-11-29 22:04 - 2013-11-29 23:46 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\uTorrent 2013-11-29 22:04 - 2013-11-29 22:04 - 01142864 _____ (BitTorrent Inc.) C:\Users\MartinG\Downloads\uTorrent-30303.exe 2013-11-29 11:11 - 2013-11-29 11:11 - 14705663 _____ C:\Users\MartinG\Desktop\MartinLisa.psd 2013-11-27 15:37 - 2013-11-27 15:37 - 00012237 _____ C:\Users\MartinG\Downloads\2013_jaarboek_2111.xlsx 2013-11-26 19:47 - 2013-11-27 12:56 - 00000000 ____D C:\Users\MartinG\Desktop\Arduino 2013-11-26 17:27 - 2013-11-26 17:40 - 00000000 ____D C:\Users\MartinG\Desktop\Omega Sensorboard v1.5 2013-11-26 17:27 - 2013-11-26 17:27 - 00000000 ____D C:\Users\MartinG\Documents\eagle 2013-11-26 17:24 - 2013-11-26 17:24 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\CadSoft 2013-11-26 17:24 - 2013-11-26 17:24 - 00000000 ____D C:\Program Files (x86)\EAGLE-6.5.0 2013-11-26 11:45 - 2013-11-26 11:46 - 46354432 _____ C:\Users\MartinG\Downloads\eagle-win-6.5.0.exe 2013-11-25 09:07 - 2013-11-26 11:43 - 00006111 _____ C:\Users\MartinG\Documents\Daugtherboard.zargo 2013-11-25 09:07 - 2013-11-26 11:09 - 00006104 _____ C:\Users\MartinG\Documents\Daugtherboard.zargo~ 2013-11-19 13:27 - 2013-11-19 13:27 - 00002209 _____ C:\Users\UpdatusUser\Desktop\ArgoUML.lnk 2013-11-19 13:27 - 2013-11-19 13:27 - 00002209 _____ C:\Users\MartinG\Desktop\ArgoUML.lnk 2013-11-19 13:27 - 2013-11-19 13:27 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArgoUML 2013-11-19 13:27 - 2013-11-19 13:27 - 00000000 ____D C:\Users\MartinG\.argouml 2013-11-19 13:27 - 2013-11-19 13:27 - 00000000 ____D C:\Program Files (x86)\ArgoUML 2013-11-19 13:24 - 2013-11-19 13:26 - 16530652 _____ C:\Users\MartinG\Downloads\ArgoUML-0.34-setup.exe 2013-11-19 13:21 - 2013-11-19 13:23 - 00000000 ____D C:\Users\MartinG\Desktop\tmp 2013-11-19 13:21 - 2013-11-19 13:23 - 00000000 ____D C:\Users\MartinG\Desktop\.vpprefdata 2013-11-17 13:38 - 2013-11-26 19:36 - 00000000 ____D C:\Users\MartinG\Desktop\Continents 2013-11-16 19:31 - 2013-11-16 19:31 - 00714905 _____ C:\Users\MartinG\Desktop\Continents.psd 2013-11-16 19:21 - 2013-11-16 19:30 - 00000000 ____D C:\Users\MartinG\Desktop\Kontinente 2013-11-16 14:14 - 2013-11-16 14:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 14:21 - 2013-11-26 14:49 - 00000000 ____D C:\Users\MartinG\Desktop\Rechteck 2013-11-15 09:15 - 2013-11-16 20:01 - 104637397 _____ C:\Windows\SysWOW64\᯾矁솈X߿ 2013-11-14 23:38 - 2013-11-14 23:38 - 05082440 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-14 19:10 - 2013-11-14 19:10 - 00019989 _____ C:\Users\MartinG\Desktop\Nationalitäten Amsterdam Kontinente.xlsx 2013-11-14 10:27 - 2013-11-14 17:16 - 104278918 _____ C:\Windows\SysWOW64\뚭LŸ 2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\Users\MartinG\AppData\Local\NVIDIA Corporation 2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Users\MartinG\AppData\Local\NVIDIA 2013-11-13 12:24 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-11-13 12:24 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-11-13 12:23 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 12:23 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 10:38 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 10:38 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 10:38 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 10:38 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 10:38 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2013-11-13 10:38 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 10:38 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2013-11-13 10:38 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 10:38 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 10:38 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 10:38 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 10:38 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 10:38 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 10:38 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-11-13 10:38 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-11-13 10:38 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2013-11-13 10:38 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-11-13 10:38 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-11-13 10:38 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-11-13 10:38 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-11-13 10:38 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-11-13 10:38 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-11-13 10:38 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-11-13 10:38 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2013-11-13 10:38 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-11-13 10:38 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-11-13 10:38 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-11-13 10:38 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-11-13 10:38 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 10:38 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys 2013-11-13 10:38 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2013-11-13 10:38 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll 2013-11-13 10:38 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2013-11-13 10:38 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2013-11-13 10:38 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2013-11-13 10:38 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2013-11-13 10:38 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-11-13 10:38 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2013-11-13 10:38 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2013-11-13 10:38 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2013-11-13 10:37 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 10:37 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 10:37 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 10:37 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 10:37 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 10:37 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 10:37 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 10:37 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 10:37 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 10:37 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 10:37 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 10:37 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 10:37 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-12 14:11 - 2013-11-14 18:43 - 00038912 _____ C:\Users\MartinG\Downloads\2011_nationaliteiten_2009_2011.xls 2013-11-11 19:28 - 2013-11-26 20:01 - 00000061 _____ C:\Users\MartinG\Desktop\Wichtig für Arduino.txt 2013-11-08 13:19 - 2013-11-10 19:25 - 00117442 _____ C:\Users\MartinG\Desktop\Project Brief.pptx 2013-11-07 13:05 - 2013-11-07 13:05 - 00000000 ____D C:\Users\MartinG\Documents\GitHub 2013-11-07 13:03 - 2013-11-07 13:07 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\GitHub 2013-11-07 13:03 - 2013-11-07 13:07 - 00000000 ____D C:\Users\MartinG\AppData\Local\GitHub 2013-11-07 13:03 - 2013-11-07 13:04 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2013-11-07 13:01 - 2013-11-07 13:04 - 00000000 ____D C:\Users\MartinG\AppData\Local\Deployment 2013-11-07 13:01 - 2013-11-07 13:01 - 00000000 ____D C:\Users\MartinG\AppData\Local\Apps\2.0 2013-11-07 12:40 - 2013-11-07 12:49 - 00000000 ____D C:\Users\MartinG\CytoscapeConfiguration 2013-11-06 21:06 - 2013-11-06 21:06 - 00000222 _____ C:\Users\MartinG\Desktop\Call of Duty Ghosts.url 2013-11-06 21:06 - 2013-11-06 21:06 - 00000222 _____ C:\Users\MartinG\Desktop\Call of Duty Ghosts - Multiplayer.url 2013-11-05 13:44 - 2013-11-06 11:30 - 00002159 _____ C:\Users\MartinG\Desktop\Neues Textdokument (2).txt 2013-11-04 14:38 - 2013-11-04 14:38 - 00000000 _____ C:\Users\MartinG\Desktop\Fitness Project.txt ==================== One Month Modified Files and Folders ======= 2013-11-30 00:40 - 2013-11-30 00:39 - 00019039 _____ C:\Users\MartinG\Downloads\FRST.txt 2013-11-30 00:39 - 2013-11-30 00:39 - 00000000 ____D C:\FRST 2013-11-30 00:38 - 2013-11-30 00:38 - 01959024 _____ (Farbar) C:\Users\MartinG\Downloads\FRST64.exe 2013-11-30 00:37 - 2012-12-13 00:20 - 01935115 _____ C:\Windows\WindowsUpdate.log 2013-11-30 00:34 - 2012-12-13 15:20 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\Dropbox 2013-11-30 00:23 - 2012-12-28 00:39 - 00001142 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559614793-2371365886-3898867588-1001UA.job 2013-11-30 00:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru 2013-11-29 23:46 - 2013-11-29 22:04 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\uTorrent 2013-11-29 23:14 - 2012-07-26 11:27 - 00794748 _____ C:\Windows\system32\perfh007.dat 2013-11-29 23:14 - 2012-07-26 11:27 - 00173132 _____ C:\Windows\system32\perfc007.dat 2013-11-29 23:14 - 2012-07-26 08:28 - 01855128 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-29 22:58 - 2012-12-13 13:46 - 00000000 ____D C:\Program Files\eclipse 2013-11-29 22:50 - 2012-12-13 15:19 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\AIMP3 2013-11-29 22:41 - 2013-11-29 22:41 - 00000000 ____D C:\Program Files (x86)\Google 2013-11-29 22:41 - 2012-12-28 00:39 - 00000000 ____D C:\Users\MartinG\AppData\Local\Google 2013-11-29 22:36 - 2012-12-22 18:41 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\vlc 2013-11-29 22:23 - 2013-11-29 22:17 - 00000000 ____D C:\Users\MartinG\Downloads\Iron Man 3 2013 2013-11-29 22:05 - 2013-11-29 22:05 - 00000851 _____ C:\Users\MartinG\Desktop\µTorrent.lnk 2013-11-29 22:05 - 2013-11-29 22:05 - 00000000 ____D C:\Users\MartinG\AppData\Local\SearchProtect 2013-11-29 22:05 - 2013-11-29 22:05 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2013-11-29 22:04 - 2013-11-29 22:04 - 01142864 _____ (BitTorrent Inc.) C:\Users\MartinG\Downloads\uTorrent-30303.exe 2013-11-29 19:00 - 2012-12-13 15:22 - 00000000 ___RD C:\Users\MartinG\Dropbox 2013-11-29 18:51 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-29 18:49 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF 2013-11-29 11:11 - 2013-11-29 11:11 - 14705663 _____ C:\Users\MartinG\Desktop\MartinLisa.psd 2013-11-28 23:24 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2013-11-28 16:10 - 2013-10-23 10:53 - 00027648 _____ C:\Users\MartinG\Desktop\Ausgaben Amsterdam.xls 2013-11-28 10:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-11-27 21:23 - 2012-12-28 00:39 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559614793-2371365886-3898867588-1001Core.job 2013-11-27 19:25 - 2013-02-12 15:00 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\Skype 2013-11-27 15:37 - 2013-11-27 15:37 - 00012237 _____ C:\Users\MartinG\Downloads\2013_jaarboek_2111.xlsx 2013-11-27 12:56 - 2013-11-26 19:47 - 00000000 ____D C:\Users\MartinG\Desktop\Arduino 2013-11-26 20:01 - 2013-11-11 19:28 - 00000061 _____ C:\Users\MartinG\Desktop\Wichtig für Arduino.txt 2013-11-26 19:36 - 2013-11-17 13:38 - 00000000 ____D C:\Users\MartinG\Desktop\Continents 2013-11-26 17:40 - 2013-11-26 17:27 - 00000000 ____D C:\Users\MartinG\Desktop\Omega Sensorboard v1.5 2013-11-26 17:27 - 2013-11-26 17:27 - 00000000 ____D C:\Users\MartinG\Documents\eagle 2013-11-26 17:24 - 2013-11-26 17:24 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\CadSoft 2013-11-26 17:24 - 2013-11-26 17:24 - 00000000 ____D C:\Program Files (x86)\EAGLE-6.5.0 2013-11-26 14:54 - 2012-12-13 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-26 14:54 - 2012-12-13 00:05 - 00116564 _____ C:\Windows\PFRO.log 2013-11-26 14:49 - 2013-11-15 14:21 - 00000000 ____D C:\Users\MartinG\Desktop\Rechteck 2013-11-26 11:46 - 2013-11-26 11:45 - 46354432 _____ C:\Users\MartinG\Downloads\eagle-win-6.5.0.exe 2013-11-26 11:43 - 2013-11-25 09:07 - 00006111 _____ C:\Users\MartinG\Documents\Daugtherboard.zargo 2013-11-26 11:09 - 2013-11-25 09:07 - 00006104 _____ C:\Users\MartinG\Documents\Daugtherboard.zargo~ 2013-11-25 20:54 - 2013-05-07 13:32 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-11-25 20:54 - 2013-03-25 13:30 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-25 20:54 - 2013-03-25 13:30 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-11-25 20:54 - 2013-03-25 13:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-11-21 18:08 - 2013-10-15 15:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-11-20 23:17 - 2013-03-19 11:16 - 00000000 ____D C:\Users\MartinG\AppData\Local\Eclipse 2013-11-20 23:10 - 2013-09-04 18:35 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-11-19 19:46 - 2013-02-02 16:38 - 00000000 ____D C:\Program Files (x86)\Steam 2013-11-19 13:27 - 2013-11-19 13:27 - 00002209 _____ C:\Users\UpdatusUser\Desktop\ArgoUML.lnk 2013-11-19 13:27 - 2013-11-19 13:27 - 00002209 _____ C:\Users\MartinG\Desktop\ArgoUML.lnk 2013-11-19 13:27 - 2013-11-19 13:27 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArgoUML 2013-11-19 13:27 - 2013-11-19 13:27 - 00000000 ____D C:\Users\MartinG\.argouml 2013-11-19 13:27 - 2013-11-19 13:27 - 00000000 ____D C:\Program Files (x86)\ArgoUML 2013-11-19 13:27 - 2012-12-13 00:20 - 00000000 ____D C:\Users\MartinG 2013-11-19 13:26 - 2013-11-19 13:24 - 16530652 _____ C:\Users\MartinG\Downloads\ArgoUML-0.34-setup.exe 2013-11-19 13:23 - 2013-11-19 13:21 - 00000000 ____D C:\Users\MartinG\Desktop\tmp 2013-11-19 13:23 - 2013-11-19 13:21 - 00000000 ____D C:\Users\MartinG\Desktop\.vpprefdata 2013-11-18 07:21 - 2013-01-20 14:37 - 00000000 ____D C:\Users\MartinG\AppData\Local\Adobe 2013-11-16 20:01 - 2013-11-15 09:15 - 104637397 _____ C:\Windows\SysWOW64\᯾矁솈X߿ 2013-11-16 19:31 - 2013-11-16 19:31 - 00714905 _____ C:\Users\MartinG\Desktop\Continents.psd 2013-11-16 19:30 - 2013-11-16 19:21 - 00000000 ____D C:\Users\MartinG\Desktop\Kontinente 2013-11-16 19:20 - 2012-12-13 15:16 - 00000132 _____ C:\Users\MartinG\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2013-11-16 14:14 - 2013-11-16 14:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 15:39 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache 2013-11-14 23:38 - 2013-11-14 23:38 - 05082440 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-14 23:37 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData 2013-11-14 19:10 - 2013-11-14 19:10 - 00019989 _____ C:\Users\MartinG\Desktop\Nationalitäten Amsterdam Kontinente.xlsx 2013-11-14 18:43 - 2013-11-12 14:11 - 00038912 _____ C:\Users\MartinG\Downloads\2011_nationaliteiten_2009_2011.xls 2013-11-14 17:16 - 2013-11-14 10:27 - 104278918 _____ C:\Windows\SysWOW64\뚭LŸ 2013-11-14 12:09 - 2013-08-14 19:38 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 12:06 - 2012-12-14 12:36 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-14 00:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore 2013-11-14 00:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\Users\MartinG\AppData\Local\NVIDIA Corporation 2013-11-13 13:16 - 2012-07-26 08:21 - 00037384 _____ C:\Windows\setupact.log 2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Users\MartinG\AppData\Local\NVIDIA 2013-11-10 19:25 - 2013-11-08 13:19 - 00117442 _____ C:\Users\MartinG\Desktop\Project Brief.pptx 2013-11-10 10:23 - 2012-12-13 00:34 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\Mozilla 2013-11-08 21:47 - 2013-10-29 09:40 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2013-11-08 21:47 - 2013-10-29 09:40 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2013-11-07 13:07 - 2013-11-07 13:03 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\GitHub 2013-11-07 13:07 - 2013-11-07 13:03 - 00000000 ____D C:\Users\MartinG\AppData\Local\GitHub 2013-11-07 13:05 - 2013-11-07 13:05 - 00000000 ____D C:\Users\MartinG\Documents\GitHub 2013-11-07 13:04 - 2013-11-07 13:03 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2013-11-07 13:04 - 2013-11-07 13:01 - 00000000 ____D C:\Users\MartinG\AppData\Local\Deployment 2013-11-07 13:01 - 2013-11-07 13:01 - 00000000 ____D C:\Users\MartinG\AppData\Local\Apps\2.0 2013-11-07 12:49 - 2013-11-07 12:40 - 00000000 ____D C:\Users\MartinG\CytoscapeConfiguration 2013-11-06 21:12 - 2012-12-13 16:03 - 00120381 _____ C:\Windows\DirectX.log 2013-11-06 21:10 - 2013-03-15 15:42 - 00000000 ____D C:\ProgramData\Package Cache 2013-11-06 21:06 - 2013-11-06 21:06 - 00000222 _____ C:\Users\MartinG\Desktop\Call of Duty Ghosts.url 2013-11-06 21:06 - 2013-11-06 21:06 - 00000222 _____ C:\Users\MartinG\Desktop\Call of Duty Ghosts - Multiplayer.url 2013-11-06 11:30 - 2013-11-05 13:44 - 00002159 _____ C:\Users\MartinG\Desktop\Neues Textdokument (2).txt 2013-11-05 23:58 - 2013-10-14 16:56 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-11-05 23:58 - 2013-10-14 16:56 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-04 14:38 - 2013-11-04 14:38 - 00000000 _____ C:\Users\MartinG\Desktop\Fitness Project.txt 2013-11-02 13:09 - 2012-12-13 00:21 - 00000000 ___RD C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-02 13:08 - 2012-12-13 15:21 - 00000000 ____D C:\Users\MartinG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ZeroAccess: C:\Users\MartinG\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini Some content of TEMP: ==================== C:\Users\MartinG\AppData\Local\Temp\AskSLib.dll C:\Users\MartinG\AppData\Local\Temp\avgnt.exe C:\Users\MartinG\AppData\Local\Temp\BackupSetup.exe C:\Users\MartinG\AppData\Local\Temp\htmlayout.dll C:\Users\MartinG\AppData\Local\Temp\jansi-64.dll C:\Users\MartinG\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\MartinG\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\MartinG\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\MartinG\AppData\Local\Temp\kzmvbwsa.dll C:\Users\MartinG\AppData\Local\Temp\nscFF83.exe C:\Users\MartinG\AppData\Local\Temp\nse37D.exe C:\Users\MartinG\AppData\Local\Temp\nsoEA04.exe C:\Users\MartinG\AppData\Local\Temp\nst205.exe C:\Users\MartinG\AppData\Local\Temp\nsuECE4.exe C:\Users\MartinG\AppData\Local\Temp\nszEB7C.exe C:\Users\MartinG\AppData\Local\Temp\sonarinst.exe C:\Users\MartinG\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\MartinG\AppData\Local\Temp\ubiC0FF.tmp.exe C:\Users\MartinG\AppData\Local\Temp\ubiC99C.tmp.exe C:\Users\MartinG\AppData\Local\Temp\ubiF1C4.tmp.exe C:\Users\MartinG\AppData\Local\Temp\uttB7B8.tmp.exe C:\Users\MartinG\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-11-28 11:04 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013 Ran by MartinG at 2013-11-30 00:41:32 Running from C:\Users\MartinG\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727) Tools for .Net 3.5 (x32 Version: 3.11.50727) µTorrent (HKCU Version: 3.3.2.30303) Adobe AIR (x32 Version: 3.3.0.3670) Adobe Creative Suite 6 Master Collection (x32 Version: 6) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.202) Adobe Help Manager (x32 Version: 4.0.244) Adobe Reader XI - Deutsch (x32 Version: 11.0.00) Adobe® Content Viewer (x32 Version: 2.9.0) AIMP3 (x32 Version: v3.20.1155, 16.11.2012) Apple Application Support (x32 Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (x32 Version: 2.1.3.127) Arduino (x32 Version: 1.0.5) ArgoUML 0.34 (x32 Version: 0.34) Audacity 2.0.3 (x32 Version: 2.0.3) Avira Free Antivirus (x32 Version: 14.0.1.749) Battlelog Web Plugins (x32 Version: 2.1.4) bl (x32 Version: 1.0.0) Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0) Blend for Visual Studio 2012 DEU resources (x32 Version: 5.0.30709.0) Bonjour (Version: 3.0.0.10) Call of Duty: Ghosts - Multiplayer (x32) Call of Duty: Ghosts (x32) CDBurnerXP (x32 Version: 4.5.1.4003) CINEMA 4D Student 14.041 (Version: 14.041) Classic Shell (Version: 3.6.2) CPUID CPU-Z 1.62 DAEMON Tools Lite (x32 Version: 4.46.1.0327) Devenv-Ressourcen für Microsoft Visual Studio 2012 (x32 Version: 11.0.50727) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298) Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4521.29298) Dropbox (HKCU Version: 2.4.6) EAGLE 6.5.0 (x32 Version: 6.5.0) Entity Framework Designer für Visual Studio 2012 - DEU (x32 Version: 11.1.20702.00) Erforderliche Komponenten für SSDT (x32 Version: 11.0.2100.60) ESN Sonar (x32 Version: 0.70.4) GeForce Experience NvStream Client Components (Version: 1.6.28) GitHub (HKCU Version: 1.2.3.0) GLtron version 0.70 (x32) Google Chrome (HKCU Version: 31.0.1650.57) Google Talk Plugin (x32 Version: 4.9.1.16010) HTC BMP USB Driver (x32 Version: 1.0.5375) HTC Driver Installer (x32 Version: 4.0.0.009) HTC Sync (x32 Version: 3.3.17) IIS 8.0 Express (Version: 8.0.1557) IIS Express Application Compatibility Database for x64 IIS Express Application Compatibility Database for x86 Intel(R) Processor Graphics (x32 Version: 9.17.10.2867) iTunes (Version: 11.0.1.12) Java 7 Update 10 (64-bit) (Version: 7.0.100) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Java SE Development Kit 7 Update 10 (64-bit) (Version: 1.7.0.100) JDownloader 0.9 (x32 Version: 0.9) LAME v3.99.3 (for Windows) (x32) LocalESPC (x32 Version: 8.59.25584) LocalESPCui for de-de (x32 Version: 8.59.25584) Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319) Microsoft .NET Framework 4.5 Multi-Targeting Pack (x32 Version: 4.5.50709) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (x32 Version: 4.5.50709) Microsoft .NET Framework 4.5 SDK (x32 Version: 4.5.50709) Microsoft ASP.NET MVC 3 - DEU (x32 Version: 3.0.20105.0) Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU (x32 Version: 3.0.30710.0) Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (x32 Version: 3.0.30710.0) Microsoft ASP.NET MVC 3 (x32 Version: 3.0.20105.0) Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU (x32 Version: 4.0.20710.0) Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools (x32 Version: 4.0.20710.0) Microsoft ASP.NET MVC 4 Runtime - DEU (x32 Version: 4.0.20710.0) Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20710.0) Microsoft ASP.NET Web Pages - DEU (x32 Version: 1.0.20105.0) Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU (x32 Version: 1.0.20710.0) Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (x32 Version: 1.0.20710.0) Microsoft ASP.NET Web Pages (x32 Version: 1.0.20105.0) Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU (x32 Version: 2.0.20710.0) Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools (x32 Version: 2.0.20710.0) Microsoft ASP.NET Web Pages 2 Runtime - DEU (x32 Version: 2.0.20710.0) Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20710.0) Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727) Microsoft Help Viewer 2.0 Language Pack - DEU (x32 Version: 2.0.50727) Microsoft LightSwitch for Visual Studio 2012 Core (x32 Version: 11.0.50727) Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU (x32 Version: 11.0.50727) Microsoft NuGet - Visual Studio 2012 (x32 Version: 2.0.30625.9003) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Excel Viewer (x32 Version: 12.0.6219.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.50709.17929) Microsoft Portable Library Multi-Targeting Pack Language Pack - deu (x32 Version: 11.0.50709.17929) Microsoft Report Viewer Add-On for Visual Studio 2012 (x32 Version: 11.1.2802.16) Microsoft Report Viewer Add-On für Visual Studio 2012 (x32 Version: 11.1.2802.16) Microsoft Silverlight (x32 Version: 5.1.10411.0) Microsoft Silverlight 4 SDK - Deutsch (x32 Version: 4.0.60310.0) Microsoft Silverlight 5 SDK - DEU (x32 Version: 5.0.61118.0) Microsoft SQL Server 2012 Command Line Utilities (Version: 11.0.2100.60) Microsoft SQL Server 2012 Data-Tier App Framework (Version: 11.0.2316.0) Microsoft SQL Server 2012 Data-Tier App Framework (x32 Version: 11.0.2316.0) Microsoft SQL Server 2012 Express LocalDB (Version: 11.0.2100.60) Microsoft SQL Server 2012 Management Objects (x32 Version: 11.0.2100.60) Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60) Microsoft SQL Server 2012 Native Client (Version: 11.0.2100.60) Microsoft SQL Server 2012 Transact-SQL Compiler Service (Version: 11.0.2100.60) Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.0.2100.60) Microsoft SQL Server 2012 T-SQL Language Service (x32 Version: 11.0.2100.60) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (Version: 4.0.8876.1) Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (x32 Version: 11.1.20627.00) Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (x32 Version: 11.1.20627.00) Microsoft SQL Server System CLR Types (x32 Version: 10.50.1600.1) Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 Compilers - DEU Resources (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 Extended Libraries (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610) Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610) Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610) Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 11.0.50727) Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 11.0.50727) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31125) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31130) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.31125) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.31125) Microsoft Visual Studio 2012 Devenv (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 IntelliTrace Core amd64 (Version: 11.0.50727) Microsoft Visual Studio 2012 IntelliTrace Core x86 (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 IntelliTrace Front End x86 (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 IntelliTraceFrontEndLoc (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 IntelliTraceLoc (Version: 11.0.50727) Microsoft Visual Studio 2012 IntelliTraceLoc (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 SharePoint Developer Tools (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen (x32 Version: 11.0.50727) Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU (x32 Version: 4.0.8876.1) Microsoft Visual Studio 2012-Leistungserfassungstools - DEU (Version: 11.0.50727) Microsoft Visual Studio 2012-Leistungserfassungstools (Version: 11.0.50727) Microsoft Visual Studio 2012-Vorbereitung (x32 Version: 11.0.50727) Microsoft Visual Studio Premium 2012 - DEU (x32 Version: 11.0.50727) Microsoft Visual Studio Premium 2012 (x32 Version: 11.0.50727) Microsoft Visual Studio Professional 2012 - DEU (x32 Version: 11.0.50727) Microsoft Visual Studio Professional 2012 (x32 Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU (Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Storyboarding (Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - DEU (Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU (x32 Version: 11.0.50727) Microsoft Visual Studio Ultimate 2012 - DEU (x32 Version: 11.0.50727) Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727) Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727.1) Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727) Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources (x32 Version: 11.0.50727) Microsoft Web Deploy 3.0 (Version: 3.1236.1631) Microsoft Web Deploy dbSqlPackage Provider - DEU (x32 Version: 10.3.20225.0) Microsoft Web Developer Tools - Visual Studio 2012 - DEU (x32 Version: 1.0.30710.0) Microsoft Web Developer Tools - Visual Studio 2012 (x32 Version: 1.0.30710.0) Microsoft Web Platform Installer 4.0 (Version: 4.0.1622) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft-System-CLR-Typen für SQL Server 2012 (x32 Version: 11.0.2100.60) Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (Version: 11.0.2100.60) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 24.1.1) Mozilla Thunderbird 24.1.1 (x86 de) (x32 Version: 24.1.1) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Notepad++ (x32 Version: 6.2.2) NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1) NVIDIA Grafiktreiber 331.65 (Version: 331.65) NVIDIA Install Application (Version: 2.1002.140.952) NVIDIA LED Visualizer 1.0 (Version: 1.0) NVIDIA Optimus 9.3.21 (Version: 9.3.21) NVIDIA PhysX (x32 Version: 9.13.0725) NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725) NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21) NVIDIA Systemsteuerung 331.65 (Version: 331.65) NVIDIA Update 9.3.21 (Version: 9.3.21) NVIDIA Update Components (Version: 9.3.21) NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Origin (x32 Version: 9.1.15.109) PDF Settings CS6 (x32 Version: 11.0) PDFCreator (x32 Version: 1.7.1) ph (x32 Version: 1.0.0) PreEmptive Analytics Client German Language Pack (x32 Version: 1.0.2180.1) PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1) PunkBuster Services (x32 Version: 0.991) Samsung SCX-4500 Series (x32) Samsung SCX-4x16 Series (x32) Search Protect (x32 Version: 2.8.11.9) <==== ATTENTION Secure Download Manager (x32 Version: 3.1.01) SHIELD Streaming (Version: 1.6.53) Skype™ 6.1 (x32 Version: 6.1.129) SparkleShare (x32 Version: 1.0.0) Star Wars Battlefront II (x32 Version: 1.0) Steam (x32 Version: 1.0.0.0) TeamSpeak 3 Client (x32 Version: 3.0.10) Unity (x32 Version: ) Update for (KB2504637) (x32 Version: 1) Visual Paradigm for UML 10.0 (x32) Visual Studio 2012 Prerequisites - DEU Language Pack (Version: 11.0.50727) Visual Studio 2012 Prerequisites (Version: 11.0.50727) Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.8514.0) VLC media player 2.0.4 (x32 Version: 2.0.4) WCF Data Services 5.0 (for OData v3) DEU Language Pack (x32 Version: 5.0.50628.0) WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0) WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0) WCF Data Services Tools for Visual Studio 11 DEU Language Pack (x32 Version: 5.0.50710.0) WCF RIA Services V1.0 SP2 (x32 Version: 4.1.61829.0) Windows App Certification Kit Native Components (Version: 8.59.25584) Windows App Certification Kit x64 (x32 Version: 8.59.25584) Windows Runtime Intellisense Content - de-de (x32 Version: 8.59.25584) Windows Software Development Kit (x32 Version: 8.59.25584) Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584) Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584) Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584) Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584) Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 13-11-2013 11:06:46 Windows Update 22-11-2013 13:09:45 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 06:26 - 2013-01-20 15:07 - 00001775 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {18DCB43F-1CB1-415C-AAAE-93B3F38DE7E6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {3214DDB3-0609-4B46-8A3F-BABE0B63E645} - System32\Tasks\AdobeAAMUpdater-1.0-Martin-MartinG => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {7C46D1BB-1BB5-4FDD-BE0E-3F9B1E6497FF} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-11-14] () Task: {9C7FB583-1197-44C2-BE4A-E556AB33B175} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-559614793-2371365886-3898867588-1001UA => C:\Users\MartinG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {9FC11DE1-1096-41EA-89E0-CB12F7D8B3F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-559614793-2371365886-3898867588-1001Core => C:\Users\MartinG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559614793-2371365886-3898867588-1001Core.job => C:\Users\MartinG\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559614793-2371365886-3898867588-1001UA.job => C:\Users\MartinG\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-29 09:34 - 2013-10-23 11:30 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2012-12-15 23:56 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\system32\mswsock.dll 2012-10-10 02:22 - 2012-10-10 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-11-29 22:41 - 2013-11-29 22:41 - 02492416 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll 2013-11-29 22:41 - 2013-11-29 22:41 - 02179072 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll 2012-12-13 12:41 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2012-12-15 23:56 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\SYSTEM32\MSWSOCK.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-29 09:34 - 2013-10-23 11:30 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\MartinG\AppData\Roaming\Dropbox\bin\libcef.dll 2013-11-16 14:14 - 2013-11-16 14:14 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-12-15 23:56 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\SYSTEM32\mswsock.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\MartinG\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MartinG\Desktop\Project Brief.pptx:com.dropbox.attributes AlternateDataStreams: C:\Users\MartinG\Desktop\WP_000148.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\MartinG\Desktop\WP_000149.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\MartinG\AppData\Local\muQO63Ukkg:ZqurTS6layGupAU6JX3Gd AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/29/2013 09:06:44 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3703 Error: (11/29/2013 09:06:44 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3703 Error: (11/29/2013 09:06:44 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/29/2013 09:06:42 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2453 Error: (11/29/2013 09:06:42 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2453 Error: (11/29/2013 09:06:42 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/29/2013 09:06:41 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1219 Error: (11/29/2013 09:06:41 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1219 Error: (11/29/2013 09:06:41 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/29/2013 10:26:41 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13453 System errors: ============= Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:57 PM) (Source: DCOM) (User: Martin) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MartinMartinGS-1-5-21-559614793-2371365886-3898867588-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/29/2013 06:51:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Microsoft Office Sessions: ========================= Error: (11/28/2013 02:03:41 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6219.1000. This session lasted 5246 seconds with 2940 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 8102.69 MB Available physical RAM: 5569.71 MB Total Pagefile: 9318.69 MB Available Pagefile: 6574.23 MB Total Virtual: 8192 MB Available Virtual: 8191.74 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.3 GB) (Free:60.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:254.45 GB) (Free:168.98 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AA9693FE) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=254 GB) - (Type=OF Extended) ==================== End Of Log ============================ Geändert von homerottie (30.11.2013 um 01:13 Uhr) |
30.11.2013, 12:31 | #2 | |
/// the machine /// TB-Ausbilder | Avira findet TR/ATRAPS.Gen2 hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
Themen zu Avira findet TR/ATRAPS.Gen2 |
adblock, adobe, antivir, antivirus, avira, bonjour, browser, cpu-z, desktop, excel, firefox, flash player, google, homepage, launch, mozilla, newtab, performance, plug-in, registry, rootkit, rundll, scan, security, server, software, svchost.exe, system, usb, virus |