Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.07.2012, 17:26   #1
BobbyPeru
 
Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 - Standard

Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2



Hallo Zusammen,

Avira AntiVir hat mir gemeldet, dass mein Rechner von tr/atraps.gen und tr/atraps.gen2 befallen ist.

Ich hab mit Google herausgefunden, dass es sich hierbei um Rootkits handelt die Onlinebanking-Daten abgreifen wollen.

Ich habe mir dann, wie hier empfohlen Malwarebytes Anti-Malware runtergeladen, den Quickscan ausgeführt uznd die FUnde entfernt.
Hier ist das Log-File von Malwarebytes:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bobby Peru :: LCK_ [Administrator]

Schutz: Aktiviert

01.07.2012 18:08:33
mbam-log-2012-07-01 (18-08-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230548
Laufzeit: 6 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DAT8C8B.tmp.exe (Trojan.FakeAlert) -> Daten: C:\Users\BOBBYP~1\AppData\Local\Temp\DAT8C8B.tmp.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bobby Peru\AppData\Local\Temp\DAT8C8B.tmp.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier der OTL Logfile:

Code:
ATTFilter
OTL logfile created on: 01.07.2012 18:35:43 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Bobby Peru\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 43,28% Memory free
5,98 Gb Paging File | 3,73 Gb Available in Paging File | 62,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 57,07 Gb Free Space | 57,07% Space Free | Partition Type: NTFS
Drive D: | 350,74 Gb Total Space | 125,04 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
 
Computer Name: LCK_ | User Name: Bobby Peru | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.01 18:31:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby Peru\Downloads\OTL.exe
PRC - [2012.07.01 16:16:14 | 000,049,152 | ---- | M] (Mustek Systems) -- C:\Users\BOBBYP~1\AppData\Local\Temp\18385778.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bobby Peru\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.21 21:13:01 | 000,932,528 | ---- | M] () -- C:\Users\Bobby Peru\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.05.10 19:16:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 19:16:36 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.10 19:16:36 | 000,210,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
PRC - [2012.05.10 19:16:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.08 18:01:40 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2011.03.06 14:19:18 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.06 13:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.12.07 18:20:02 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe
PRC - [2010.12.07 18:19:54 | 000,224,680 | ---- | M] () -- C:\Windows\SysWOW64\AsusService.exe
PRC - [2010.12.07 18:19:52 | 001,248,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe
PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe
PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe
PRC - [2010.07.19 21:26:00 | 000,383,792 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe
PRC - [2010.07.19 21:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 21:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.05.21 23:38:30 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.08.12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.21 21:13:01 | 000,932,528 | ---- | M] () -- C:\Users\Bobby Peru\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.05.21 23:38:30 | 000,947,488 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\SysNative\svchost.exe -- (SharedAccess)
SRV - [2012.07.01 16:18:02 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.21 22:22:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.10 19:16:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 19:16:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.06 14:19:18 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.06 13:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.12.07 18:19:54 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\AsusService.exe -- (AsusService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.10 19:16:37 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.10 19:16:37 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.06 13:46:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.24 15:13:04 | 006,180,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.07.29 07:24:55 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.06.08 19:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.05.21 09:46:34 | 000,341,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.05.21 09:45:44 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.05.21 09:45:44 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.05.21 09:45:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.05.21 09:45:42 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.05.08 17:42:26 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.11.19 15:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010.05.27 01:52:32 | 000,006,144 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\ASUS\LiveUpdate\DetectSys.sys -- (DETECT PS2: )
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.09 22:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 22:22:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.05 00:53:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 22:22:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.05 00:53:31 | 000,000,000 | ---D | M]
 
[2012.06.04 14:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Extensions
[2012.06.04 14:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012.06.30 21:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Firefox\Profiles\6mi96ws9.default\extensions
[2012.05.28 18:50:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Firefox\Profiles\6mi96ws9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.06.24 19:10:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Bobby Peru\AppData\Roaming\mozilla\Firefox\Profiles\6mi96ws9.default\extensions\firefox@ghostery.com
[2012.01.28 08:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.21 22:22:03 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:16:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 23:16:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:16:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:16:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:16:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:16:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LiveUpdate] C:\windows\SysNative\AsusSender.exe (ASUSTek Computer Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files (x86)\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Bobby Peru\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Bobby Peru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bobby Peru\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA15046-E9F0-4C3D-B9FD-D1A9BB4423BC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c8713378-5cbf-11e1-b858-742f68d62029}\Shell - "" = AutoRun
O33 - MountPoints2\{c8713378-5cbf-11e1-b858-742f68d62029}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.01 18:06:21 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Roaming\Malwarebytes
[2012.07.01 18:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.01 18:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.01 18:05:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.07.01 18:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.01 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{215CA7BB-B7B7-435A-99DF-C758205EA16F}
[2012.07.01 17:00:09 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{E0EF5206-C3AD-4E70-8993-9F8BAB14209A}
[2012.07.01 16:59:31 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{3C21B855-3634-4516-A5D4-55D791B51FB6}
[2012.07.01 16:59:21 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{1E67044D-314B-43AD-A243-07EA0E8D8128}
[2012.07.01 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{3F0423DF-3B0F-4F02-9A7B-F5CAF322F14D}
[2012.07.01 16:58:47 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{F40BC6F7-F99D-4C75-B449-59F2E03B4EF0}
[2012.07.01 14:35:40 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{955CB9A4-0191-43BC-AF9C-174383F75D3F}
[2012.07.01 14:33:11 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{9AE89A33-8DA5-4994-B6D3-3369CC9F2FE8}
[2012.07.01 14:33:00 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{B09BF20A-E9D0-48A5-B423-3B8FB0B68EB0}
[2012.07.01 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{1ABA07ED-A594-42CE-B3D1-F4603495FFBF}
[2012.07.01 14:32:09 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{BB88CDFC-4C75-41C4-B362-AFFB3CAF696C}
[2012.07.01 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{A3F289FC-5F3A-4947-9B7A-DB553A707962}
[2012.07.01 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{8F82BC3B-828C-41AE-B31D-F948F2FE2D07}
[2012.06.26 18:25:52 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{B151DDE5-34BB-4FA7-BF32-5E95042D4803}
[2012.06.26 18:25:52 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\{0D9B5353-2E9C-4941-B09E-81CF6CA72795}
[2012.06.24 13:05:30 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\Macromedia
[2012.06.04 18:25:17 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\Desktop\Fotos entwickeln
[2012.06.04 14:46:16 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Roaming\Google
[2012.06.04 14:45:58 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google AdWords Editor
[2012.06.04 14:45:53 | 000,000,000 | ---D | C] -- C:\Users\Bobby Peru\AppData\Local\Google
[2009.02.13 12:02:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\devcon_amd64.exe
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\windows\SysNative\
[2012.07.01 18:31:03 | 000,000,000 | ---- | M] () -- C:\Users\Bobby Peru\defogger_reenable
[2012.07.01 18:05:46 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.01 17:49:08 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.01 15:36:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.01 14:34:05 | 000,240,330 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\Rickmer_Rickmers_Bild_31_Werner_Buenning_gr.jpg
[2012.07.01 14:33:54 | 000,311,206 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\Rathaus_Innenhof_Bild_26_Michael_Pfohlmann_gr.jpg
[2012.07.01 14:32:39 | 000,246,421 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\Katharinenfleet_15_Werner_Buennig_gr.jpg
[2012.07.01 11:22:24 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 11:22:23 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 11:14:16 | 000,001,050 | ---- | M] () -- C:\Users\Bobby Peru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.01 11:14:05 | 000,001,028 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\Dropbox.lnk
[2012.07.01 11:10:19 | 2408,046,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.22 07:57:49 | 000,063,371 | ---- | M] () -- C:\Users\Bobby Peru\Desktop\301760_236653716438419_1600843573_n.jpg
[2012.06.14 23:12:42 | 000,414,968 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.06.14 18:23:42 | 001,550,634 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.06.14 18:23:42 | 000,665,578 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.06.14 18:23:42 | 000,627,420 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.06.14 18:23:42 | 000,133,758 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.06.14 18:23:42 | 000,110,140 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
File not found -- C:\windows\SysNative\
[2012.07.01 18:38:06 | 000,022,016 | ---- | C] () -- C:\windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\800000cb.@
[2012.07.01 18:38:05 | 000,016,896 | ---- | C] () -- C:\windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\80000000.@
[2012.07.01 18:31:03 | 000,000,000 | ---- | C] () -- C:\Users\Bobby Peru\defogger_reenable
[2012.07.01 18:05:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.01 16:17:18 | 000,001,696 | ---- | C] () -- C:\windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\00000001.@
[2012.07.01 14:34:04 | 000,240,330 | ---- | C] () -- C:\Users\Bobby Peru\Desktop\Rickmer_Rickmers_Bild_31_Werner_Buenning_gr.jpg
[2012.07.01 14:33:53 | 000,311,206 | ---- | C] () -- C:\Users\Bobby Peru\Desktop\Rathaus_Innenhof_Bild_26_Michael_Pfohlmann_gr.jpg
[2012.07.01 14:32:37 | 000,246,421 | ---- | C] () -- C:\Users\Bobby Peru\Desktop\Katharinenfleet_15_Werner_Buennig_gr.jpg
[2012.06.22 07:57:32 | 000,063,371 | ---- | C] () -- C:\Users\Bobby Peru\Desktop\301760_236653716438419_1600843573_n.jpg
[2012.01.28 04:22:52 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\@
[2012.01.28 04:22:52 | 000,002,048 | -HS- | C] () -- C:\Users\Bobby Peru\AppData\Local\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\@
[2012.01.28 03:36:40 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2011.06.08 18:05:06 | 000,224,680 | ---- | C] () -- C:\windows\SysWow64\AsusService.exe
[2011.06.08 18:05:06 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2011.06.08 18:01:55 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.06.08 18:00:48 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2011.06.08 18:00:46 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2011.06.08 18:00:25 | 000,000,405 | ---- | C] () -- C:\windows\Reboot.ini
[2011.06.08 17:53:19 | 000,013,931 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
 
========== LOP Check ==========
 
[2012.01.28 03:40:31 | 000,000,000 | ---D | M] -- C:\Users\Bobby Peru\AppData\Roaming\ASUS WebStorage
[2012.07.01 11:14:23 | 000,000,000 | ---D | M] -- C:\Users\Bobby Peru\AppData\Roaming\Dropbox
[2012.04.22 12:14:13 | 000,000,000 | ---D | M] -- C:\Users\Bobby Peru\AppData\Roaming\elsterformular
[2012.07.01 02:25:47 | 000,000,000 | ---D | M] -- C:\Users\Bobby Peru\AppData\Roaming\Spotify
[2012.04.29 23:09:19 | 000,003,150 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Und der OTL EXTRA Log:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.07.2012 18:35:43 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Bobby Peru\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 43,28% Memory free
5,98 Gb Paging File | 3,73 Gb Available in Paging File | 62,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 57,07 Gb Free Space | 57,07% Space Free | Partition Type: NTFS
Drive D: | 350,74 Gb Total Space | 125,04 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
 
Computer Name: LCK_ | User Name: Bobby Peru | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.54
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.19.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Uninstall 6_is1" = Total Uninstall 6.0.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1999042-FC82-4098-96B8-510A857C8EA8}" = Google AdWords Editor
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"Eee Docking_is1" = Eee Docking 3.8.3
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Tagger 0.10.5" = MusicBrainz Tagger 0.10.5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"OOBERegBackup_is1" = OOBERegBackup
"ScreenSaverPatch_is1" = ScreenSaverPatch
"The GodFather" = The GodFather
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.06.2012 18:49:42 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10234
 
Error - 20.06.2012 18:49:43 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.06.2012 18:49:43 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11466
 
Error - 20.06.2012 18:49:43 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11466
 
Error - 21.06.2012 02:20:19 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.06.2012 02:20:19 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1185
 
Error - 21.06.2012 02:20:19 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1185
 
Error - 21.06.2012 02:20:20 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.06.2012 02:20:20 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2199
 
Error - 21.06.2012 02:20:20 | Computer Name = lck_ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2199
 
[ System Events ]
Error - 03.06.2012 17:13:57 | Computer Name = lck_ | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 04.06.2012 04:57:23 | Computer Name = lck_ | Source = DCOM | ID = 10010
Description = 
 
Error - 04.06.2012 06:21:48 | Computer Name = lck_ | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 04.06.2012 06:22:37 | Computer Name = lck_ | Source = DCOM | ID = 10005
Description = 
 
Error - 04.06.2012 06:22:37 | Computer Name = lck_ | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 04.06.2012 06:22:37 | Computer Name = lck_ | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2012 06:22:38 | Computer Name = lck_ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007041d
 
Error - 04.06.2012 06:23:55 | Computer Name = lck_ | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2012 06:23:55 | Computer Name = lck_ | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\ASUS\LiveUpdate\DetectSys.sys nicht geladen. Wenden Sie sich an den
 Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 06.06.2012 01:10:36 | Computer Name = lck_ | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >
         
--- --- ---



Ich hoffe die Infos sind ausreichend (falls nicht bitte kurzes Feedback welche Infos ich noch nachliefern soll) und ihr könnt mir weiterhelfen, was als nächstes zu tun ist.

Danke!

Geändert von BobbyPeru (01.07.2012 um 17:56 Uhr)

Alt 02.07.2012, 15:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 - Standard

Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2



Zitat:
Ich hoffe die Infos sind ausreichend (falls nicht bitte kurzes Feedback welche Infos ich noch nachliefern soll) und ihr könnt mir weiterhelfen, was als nächstes zu tun ist.
Nicht ganz, die Logs von AntiVir wären nice2have
__________________

__________________

Alt 02.07.2012, 16:13   #3
BobbyPeru
 
Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 - Standard

Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2



Natürlich, sorry!!

Hier ist der Log:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 1. Juli 2012 16:34

Es wird nach 3819275 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : LCK_

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 10.05.2012 17:16:36
AVSCAN.DLL : 12.3.0.15 66256 Bytes 10.05.2012 17:16:36
LUKE.DLL : 12.3.0.15 68304 Bytes 10.05.2012 17:16:37
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.05.2012 17:16:37
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 17:16:37
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:06:01
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 22:49:06
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:13:49
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 21:34:27
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 21:34:27
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 21:34:27
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 21:34:27
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 21:34:27
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 21:34:27
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 21:34:27
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 21:34:27
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 21:34:27
VBASE014.VDF : 7.11.34.125 2048 Bytes 29.06.2012 21:34:27
VBASE015.VDF : 7.11.34.126 2048 Bytes 29.06.2012 21:34:27
VBASE016.VDF : 7.11.34.127 2048 Bytes 29.06.2012 21:34:27
VBASE017.VDF : 7.11.34.128 2048 Bytes 29.06.2012 21:34:28
VBASE018.VDF : 7.11.34.129 2048 Bytes 29.06.2012 21:34:28
VBASE019.VDF : 7.11.34.130 2048 Bytes 29.06.2012 21:34:28
VBASE020.VDF : 7.11.34.131 2048 Bytes 29.06.2012 21:34:28
VBASE021.VDF : 7.11.34.132 2048 Bytes 29.06.2012 21:34:28
VBASE022.VDF : 7.11.34.133 2048 Bytes 29.06.2012 21:34:28
VBASE023.VDF : 7.11.34.134 2048 Bytes 29.06.2012 21:34:28
VBASE024.VDF : 7.11.34.135 2048 Bytes 29.06.2012 21:34:28
VBASE025.VDF : 7.11.34.136 2048 Bytes 29.06.2012 21:34:28
VBASE026.VDF : 7.11.34.137 2048 Bytes 29.06.2012 21:34:28
VBASE027.VDF : 7.11.34.138 2048 Bytes 29.06.2012 21:34:28
VBASE028.VDF : 7.11.34.139 2048 Bytes 29.06.2012 21:34:28
VBASE029.VDF : 7.11.34.140 2048 Bytes 29.06.2012 21:34:28
VBASE030.VDF : 7.11.34.141 2048 Bytes 29.06.2012 21:34:28
VBASE031.VDF : 7.11.34.164 59392 Bytes 30.06.2012 21:34:28
Engineversion : 8.2.10.102
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 21:12:33
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 21:27:57
AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 07:06:37
AESBX.DLL : 8.2.5.12 606578 Bytes 17.06.2012 21:28:27
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 21:27:56
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 30.06.2012 21:34:32
AEHEUR.DLL : 8.1.4.58 4993399 Bytes 30.06.2012 21:34:32
AEHELP.DLL : 8.1.23.2 258422 Bytes 30.06.2012 21:34:29
AEGEN.DLL : 8.1.5.30 422261 Bytes 17.06.2012 21:28:25
AEEXP.DLL : 8.1.0.58 82292 Bytes 30.06.2012 21:34:32
AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 21:12:45
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.05.2012 17:16:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10.05.2012 17:16:36
AVREP.DLL : 12.3.0.15 179208 Bytes 10.05.2012 17:16:37
AVARKT.DLL : 12.3.0.15 211408 Bytes 10.05.2012 17:16:36
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.05.2012 17:16:36
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.05.2012 17:16:37
AVSMTP.DLL : 12.3.0.15 63440 Bytes 10.05.2012 17:16:36
NETNT.DLL : 12.3.0.15 17104 Bytes 10.05.2012 17:16:37
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 10.05.2012 17:16:36
RCTEXT.DLL : 12.3.0.15 98512 Bytes 10.05.2012 17:16:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ff0141b\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Sonntag, 1. Juli 2012 16:34

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess '18385778.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Boingo Wi-Fi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'syncablesMAPI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CapsHook.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SuperHybridEngine.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotKeyMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'javaw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyWebHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LiveUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'syncables.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsusService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\80000000.@'
C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\80000000.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '552bccf3.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\800000cb.@'
C:\Windows\Installer\{6ccb0062-65a9-6b30-7d2e-436909e222e3}\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dbce354.qua' verschoben!


Ende des Suchlaufs: Sonntag, 1. Juli 2012 16:35
Benötigte Zeit: 00:36 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
769 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
767 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
2 Hinweise


Gestern Abend habe ich nochmal den Malware Scanner laufen lassen, nachdem er die gefundenen Dateien gelöscht hat und der Rechner neu gestartet wurde hat sich das Recovery von Win7 eingeschaltet, da die Dateien die gelöscht wurden wohl nicht hätten gelöscht werden sollten.. ähem... Naja, Recovery hat recovert und jetzt finden weder Antivir noch diverse Malware Scanner einen Befall. Ich hab allerdings mehrfach gelesen, dass dies eine trügerische Sicherheit sein soll.

Danke schonmal!!
__________________

Alt 03.07.2012, 10:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 - Standard

Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2



Zitat:
Gestern Abend habe ich nochmal den Malware Scanner laufen lassen, nachdem er die gefundenen Dateien gelöscht
Warum postest du nicht gleich alle Logs dazu?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
800000cb.@, administrator, anti-malware, antivir, appdata, autostart, avira, avira antivir, befall, dateien, dateisystem, document, explorer, feedback, firefox 13.0.1, gelöscht, google, hallo zusammen, heuristiks/extra, heuristiks/shuriken, install.exe, log-file, malwarebytes, microsoft, microsoft office word, nvidia update, nvpciflt.sys, plug-in, quarantäne, rechner, rootkits, searchscopes, software, speicher, spotify web helper, sweetpacks, temp, test, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, trojan.fakealert, usb 3.0, wickel



Ähnliche Themen: Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2


  1. Virus TR/ATRAPS.Gen2 durch Avira entdeckt. Keine Lösung durch Avira
    Log-Analyse und Auswertung - 29.10.2013 (3)
  2. Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (50)
  3. Windows Vista Befall mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 21.10.2013 (13)
  4. Avira AntiVir meldet Atraps/Gen und Gen2
    Log-Analyse und Auswertung - 09.08.2013 (3)
  5. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  6. TR/ATRAPS.Gen & TR/ATRAPS.Gen2 durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (3)
  7. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  8. Avira meldet ständig Befall mit Tr/atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (13)
  9. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  10. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  11. Avira meldet TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.wjr
    Log-Analyse und Auswertung - 01.08.2012 (1)
  12. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  13. AntiVir meldet TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (11)
  14. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI
    Log-Analyse und Auswertung - 27.06.2012 (29)
  16. Avira meldet Trojaner ATRAPS.GEN2 und Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (27)
  17. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)

Zum Thema Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 - Hallo Zusammen, Avira AntiVir hat mir gemeldet, dass mein Rechner von tr/atraps.gen und tr/atraps.gen2 befallen ist. Ich hab mit Google herausgefunden, dass es sich hierbei um Rootkits handelt die Onlinebanking-Daten - Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2...
Archiv
Du betrachtest: Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.