| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen mit Avira gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.11.2012, 11:30
| #1 |
 |  TR/ATRAPS.Gen mit Avira gefunden Hallo Ich hab evtl. mal wieder ein kleines Problem mit Trojaner. Gestern hat Avira angeschlagen und gemeldet, daß sich in einer Datei D:\Program Files\Steam\SteamApps\downloading\201790\build\release\OrcsMustDie2.exe der Trojaner TR/ATRAPS.Gen sein soll. Nun weiß, daß das eigentlich die Startdatei für ein Spiel ist und Avira manchmal Alarm schlägt, obwohl dazu kein Grund bestehen sollte. Allerdings hatte ich zweimal einen BKA-Trojaner, von dem ich gedacht hatte, ihn erfolgreich entfernt zu haben. Allerdings erhalte ich in letzter Zeit regelmäßig Spam-Mails, die von meiner eigenen Adresse losgeschickt wurden. Deshalb wollte ich zur Sicherheit nachfragen, ob sich doch der ein oder andere Schädling auf meinem PC befindet. Ein kleines Problem gabs beim Durchlauf mit OTL. Ich konnte die Datei Extra.txt nicht finden. Ich hab das Programm mehrfach durchlaufen lassen...und eigentlich hab ich es so gemacht, wie in der Anletung angegeben. Die anderen Logfiles kommen nun… Hier die Gmer-File Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-09 10:42:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AACS-00ZUB0 rev.01.01B01
Running: d5mw84q8.exe; Driver: C:\Users\MASTER~1\AppData\Local\Temp\afddyfob.sys
---- System - GMER 1.0.15 ----
SSDT 8B9306A6 ZwCreateSection
SSDT 8B9306B0 ZwRequestWaitReplyPort
SSDT 8B9306AB ZwSetContextThread
SSDT 8B9306B5 ZwSetSecurityObject
SSDT 8B9306BA ZwSystemDebugControl
SSDT \??\D:\Programme\SASKUTIL.SYS ZwTerminateProcess [0x8F8F7640]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 824AC8D8 4 Bytes [A6, 06, 93, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 824ACBFC 4 Bytes [B0, 06, 93, 8B]
.text ntkrnlpa.exe!KeSetEvent + 56D 824ACC30 4 Bytes [AB, 06, 93, 8B]
.text ntkrnlpa.exe!KeSetEvent + 5D1 824ACC94 4 Bytes [B5, 06, 93, 8B]
.text ntkrnlpa.exe!KeSetEvent + 619 824ACCDC 4 Bytes [BA, 06, 93, 8B]
.text ...
.xreloc C:\Windows\System32\drivers\sfsync04.sys unknown last section [0x80736000, 0xC5E, 0x40000040]
.text C:\Windows\system32\drivers\SSHDRV79.sys section is writeable [0x8FC5C000, 0x2247E, 0xE8000020]
.pklstb C:\Windows\system32\drivers\SSHDRV79.sys entry point in ".pklstb" section [0x8FC8D000]
.relo2 C:\Windows\system32\drivers\SSHDRV79.sys unknown last section [0x8FCA2000, 0x8A, 0x42000040]
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA267C69D]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA2681300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA26C4300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text D:\Programme\Update\realsched.exe[2452] kernel32.dll!SetUnhandledExceptionFilter 75D6A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
Device \Driver\USBSTOR \Device\00000070 86940B50
Device \Driver\USBSTOR \Device\00000071 86940B50
Device \Driver\USBSTOR \Device\00000072 86940B50
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86366368
Device \Driver\atapi \Device\Ide\IdePort0 86366368
Device \Driver\atapi \Device\Ide\IdePort1 86366368
Device \Driver\atapi \Device\Ide\IdePort2 86366368
Device \Driver\atapi \Device\Ide\IdePort3 86366368
Device \Driver\atapi \Device\Ide\IdePort4 86366368
Device \Driver\atapi \Device\Ide\IdePort5 86366368
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 86366368
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-3 86366368
Device \Driver\USBSTOR \Device\00000073 86940B50
Device \Driver\USBSTOR \Device\00000074 86940B50
Device \Driver\USBSTOR \Device\00000075 86940B50
Device \Driver\USBSTOR \Device\00000079 86940B50
Device \Driver\USBSTOR \Device\0000007a 86940B50
Device \Driver\USBSTOR \Device\0000007b 86940B50
Device \Driver\USBSTOR \Device\0000007c 86940B50
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cc11f82-0764-4192-b637-7d8f8658e150}@Dhcpv6Iaid 201332143
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cc11f82-0764-4192-b637-7d8f8658e150}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{4a0b0c51-e430-4c3b-ad1e-68655defd0f3}@Dhcpv6Iaid 268566612
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{4a0b0c51-e430-4c3b-ad1e-68655defd0f3}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{67b2889b-25c6-488f-af1d-2891c3833cee}@Dhcpv6Iaid 234881024
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{67b2889b-25c6-488f-af1d-2891c3833cee}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{8429ba10-518a-4778-ac94-966db9f88e55}@Dhcpv6Iaid 251666821
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{8429ba10-518a-4778-ac94-966db9f88e55}@Dhcpv6State 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid 201331746
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f26686bf-c77e-429d-b7d0-ee7dd2182e7d}@Dhcpv6Iaid 402653184
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f26686bf-c77e-429d-b7d0-ee7dd2182e7d}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid 234886178
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{0cc11f82-0764-4192-b637-7d8f8658e150}@Dhcpv6Iaid 201332143
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{0cc11f82-0764-4192-b637-7d8f8658e150}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{4a0b0c51-e430-4c3b-ad1e-68655defd0f3}@Dhcpv6Iaid 268566612
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{4a0b0c51-e430-4c3b-ad1e-68655defd0f3}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{67b2889b-25c6-488f-af1d-2891c3833cee}@Dhcpv6Iaid 234881024
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{67b2889b-25c6-488f-af1d-2891c3833cee}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{8429ba10-518a-4778-ac94-966db9f88e55}@Dhcpv6Iaid 251666821
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{8429ba10-518a-4778-ac94-966db9f88e55}@Dhcpv6State 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid 201331746
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f26686bf-c77e-429d-b7d0-ee7dd2182e7d}@Dhcpv6Iaid 402653184
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f26686bf-c77e-429d-b7d0-ee7dd2182e7d}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid 234886178
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State 0
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OTL logfile created on: 09/11/2012 11:21:18 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Master of Desaster\Desktop\TR ATRAPS.Gen Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 61.96% Memory free 6.21 Gb Paging File | 5.14 Gb Available in Paging File | 82.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97.66 Gb Total Space | 36.44 Gb Free Space | 37.31% Space Free | Partition Type: NTFS Drive D: | 368.10 Gb Total Space | 45.61 Gb Free Space | 12.39% Space Free | Partition Type: NTFS Drive E: | 3.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 7.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive K: | 967.22 Mb Total Space | 546.81 Mb Free Space | 56.53% Space Free | Partition Type: FAT Drive L: | 465.65 Gb Total Space | 151.19 Gb Free Space | 32.47% Space Free | Partition Type: FAT32 Computer Name: HORT-DES-CHAOS | User Name: Master of Desaster | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Master of Desaster\Desktop\TR ATRAPS.Gen\OTL.exe (OldTimer Tools) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - D:\Programme\SASCORE.EXE (SUPERAntiSpyware.com) PRC - d:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\Programme\Update\realsched.exe (RealNetworks, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Modules (No Company Name) ========== MOD - D:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- D:\Programme\Spybot File not found SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (!SASCORE) -- D:\Programme\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- d:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- d:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (Capture Device Service) -- C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (FirebirdServerMAGIXInstance) -- d:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (gUSBSTOi) -- C:\Users\MASTER~1\AppData\Local\Temp\gUSBSTOi.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SASDIFSV) -- D:\Programme\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- D:\Programme\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH) DRV - (SSHDRV79) -- C:\Windows\System32\drivers\SSHDRV79.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (sfsync04) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Master of Desaster\Desktop\Malle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 AA B0 CB 3D A9 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: d:\programme\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: d:\programme\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: d:\programme\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/02 15:32:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/10/27 16:29:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/10/27 16:29:17 | 000,000,000 | ---D | M] [2011/03/07 07:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Extensions [2012/10/23 07:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions [2011/04/19 16:55:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/10/03 17:36:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012/09/26 09:20:49 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions\firefox@ghostery.com [2012/09/16 22:14:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions\ich@maltegoetz.de [2012/07/05 17:22:01 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\extensions\elemhidehelper@adblockplus.org.xpi [2012/10/10 20:50:24 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\extensions\toolbar@web.de.xpi [2012/04/26 08:13:59 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012/07/26 16:38:08 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/10/10 20:50:27 | 000,000,911 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\searchplugins\11-suche.xml [2012/10/10 20:50:27 | 000,002,273 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\searchplugins\englische-ergebnisse.xml [2012/10/10 20:50:27 | 000,010,563 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\searchplugins\gmx-suche.xml [2012/10/10 20:50:27 | 000,002,432 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\searchplugins\lastminute.xml [2012/10/10 20:50:27 | 000,005,545 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\firefox\profiles\74ro8g6q.default\searchplugins\webde-suche.xml O1 HOSTS File: ([2012/01/18 21:14:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TkBellExe] D:\Programme\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandenes PDF anfügen - res://d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - res://d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} hxxp://www.smartphoto.de/ExtraFilmUploader6.cab (ExtraFilm Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8429BA10-518A-4778-AC94-966DB9F88E55}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Programme\SASWINLO.DLL) - D:\Programme\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Programme\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/07/23 06:55:00 | 000,206,152 | R--- | M] () - E:\AutoStarter.exe -- [ CDFS ] O32 - AutoRun File - [2010/05/26 09:53:00 | 000,002,237 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2010/07/23 06:55:16 | 000,000,000 | ---D | M] - E:\autostarter -- [ CDFS ] O32 - AutoRun File - [2006/01/11 06:29:34 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/09 06:57:45 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Desktop\TR ATRAPS.Gen [2012/11/06 11:32:13 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Desktop\für Statistik [2012/10/30 23:45:38 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Documents\Shiner [2012/10/30 10:05:35 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\AppData\Local\Audible [2012/10/25 07:41:12 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax [2012/10/25 07:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager [2012/10/25 07:39:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible [2012/10/25 07:39:41 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Documents\Audible [2012/10/25 07:38:42 | 001,730,272 | ---- | C] (Audible Inc.) -- C:\Users\Master of Desaster\Desktop\ActiveSetupN.exe [2012/10/24 18:24:14 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Desktop\Grünes Band [2012/10/18 19:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\mqfafreuqbtqkmd [2012/10/15 10:26:10 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Desktop\MALLES ZEUG [2012/10/12 14:46:03 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2012/10/12 14:35:28 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\AppData\Roaming\InstallShield [2012/10/10 21:18:28 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\AppData\Roaming\ProtectDISC [2012/10/10 21:17:55 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Documents\Lost Horizon [2012/10/10 21:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer [2012/10/10 21:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/09 10:50:45 | 000,632,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/11/09 10:50:45 | 000,598,978 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/09 10:50:45 | 000,127,542 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/11/09 10:50:45 | 000,104,992 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/09 10:48:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/09 10:45:10 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/09 10:45:09 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/09 10:45:09 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/09 10:44:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/09 10:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/09 06:23:28 | 000,000,705 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/08 22:14:18 | 535,785,472 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\JMP10Trial.exe [2012/11/08 19:11:38 | 000,005,572 | ---- | M] () -- C:\Users\Master of Desaster\Documents\.RData [2012/11/08 19:11:38 | 000,001,153 | ---- | M] () -- C:\Users\Master of Desaster\Documents\.Rhistory [2012/10/30 17:58:23 | 000,000,216 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\Orcs Must Die! 2.url [2012/10/30 08:53:09 | 000,000,000 | ---- | M] () -- C:\Users\Master of Desaster\Documents\PDVD_MediaDisc.PlayList [2012/10/25 07:41:17 | 000,000,773 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\Audible Manager.lnk [2012/10/25 07:41:12 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax [2012/10/25 07:38:50 | 001,730,272 | ---- | M] (Audible Inc.) -- C:\Users\Master of Desaster\Desktop\ActiveSetupN.exe [2012/10/24 07:23:39 | 000,285,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/10/19 12:39:04 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000015B3.LCS [2012/10/18 19:35:05 | 000,076,340 | ---- | M] () -- C:\ProgramData\ribxkqwjuiqznnv [2012/10/12 14:46:03 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2012/10/12 14:43:49 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Dark Messiah of Might and Magic spielen.lnk [2012/10/10 21:16:53 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Lost Horizon.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/09 06:23:28 | 000,000,705 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/08 19:41:38 | 535,785,472 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\JMP10Trial.exe [2012/11/08 19:11:38 | 000,005,572 | ---- | C] () -- C:\Users\Master of Desaster\Documents\.RData [2012/11/08 19:11:38 | 000,001,153 | ---- | C] () -- C:\Users\Master of Desaster\Documents\.Rhistory [2012/10/30 17:58:23 | 000,000,216 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\Orcs Must Die! 2.url [2012/10/25 07:41:17 | 000,000,773 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\Audible Manager.lnk [2012/10/18 19:35:01 | 000,076,340 | ---- | C] () -- C:\ProgramData\ribxkqwjuiqznnv [2012/10/12 14:43:49 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Dark Messiah of Might and Magic spielen.lnk [2012/10/10 21:18:33 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000015B3.LCS [2012/10/10 21:16:53 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Lost Horizon.lnk [2012/07/02 15:13:48 | 000,000,052 | ---- | C] () -- C:\ProgramData\rezqtdipzrneqrx [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/01/18 21:05:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/01/18 21:05:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/01/18 21:05:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/01/18 21:05:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/01/18 21:05:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/11/21 21:52:25 | 000,000,000 | ---- | C] () -- C:\Users\Master of Desaster\defogger_reenable [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/09/25 17:16:12 | 000,073,424 | ---- | C] () -- C:\Windows\War3Unin.dat [2011/08/15 10:31:11 | 000,017,408 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\WebpageIcons.db [2011/05/04 15:01:23 | 000,004,096 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\keyfile3.drm [2011/04/07 09:26:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011/04/03 11:18:54 | 000,000,081 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Roaming\clipcatcher.ini [2011/04/01 11:37:15 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011/04/01 11:36:02 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011/03/07 07:11:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/09 15:44:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV79.sys [2011/01/24 20:12:00 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010/11/16 09:22:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010/11/16 09:22:09 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010/10/01 08:07:42 | 000,166,912 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/30 20:53:03 | 000,001,024 | ---- | C] () -- C:\Users\Master of Desaster\.rnd [2010/09/30 16:20:37 | 000,000,680 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/06/20 18:39:28 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Ankh [2011/01/15 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Atari [2012/05/10 19:48:41 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\BOM [2011/08/12 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Broken Sword 2.5 [2011/11/15 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Canneverbe Limited [2010/09/30 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\CheckPoint [2012/05/16 07:24:43 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox [2011/12/07 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\DVDVideoSoft [2012/09/05 10:22:10 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\EndNote [2011/12/08 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\FLV Extract [2011/04/03 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\GetRightToGo [2011/04/01 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MAGIX [2012/10/30 11:48:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MySQL [2011/04/03 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloader [2011/04/03 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloaderHD [2011/02/22 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Opera [2012/10/10 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\ProtectDISC [2011/03/15 20:23:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Scalabium [2012/06/20 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\ScummVM [2012/03/27 09:01:34 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\The Creative Assembly [2012/04/01 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Trine2 [2011/03/06 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Ubisoft [2011/12/08 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Schonmal Danke für die Hilfe Holger |
| Themen zu TR/ATRAPS.Gen mit Avira gefunden |
| adobe, antivir, avg, avira, bho, bonjour, combofix, defender, desktop, emsisoft, error, excel, firefox, flash player, format, home, nodrives, nvidia update, plug-in, problem, programm, registry, safer networking, scan, schädling, sicherheit, software, system, temp, trojaner tr/atraps.gen, vista |
Baum-Darstellung