![]() | ![]() TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Hallo zusammen, ich bin zwar halbwegs fit was meinen Laptop angeht, aber mittlerweile bin ich mir echt super unsicher nachdem was ich alles recherchiert habe. Ich hoffe ihr könnt mir helfen. Alles fing damit an, dass mein Avira mir TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 Funde gemeldet hat und dies immer in Abständen von ca. 7 Minuten. Mittlerweile habe ich noch mehr Viren in meiner Quarantäne - 40 Einträge, davon mehrfach TR/ATRAPS.Gen und TR/ATRAPS.Gen2. Nach einigem googeln dann vielleicht etwas vorschnell gehandelt und Malwarebytes laufen lassen. Dies hat die beiden auch gefunden und ich habe sie - hoffentlich wirklich- entfernt. Bis jetzt gibt es auch keine weiteren Meldungen von Avira. Da ich jedoch auch Onlline-Banking betreibe bin ich mir extrem unsicher ob die Viren wirklich weg sind. Deshalb meine Fragen und meine Hoffnung, ob mir hier jemand weiterhelfen kann: 1. Kann ich die Quarantäne von Avira nun löschen? 2. Sind die Meldungen Geschichte und mein Befall wirklich erledigt? 3. Wie kann ich dies überprüfen? 4. Komme ich um eine Formatierung rum (denke nur an die Daten habe nämlich leider keine externe Festplatte) Im voraus schon recht herzlichen Dank für die Hilfe, habe auch schon die entsprechenden Programme geladen, benötige allerdings Hilfe welcher Schritt wann und wie durchzuführen ist. Mein System ist X86-basierend und ich nutze Windows7. Geändert von StarCGN (06.07.2012 um 13:34 Uhr) |
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Du hast ja kein einziges Log gepostet! Poste alle Logs von AntVir und Malwarebytes!
![]() | #3 |
![]() | ![]() TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Hey Cosinus,
__________________hier kommen jetzt alle Logfiles als zip (OTL, AVIRA, Gmer, Defogger, Malware). War doch richtig, dass der Realname in allen Logfiles mit *** ersetzt werden soll oder? So, mal schauen ob das mit den Anhängen jetzt auch klappt und wenn ich es richtig verstanden hab soll die OTL direkt gepostet werden.OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.07.2012 16:58:32 - Run 1 OTL by OldTimer - Version Folder = C:\Users\***\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,21% Memory free 5,99 Gb Paging File | 4,74 Gb Available in Paging File | 79,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 97,43 Gb Free Space | 21,37% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.04 19:03:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.09 15:45:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 15:45:43 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 15:45:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 15:45:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.07.26 15:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.02.04 21:24:30 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\MARCEL~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.29 11:28:19 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.04.20 15:25:54 | 000,675,840 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.02.24 02:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008.10.24 21:18:26 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe ========== Modules (No Company Name) ========== MOD - [2012.06.19 18:49:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.19 18:49:08 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.12 22:17:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 22:16:44 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009.07.29 11:28:19 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.09 15:45:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 15:45:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.27 16:36:26 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.07.26 15:15:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012.05.09 15:45:45 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 15:45:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.07.26 15:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.02.21 04:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: imagetab@next.gen.nz:1.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}: FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}: FF - prefs.js..extensions.enabledItems: imgfetcher@substantiel.fr:0.3.2 FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version= c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version= c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version= C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version= C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version= c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.05 21:09:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.21 17:00:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 16:36:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.04 14:09:21 | 000,000,000 | ---D | M] [2010.02.04 21:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.06 13:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions [2010.12.31 14:03:43 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2012.07.03 17:43:24 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.03.31 08:50:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.24 07:52:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions\ich@maltegoetz.de [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\searchplugins\icqplugin.xml [2012.03.31 08:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.02.04 20:54:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.15 18:42:03 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012.03.15 18:42:01 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012.05.04 14:27:17 | 000,439,720 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI [2012.03.01 10:54:23 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI [2012.03.31 08:50:53 | 000,050,279 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{524B8EF8-C312-11DB-8039-536F56D89593}.XPI [2011.10.04 18:27:55 | 000,080,359 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{5E594888-3E8E-47DA-B2C6-B0B545112F84}.XPI [2011.03.30 19:17:12 | 000,089,724 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{A4732521-77D9-447E-A557-B279AC923F06}.XPI [2012.02.11 20:01:28 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.07.03 17:43:09 | 000,082,787 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI [2012.04.27 16:36:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.15 18:54:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.01.22 18:52:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.22 18:52:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.22 18:52:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.22 18:52:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.22 18:52:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.22 18:52:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D339A2-2E1C-4A58-9E98-AEB4A3193896}: DhcpNameServer = O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ACER03.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ACER03.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7c0069ec-b483-11e0-919b-001f16b58c22}\Shell - "" = AutoRun O33 - MountPoints2\{7c0069ec-b483-11e0-919b-001f16b58c22}\Shell\AutoRun\command - "" = E:\ICM_ML.exe O33 - MountPoints2\{adc00507-7318-11df-920e-001f16b58c22}\Shell - "" = AutoRun O33 - MountPoints2\{adc00507-7318-11df-920e-001f16b58c22}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 19:03:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.03 22:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.03 22:16:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.03 22:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.26 18:20:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.12 16:55:51 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.12 16:53:05 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 16:53:05 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 16:47:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.12 16:47:46 | 2411,859,968 | -HS- | M] () -- C:\hiberfil.sys [2012.07.04 19:04:57 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\b725ev9x.exe [2012.07.04 19:03:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.04 19:02:58 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.03 22:17:00 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.26 17:49:55 | 000,657,824 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.26 17:49:55 | 000,619,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.26 17:49:55 | 000,131,164 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.26 17:49:55 | 000,107,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.19 18:47:13 | 000,434,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.14 11:22:12 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll ========== Files Created - No Company Name ========== [2012.07.12 16:55:51 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.04 19:04:55 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\b725ev9x.exe [2012.07.04 19:02:53 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.03 22:17:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.29 15:56:50 | 000,001,696 | ---- | C] () -- C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\U\00000001.@ [2012.04.27 17:51:27 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2012.03.15 18:48:39 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2012.01.19 22:16:46 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\@ [2011.07.04 20:51:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.07.04 20:45:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.04.30 00:30:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.30 00:29:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.26 18:07:24 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.08.19 03:16:33 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2010.07.29 19:51:35 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.07.29 19:51:35 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.05.09 18:02:06 | 000,003,542 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.03.30 19:56:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.05 18:13:59 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.02 14:48:06 | 000,000,378 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.02.04 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2010.02.04 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Chilirec [2010.08.07 09:31:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.04 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EA [2010.05.09 18:02:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.12.18 08:32:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.02.04 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin [2011.09.05 19:31:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek [2010.08.19 03:59:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeoDownloader [2010.08.19 02:42:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OutWit [2011.01.21 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre [2011.03.30 22:12:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2012.05.03 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.05.09 17:46:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scribus [2011.01.15 23:12:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper [2011.02.15 23:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Summitsoft [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.08.28 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox [2011.01.10 23:23:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VCOM [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs [2011.09.06 17:00:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode [2012.05.10 18:23:53 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Poste die Logs bitte grundsätzlich direkt in den Beitrag mit CODE-Tags umschlossen, es ist einfach zu umständlich wenn man hier dutzende Fälle hat und jedes Mal jedes Log einzeln runterladen oder zip Dateien runterladen und entpacken muss
![]() | ![]() TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Kein Problem, OTL ist ja schon gepostet, dann kommen hier die weiteren Logs wie gewünscht: Defogger disable Code:
ATTFilter defogger_disable by jpshortstuff ( Log created at 16:55 on 12/07/2012 (Marcel Pertsemlis) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL Extras logfile created on: 12.07.2012 16:58:32 - Run 1 OTL by OldTimer - Version Folder = C:\Users\***\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,21% Memory free 5,99 Gb Paging File | 4,74 Gb Available in Paging File | 79,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 97,43 Gb Free Space | 21,37% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0075E071-78BC-4DC6-89FE-2BA664BA1ABE}" = lport=2869 | protocol=6 | dir=in | app=system | "{01E2B4F7-39E9-4743-B119-DCFBAA9D6E16}" = lport=10243 | protocol=6 | dir=in | app=system | "{0AFB1838-77ED-4C55-B490-89D5B954113D}" = lport=138 | protocol=17 | dir=in | app=system | "{13278667-CF75-4A93-A29E-6C5ED08515B9}" = rport=2869 | protocol=6 | dir=out | app=system | "{13453792-502C-4232-9B8E-64BC3B08C1B4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{20D6CABA-16EF-48F6-B9DA-BAE7625DACA8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{2292B349-CAA4-4AE9-BA3C-2A348E50BBFC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{2306FE88-BDF8-40E2-B3AB-3BFCFC81068E}" = rport=138 | protocol=17 | dir=out | app=system | "{249D445C-6670-4DC4-AEC2-22E85D00E8F3}" = lport=2869 | protocol=6 | dir=in | app=system | "{306A914A-EDF1-41B2-BDD2-62C2A0A03718}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{32320EC2-D71E-4122-8ABF-CB8DCA48A3C7}" = lport=137 | protocol=17 | dir=in | app=system | "{392D6F36-A2F1-44D9-B164-93E9FECDAE0A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3CEF52FC-0B1A-45A8-B860-D30D40863201}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3E3749EB-CEC5-4536-9912-891F3E058915}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{44321092-9673-4D1A-9618-A73C72A4C7C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4769EC12-7235-40B6-AD58-F80C178F7F5B}" = rport=139 | protocol=6 | dir=out | app=system | "{4C70A7A1-9577-4C06-B2FC-B849458A950E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4DE11AAA-E92E-412D-9E11-CFFEBF5E396E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{50E36577-1325-481C-87D7-BA73301EC62F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5793AE9B-CF7C-466F-A034-486A06932105}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5D3377DE-4E7B-4A6F-BCB1-6DC04F714A3D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{61B3293D-86CB-44FB-BFCE-E643C7AB021A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6FA179D5-0033-4D96-96F1-1008DBB75380}" = lport=139 | protocol=6 | dir=in | app=system | "{7CBD1FF6-012E-4A32-886D-FBF5AD03BFE1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{822C9F1B-2D35-4E16-B8F2-8F8746F50EF4}" = lport=445 | protocol=6 | dir=in | app=system | "{82D08A91-951A-42DF-8110-296F85E243AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{88C6FA8D-5C0B-4FF4-AEA4-BEFF559BEBE6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8AC1C2FE-9B57-464D-9DB2-F2845D0A2360}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A641F392-CA50-40B0-B1B8-E738217FFCE6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AB403DC4-C578-4F67-9BA2-2E5D08FB00AC}" = rport=445 | protocol=6 | dir=out | app=system | "{ADCC3465-7C51-4513-875A-15043B51A838}" = rport=10243 | protocol=6 | dir=out | app=system | "{B509509C-7300-4646-B641-45E95472AF09}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{C0B4AB4A-1890-40C1-8265-4F1F016485CE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C150AB79-4CE0-40AB-8734-4A2B163EC8A4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD3AC35B-6C85-46E1-9017-4E468256FEB1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{CD9C8297-4544-4719-A027-1E2964381EF5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D7F582FD-8515-4528-B46B-B29B57C71FC9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D98A4737-CF34-4BEB-B61D-6407A07F8672}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D9F31C71-F47F-4E6E-9BF6-739B99DE4AA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DB25C734-0BDF-4D34-8FA5-B08C607F4357}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E406B0A9-4EE9-4B4C-BF61-0341D08B59A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EA634A08-4C04-4F51-A31C-150ABC30F866}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB05C413-6D3D-43C3-AFF4-37E68044E312}" = rport=137 | protocol=17 | dir=out | app=system | "{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | "{EE5F0669-DB42-4AA5-BB42-A36395CAE51B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF291AA6-0844-44EF-A932-C59BF6CE6142}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F3CDD9DF-C514-4B85-9077-DEE87E0C6216}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08289132-EBBE-48A1-807F-884A195790E5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0CCAE01F-2362-41E5-B10E-220DBEB83D9C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{0FBE3107-0442-49C4-B123-8AC0A3EA552C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{154A3891-4BF4-4CF1-A784-E19E52C95F41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1DEC3C71-8786-4A71-9C41-C32F90827239}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2F2242E3-59B7-4A07-ABD1-D44F4CBF1B9D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{321B03D2-9DB6-404C-9A12-2BAF4C5BB74F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{324F9E8F-2CD9-409A-9C37-A0162A4300EA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3489D25D-4596-470C-BEA5-934EDD47A7E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3F641F09-6D3D-4040-8A39-0464EE41E503}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4A73AF05-F6BE-4382-81FA-79DB42DEAF55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4F526FD0-9195-4503-9522-A053FF547D55}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{50CCEDAD-801C-468C-A520-B08052041019}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{53FAED41-ACE8-4994-A0A4-C44A4FBA55B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{5B7451BD-3ED1-49E7-95C9-2C84953B404B}" = protocol=58 | dir=in | app=system | "{5C24D747-9080-4329-95AF-9A694D2BB948}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{607F8E16-3991-4E3B-8DAE-CB2831C1A81D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{61517CBB-9239-429F-AEBF-7D5C544805E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{808E4C1F-5787-4A95-ACBA-2F71C2622C4F}" = protocol=6 | dir=out | app=system | "{8328CF97-F98C-4E18-B5BA-5C9C0F33D5CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{87D3E945-429F-4506-B50B-A711FE4C4AB9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{91ADA66B-2F90-44DC-BF1A-8118A019CE76}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{92477870-060C-49F7-B7C6-15360F023E71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{A88B49FE-12D7-4685-A0AF-B78EC0DE3841}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B360D575-2E61-475F-B72D-CC381B0B4172}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B50FE55D-0FD6-4A7F-9B56-6DDC9BE5C9C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BD84FFB2-664B-47F1-97C6-1C25E3EF31D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BED246E1-95F6-4A6B-A6E4-6CF559D6C793}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C85BF2D7-1899-4195-915D-75084B04425F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{C8866F41-30F2-4366-A579-3B0ABA7847CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D67C5BC0-5E9A-4FC7-B46F-4B529951B903}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E09D0ECF-0ADB-4FCE-828F-EC815DD22F5E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{E4FA250F-276C-40AC-B5CB-73BB2523B553}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E66BA661-B9C8-4299-910A-B25F3F5C8852}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EB30ACF6-AD22-49C2-9585-07A717427915}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EDA4F6F7-2149-4CAA-86D6-572FD981DCBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EF04AA03-EF3F-4A4E-BF4D-28C07E644A77}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F4F4D59C-D065-4587-B688-93EC91019C71}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{FB427639-C7B1-4AA0-824F-26003662418C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FF620D8B-5F13-495C-BAA6-81EEEDDA7B81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{29BDDBE1-1EAD-43EF-A295-2EE129722B96}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{7950FCF7-ADE1-4341-B765-FF2CE96A17F7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{BA416692-0560-4AEF-A8E4-1AF7531F4F1C}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe | "TCP Query User{CD6FB029-7435-4453-8F22-43335C1E0355}C:\users\***\downloads\cryptload_1.1.8\routerclient.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\cryptload_1.1.8\routerclient.exe | "TCP Query User{EC84ED5E-3BA5-40BF-ACD4-5B325BD5D29C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{25F640D0-7EB8-4FBD-AF34-62B1394C7A0D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4CC43C6A-B953-4D21-A1BF-65EF44A561AB}C:\users\***\downloads\cryptload_1.1.8\routerclient.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\cryptload_1.1.8\routerclient.exe | "UDP Query User{6A338645-7666-47FC-90B8-86A2A4DEC419}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{9967B800-574A-4DD4-9098-D6B36CE796B1}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe | "UDP Query User{E6852575-0836-49BC-8A71-870DF3F84B73}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard "{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{155D9248-A524-42D9-B255-D8308F3BF15C}" = Web Easy Professional 6 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish "{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager "{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian "{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German "{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese "{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static "{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72409F4A-4C9F-4151-96A0-9A09E95FA016}" = Web Easy Professional 6 "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish "{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish "{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish "{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins "{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian "{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian "{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean "{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch "{CE39C8A5-C98D-4702-807F-265FCF9F54FD}" = TubeBox! "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver: "{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech "{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyFreeCodec" = MyFreeCodec "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "PokerStars.net" = PokerStars.net "RealPlayer 12.0" = RealPlayer "Streamripper" = Streamripper (Remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "XMedia Recode" = XMedia Recode ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec "PhotoFiltre" = PhotoFiltre "Winamp Detect" = Winamp Anwendungserkennung ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.11.2011 07:26:44 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 25.11.2011 07:28:15 | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = Error - 25.11.2011 07:29:30 | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000ca46 ID des fehlerhaften Prozesses: 0x1254 Startzeit der fehlerhaften Anwendung: 0x01ccab6565429b89 Pfad der fehlerhaften Anwendung: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe Pfad des fehlerhaften Moduls: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe Berichtskennung: bce789c7-1758-11e1-9220-001f16b58c22 Error - 25.11.2011 20:34:47 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 25.11.2011 20:34:47 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 25.11.2011 20:36:18 | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = Error - 25.11.2011 20:37:27 | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000ca46 ID des fehlerhaften Prozesses: 0xaf0 Startzeit der fehlerhaften Anwendung: 0x01ccabd378229110 Pfad der fehlerhaften Anwendung: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe Pfad des fehlerhaften Moduls: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe Berichtskennung: d01d30d7-17c6-11e1-8d91-001f16b58c22 Error - 27.11.2011 11:17:33 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 27.11.2011 11:17:33 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 27.11.2011 11:19:02 | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = Error - 27.11.2011 11:20:04 | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000ca46 ID des fehlerhaften Prozesses: 0x1348 Startzeit der fehlerhaften Anwendung: 0x01ccad17f105f75e Pfad der fehlerhaften Anwendung: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe Pfad des fehlerhaften Moduls: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe Berichtskennung: 47c66181-190b-11e1-bb1e-001f16b58c22 [ Media Center Events ] Error - 19.09.2009 09:03:08 | Computer Name = Home-PC | Source = McrMgr | ID = 109 Description = [ System Events ] Error - 06.07.2012 07:55:59 | Computer Name = Home-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 06.07.2012 08:07:31 | Computer Name = Home-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 06.07.2012 08:07:31 | Computer Name = Home-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 06.07.2012 08:07:50 | Computer Name = Home-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 06.07.2012 09:07:41 | Computer Name = Home-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 06.07.2012 10:13:32 | Computer Name = Home-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 10.07.2012 12:21:23 | Computer Name = Home-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 10.07.2012 12:21:23 | Computer Name = Home-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 12.07.2012 10:47:54 | Computer Name = Home-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 12.07.2012 10:47:54 | Computer Name = Home-PC | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > Avira Scan Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Donnerstag, 12. Juli 2012 17:52 Es wird nach 3865947 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Ultimate Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : HOME-PC Versionsinformationen: BUILD.DAT : 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 466896 Bytes 09.05.2012 13:45:43 AVSCAN.DLL : 66256 Bytes 09.05.2012 13:45:43 LUKE.DLL : 68304 Bytes 09.05.2012 13:45:45 AVSCPLR.DLL : 97032 Bytes 09.05.2012 13:45:45 AVREG.DLL : 232200 Bytes 10.05.2012 16:48:48 VBASE000.VDF : 19875328 Bytes 06.11.2009 09:49:21 VBASE001.VDF : 13342208 Bytes 14.12.2010 06:56:15 VBASE002.VDF : 14374912 Bytes 20.12.2011 06:56:21 VBASE003.VDF : 4472832 Bytes 01.02.2012 06:52:39 VBASE004.VDF : 4329472 Bytes 28.03.2012 06:52:46 VBASE005.VDF : 4034048 Bytes 29.06.2012 15:00:48 VBASE006.VDF : 2048 Bytes 29.06.2012 15:00:48 VBASE007.VDF : 2048 Bytes 29.06.2012 15:00:48 VBASE008.VDF : 2048 Bytes 29.06.2012 15:00:48 VBASE009.VDF : 2048 Bytes 29.06.2012 15:00:48 VBASE010.VDF : 2048 Bytes 29.06.2012 15:00:49 VBASE011.VDF : 2048 Bytes 29.06.2012 15:00:49 VBASE012.VDF : 2048 Bytes 29.06.2012 15:00:49 VBASE013.VDF : 2048 Bytes 29.06.2012 15:00:49 VBASE014.VDF : 169472 Bytes 02.07.2012 15:00:49 VBASE015.VDF : 122368 Bytes 04.07.2012 15:37:21 VBASE016.VDF : 146944 Bytes 06.07.2012 16:26:39 VBASE017.VDF : 126464 Bytes 09.07.2012 16:26:40 VBASE018.VDF : 151552 Bytes 12.07.2012 14:51:55 VBASE019.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE020.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE021.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE022.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE023.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE024.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE025.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE026.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE027.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE028.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE029.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE030.VDF : 2048 Bytes 12.07.2012 14:51:55 VBASE031.VDF : 53248 Bytes 12.07.2012 14:51:56 Engineversion : AEVDF.DLL : 102772 Bytes 10.07.2012 16:26:41 AESCRIPT.DLL : 455034 Bytes 06.07.2012 11:26:39 AESCN.DLL : 131444 Bytes 14.04.2012 06:52:53 AESBX.DLL : 606578 Bytes 19.06.2012 16:52:03 AERDL.DLL : 639348 Bytes 31.01.2012 06:55:37 AEPACK.DLL : 807286 Bytes 10.07.2012 16:26:41 AEOFFICE.DLL : 201082 Bytes 28.06.2012 16:39:42 AEHEUR.DLL : 5009782 Bytes 06.07.2012 11:26:38 AEHELP.DLL : 258422 Bytes 28.06.2012 16:37:18 AEGEN.DLL : 434548 Bytes 06.07.2012 11:26:18 AEEXP.DLL : 86389 Bytes 12.07.2012 14:51:56 AEEMU.DLL : 393587 Bytes 10.07.2012 16:26:41 AECORE.DLL : 201078 Bytes 10.07.2012 16:26:40 AEBB.DLL : 53618 Bytes 31.01.2012 06:55:33 AVWINLL.DLL : 27344 Bytes 09.05.2012 13:45:43 AVPREF.DLL : 51920 Bytes 09.05.2012 13:45:43 AVREP.DLL : 179208 Bytes 09.05.2012 13:45:45 AVARKT.DLL : 211408 Bytes 09.05.2012 13:45:43 AVEVTLOG.DLL : 169168 Bytes 09.05.2012 13:45:43 SQLITE3.DLL : 398288 Bytes 09.05.2012 13:45:45 AVSMTP.DLL : 63440 Bytes 09.05.2012 13:45:43 NETNT.DLL : 17104 Bytes 09.05.2012 13:45:45 RCIMAGE.DLL : 4447952 Bytes 09.05.2012 13:45:43 RCTEXT.DLL : 98512 Bytes 09.05.2012 13:45:43 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Donnerstag, 12. Juli 2012 17:52 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'WINWORD.EXE' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '101' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '157' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerTray.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '111' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'wmdc.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'GrooveMonitor.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'PLFSetI.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'mwlDaemon.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'RtkBtMnt.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'LManager.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'EgisUpdate.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'BackupManagerTray.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'AmIcoSinglun.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '211' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'SchedulerSvc.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'IScheduleSvc.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'MWLService.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'FsUsbExService.Exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerSvc.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '97' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '168' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '129' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2475' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <ACER> C:\Program Files\WinRAR\rarnew.dat [WARNUNG] Das Archiv ist unbekannt oder defekt C:\ProgramData\MGS\cache\__temp\__\shared\0000\0399\3993525.cab [WARNUNG] Der Archivheader ist defekt C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\U\00000001.@ [FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/ZAccess.T C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\5BE4.tmp.zip [WARNUNG] Unerwartetes Dateiende erreicht C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905200127G00000882515.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905200536G00000175727.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905201423G00000425222.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905201603G00000460582.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905201738G00000226414.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905201836G00000264080.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905202407G00000109632.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905202839G00000210716.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110905202955000000042089.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906205121G00001244037.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906210401G00000929948.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906222551G00000923036.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906222745G00000770776.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906223233G00000591881.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906223324G00000502961.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906223443G00000443730.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906223641G00000297254.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906224537000000048682.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Documents\Samsung\Kies\Download\Applications\20110906224935G00000061108.app [WARNUNG] Der Archivheader ist defekt C:\Users\***\Downloads\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\***\Downloads\rpc412_setup.exe [WARNUNG] Die komprimierten Daten sind fehlerhaft Beginne mit der Desinfektion: C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\U\00000001.@ [FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/ZAccess.T [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '558ba723.qua' verschoben! Ende des Suchlaufs: Donnerstag, 12. Juli 2012 19:11 Benötigte Zeit: 1:18:43 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 24547 Verzeichnisse wurden überprüft 445019 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 445018 Dateien ohne Befall 2877 Archive wurden durchsucht 24 Warnungen 1 Hinweise 614651 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Gmer Log Code:
ATTFilter GMER - hxxp://www.gmer.net Rootkit scan 2012-07-12 17:47:57 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O Running: b725ev9x.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\kgldipow.sys ---- System - GMER 1.0.15 ---- SSDT 99C539CE ZwCreateSection SSDT 99C539D8 ZwRequestWaitReplyPort SSDT 99C539D3 ZwSetContextThread SSDT 99C539DD ZwSetSecurityObject SSDT 99C539E2 ZwSystemDebugControl SSDT 99C5396F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 834503C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83489D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83490EAC 4 Bytes [CE, 39, C5, 99] {INTO ; CMP EBP, EAX; CDQ } .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83491208 4 Bytes [D8, 39, C5, 99] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8349124C 4 Bytes [D3, 39, C5, 99] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 834912C8 4 Bytes [DD, 39, C5, 99] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8349131C 4 Bytes [E2, 39, C5, 99] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9200B000, 0x2D5378, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.) ---- Threads - GMER 1.0.15 ---- Thread SYSTEM [4:1328] A1A40F2E ---- EOF - GMER 1.0.15 ---- Malwarebytes Log 1 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.07.03.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Marcel Pertsemlis :: HOME-PC [Administrator] 03.07.2012 22:20:11 mbam-log-2012-07-03 (22-20-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236734 Laufzeit: 4 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\Downloads\roxypalace.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Log 2 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.07.03.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Marcel Pertsemlis :: HOME-PC [Administrator] 03.07.2012 22:31:51 mbam-log-2012-07-03 (22-31-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236787 Laufzeit: 6 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Log 3 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.07.03.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Marcel Pertsemlis :: HOME-PC [Administrator] 03.07.2012 22:40:07 mbam-log-2012-07-03 (22-40-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236736 Laufzeit: 1 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Log 4 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.07.12.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Marcel Pertsemlis :: HOME-PC [Administrator] 12.07.2012 19:25:22 mbam-log-2012-07-12 (19-25-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 238645 Laufzeit: 6 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Wenn jetzt noch etwas fehlen sollte hole ich dies auch gerne noch nach. Habe ich eigentllich schon DANKE für die Hilfe gesagt? ![]() |
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
![]() | ![]() TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Hier der gewünschte Malwarebytes Vollscan. Die ganzen älteren Logs sind im vorherigen Posting aufgeführt. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.07.14.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Marcel Pertsemlis :: HOME-PC [Administrator] 14.07.2012 08:11:53 mbam-log-2012-07-14 (08-11-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 395908 Laufzeit: 1 Stunde(n), 41 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe= # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=ad682263941b3844adb226a8f790ac53 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-14 12:55:28 # local_time=2012-07-14 02:55:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 7879188 7879188 0 0 # compatibility_mode=5893 16776573 100 94 81938 93896683 0 0 # compatibility_mode=8192 67108863 100 0 138 138 0 0 # scanned=174647 # found=3 # cleaned=0 # scan_time=5036 C:\Program Files\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I C:\ProgramData\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4}\Vista Codec Package.msi Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4}\Vista Codec Package.msi Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I |
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
![]() | ![]() TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Soweit ich die ganze Sache beurteilen kann würde ich sagen, dass Windows ganz normal und stabil läuft. Ordner fehlen auch keine. Was mich nur etwas stutzig macht ist die Tatsache, das mir vorgestern Avira beim Vollscan gemeldet hat, dass wohl wieder was gefunden wurde, siehe auch Avira-Log: Beginne mit der Desinfektion: C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\U\00000001.@ [FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/ZAccess.T [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '558ba723.qua' verschoben! |
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
Logfiles bitte immer in CODE-Tags posten
![]() | #11 |
Hier der Customscan, denke mal, dass auch hier der Realname durch "***" ersetzt werden sollte.
ATTFilter OTL logfile created on: 16.07.2012 17:45:10 - Run 2 OTL by OldTimer - Version Folder = C:\Users\***\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,10% Memory free 5,99 Gb Paging File | 4,97 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 99,53 Gb Free Space | 21,83% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.16 17:42:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.09 15:45:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 15:45:43 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 15:45:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 15:45:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.07.26 15:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.02.04 21:24:30 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\MARCEL~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.29 11:28:19 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.02.24 02:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008.10.24 21:18:26 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe ========== Modules (No Company Name) ========== MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009.07.29 11:28:19 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.09 15:45:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 15:45:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.27 16:36:26 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.07.26 15:15:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012.05.09 15:45:45 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 15:45:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.07.26 15:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.02.21 04:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2559076263-2572792815-146266238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: imagetab@next.gen.nz:1.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}: FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}: FF - prefs.js..extensions.enabledItems: imgfetcher@substantiel.fr:0.3.2 FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version= c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version= c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version= C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version= C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version= c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.05 21:09:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.21 17:00:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 16:36:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.04 14:09:21 | 000,000,000 | ---D | M] [2010.02.04 21:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.06 13:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions [2010.12.31 14:03:43 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2012.07.03 17:43:24 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.03.31 08:50:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.24 07:52:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mymrjm36.default\extensions\ich@maltegoetz.de [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\searchplugins\icqplugin.xml [2012.03.31 08:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.02.04 20:54:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.15 18:42:03 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012.03.15 18:42:01 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012.05.04 14:27:17 | 000,439,720 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI [2012.03.01 10:54:23 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI [2012.03.31 08:50:53 | 000,050,279 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{524B8EF8-C312-11DB-8039-536F56D89593}.XPI [2011.10.04 18:27:55 | 000,080,359 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{5E594888-3E8E-47DA-B2C6-B0B545112F84}.XPI [2011.03.30 19:17:12 | 000,089,724 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{A4732521-77D9-447E-A557-B279AC923F06}.XPI [2012.02.11 20:01:28 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.07.03 17:43:09 | 000,082,787 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYMRJM36.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI [2012.04.27 16:36:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.15 18:54:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.01.22 18:52:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.22 18:52:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.22 18:52:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.22 18:52:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.22 18:52:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.22 18:52:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D339A2-2E1C-4A58-9E98-AEB4A3193896}: DhcpNameServer = O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ACER03.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ACER03.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7c0069ec-b483-11e0-919b-001f16b58c22}\Shell - "" = AutoRun O33 - MountPoints2\{7c0069ec-b483-11e0-919b-001f16b58c22}\Shell\AutoRun\command - "" = E:\ICM_ML.exe O33 - MountPoints2\{adc00507-7318-11df-920e-001f16b58c22}\Shell - "" = AutoRun O33 - MountPoints2\{adc00507-7318-11df-920e-001f16b58c22}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.14 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.07.14 13:27:52 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.13 13:41:35 | 000,000,000 | R--D | C] -- C:\Users\***\Dropbox [2012.07.13 13:40:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.07.13 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dropbox [2012.07.12 18:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.07.12 18:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.07.04 19:03:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.03 22:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.03 22:16:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.03 22:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.26 18:20:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.16 17:42:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.16 17:31:22 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 17:31:22 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 17:26:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.16 17:26:09 | 2411,859,968 | -HS- | M] () -- C:\hiberfil.sys [2012.07.14 13:27:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.13 13:41:35 | 000,001,054 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [2012.07.13 13:40:12 | 000,001,064 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.13 13:05:17 | 000,434,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.12 20:36:39 | 000,657,824 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.12 20:36:39 | 000,619,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.12 20:36:39 | 000,131,164 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.12 20:36:39 | 000,107,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.12 19:37:14 | 000,003,460 | ---- | M] () -- C:\Users\***\Desktop\Malware.zip [2012.07.12 19:24:32 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 19:20:28 | 000,029,480 | ---- | M] () -- C:\Users\***\Desktop\Desktop.zip [2012.07.12 17:50:50 | 001,110,476 | ---- | M] () -- C:\Users\***\Desktop\7z920.exe [2012.07.12 16:55:51 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.04 19:04:57 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\b725ev9x.exe [2012.07.04 19:02:58 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.13 13:41:35 | 000,001,054 | ---- | C] () -- C:\Users\***\Desktop\Dropbox.lnk [2012.07.13 13:40:12 | 000,001,064 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.12 19:37:13 | 000,003,460 | ---- | C] () -- C:\Users\***\Desktop\Malware.zip [2012.07.12 19:20:28 | 000,029,480 | ---- | C] () -- C:\Users\***\Desktop\Desktop.zip [2012.07.12 17:50:47 | 001,110,476 | ---- | C] () -- C:\Users\***\Desktop\7z920.exe [2012.07.12 16:55:51 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.04 19:04:55 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\b725ev9x.exe [2012.07.04 19:02:53 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.03 22:17:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.27 17:51:27 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2012.03.15 18:48:39 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2012.01.19 22:16:46 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\@ [2011.07.04 20:51:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.07.04 20:45:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.04.30 00:30:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.30 00:29:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.26 18:07:24 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.08.19 03:16:33 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2010.07.29 19:51:35 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.07.29 19:51:35 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.05.09 18:02:06 | 000,003,542 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.03.30 19:56:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.05 18:13:59 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.02 14:48:06 | 000,000,378 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.02.04 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2010.02.04 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Chilirec [2012.07.16 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.08.07 09:31:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.04 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EA [2010.05.09 18:02:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.12.18 08:32:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.02.04 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin [2011.09.05 19:31:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek [2010.08.19 03:59:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeoDownloader [2010.08.19 02:42:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OutWit [2011.01.21 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre [2011.03.30 22:12:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2012.05.03 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.05.09 17:46:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scribus [2011.01.15 23:12:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper [2011.02.15 23:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Summitsoft [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.08.28 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox [2011.01.10 23:23:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VCOM [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs [2011.09.06 17:00:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode [2010.02.04 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Mcx1\AppData\Roaming\Acer GameZone Console [2012.05.10 18:23:53 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.04 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2010.07.07 18:55:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2010.02.04 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2012.04.14 08:57:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2010.02.04 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Chilirec [2010.07.30 14:18:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2012.07.16 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.08.07 09:31:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.04 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EA [2010.02.04 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google [2010.05.09 18:02:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.12.18 08:32:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.07.29 19:46:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2010.02.04 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin [2011.09.05 19:31:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek [2010.02.04 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2011.01.15 22:53:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.06.26 18:20:47 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2010.02.04 21:01:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2010.08.19 03:59:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeoDownloader [2010.08.19 02:42:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OutWit [2011.01.21 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre [2011.03.30 22:12:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2011.08.05 21:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real [2012.05.03 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.05.09 17:46:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scribus [2010.09.28 22:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2010.09.28 22:09:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2011.01.15 23:12:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper [2011.02.15 23:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Summitsoft [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.08.28 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox [2011.01.10 23:23:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VCOM [2010.02.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs [2010.07.30 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp [2010.02.04 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR [2011.09.06 17:00:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode < %APPDATA%\*.exe /s > [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.07.03 03:21:40 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.07.03 03:21:46 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe [2009.09.29 20:29:08 | 000,006,144 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe [2009.09.29 20:29:08 | 000,005,120 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe [2009.10.13 22:17:22 | 000,030,208 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe [2009.10.08 10:30:41 | 000,013,312 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe [2009.09.29 20:29:04 | 000,009,216 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe [2011.09.05 19:30:27 | 000,034,494 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_6FEFF9B68218417F98F549.exe [2011.03.02 10:07:12 | 000,034,494 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe [2012.02.12 21:22:34 | 000,034,494 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_6FEFF9B68218417F98F549.exe [2011.07.02 07:55:58 | 000,034,494 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_6FEFF9B68218417F98F549.exe [2010.09.23 18:53:32 | 000,034,494 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe [2010.10.13 11:58:55 | 000,034,494 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe [2012.02.28 12:55:10 | 000,355,574 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CE39C8A5-C98D-4702-807F-265FCF9F54FD}\_1D51255658B9C3E90ADE23.exe [2012.02.28 12:55:10 | 000,034,494 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CE39C8A5-C98D-4702-807F-265FCF9F54FD}\_6FEFF9B68218417F98F549.exe [2012.02.28 12:55:10 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CE39C8A5-C98D-4702-807F-265FCF9F54FD}\_9DA2A1C4E2617026559E35.exe [2012.02.28 12:55:10 | 000,080,992 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CE39C8A5-C98D-4702-807F-265FCF9F54FD}\_D01370261CFDFD53DA696F.exe [2012.02.28 12:55:10 | 000,355,574 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CE39C8A5-C98D-4702-807F-265FCF9F54FD}\_F9840C449CC64997755A24.exe [2011.05.03 21:43:16 | 000,034,494 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe [2011.06.28 07:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe [2010.05.28 14:08:52 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\setup3.10\setup.exe [2011.01.24 19:29:40 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\setup3.13\setup.exe [2012.06.29 16:36:09 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\pnup0.exe [2012.07.14 12:51:29 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe [2012.06.29 16:36:28 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe [2012.06.14 13:57:12 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe [2012.02.02 20:24:28 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe [2011.08.01 05:32:08 | 000,958,352 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2011.08.01 05:32:12 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2011.06.07 11:14:40 | 000,286,720 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2011.08.01 05:32:10 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.07.26 10:27:16 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2011.07.26 10:27:16 | 000,284,160 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2011.07.26 10:27:18 | 000,666,112 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2011.08.01 05:32:14 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2011.07.26 10:27:06 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2011.07.26 10:27:06 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2011.08.01 05:32:18 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2011.08.01 05:32:22 | 004,661,464 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.07.26 10:26:44 | 024,100,248 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2011.08.01 05:32:24 | 000,362,384 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe [2012.01.04 08:07:42 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.02.12 03:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys [2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys [2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e0c941a8b0e04b56\iaStor.sys [2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_7009a7672ee571e2\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
![]() | #12 |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7c0069ec-b483-11e0-919b-001f16b58c22}\Shell - "" = AutoRun O33 - MountPoints2\{7c0069ec-b483-11e0-919b-001f16b58c22}\Shell\AutoRun\command - "" = E:\ICM_ML.exe O33 - MountPoints2\{adc00507-7318-11df-920e-001f16b58c22}\Shell - "" = AutoRun O33 - MountPoints2\{adc00507-7318-11df-920e-001f16b58c22}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - user.js - File not found :Files C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\@ C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\U C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\n C:\Program Files\VistaCodecPack C:\ProgramData\VistaCodecs C:\Users\All Users\VistaCodecs :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
Logfiles bitte immer in CODE-Tags posten
![]() | #13 |
So, nächsten Schritt deiner Hilfe befolgt, Jungs, ich muss euch ma ein dickes Lob aussprechen, ihr macht das echt richtig gut und für jedermann verständlich, klasse!
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c0069ec-b483-11e0-919b-001f16b58c22}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c0069ec-b483-11e0-919b-001f16b58c22}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c0069ec-b483-11e0-919b-001f16b58c22}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c0069ec-b483-11e0-919b-001f16b58c22}\ not found. File E:\ICM_ML.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adc00507-7318-11df-920e-001f16b58c22}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adc00507-7318-11df-920e-001f16b58c22}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adc00507-7318-11df-920e-001f16b58c22}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adc00507-7318-11df-920e-001f16b58c22}\ not found. File E:\LaunchU3.exe -a not found. Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems ========== FILES ========== C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\@ moved successfully. C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\U folder moved successfully. File\Folder C:\Users\***\AppData\Local\{6dbaec1a-3347-a12c-aa57-39559522a328}\n not found. C:\Program Files\VistaCodecPack\Tools folder moved successfully. C:\Program Files\VistaCodecPack\rm\Update_OB folder moved successfully. C:\Program Files\VistaCodecPack\rm\Rpplugins folder moved successfully. C:\Program Files\VistaCodecPack\rm\Plugins\ExtResources folder moved successfully. C:\Program Files\VistaCodecPack\rm\Plugins folder moved successfully. C:\Program Files\VistaCodecPack\rm\Common folder moved successfully. C:\Program Files\VistaCodecPack\rm\Codecs folder moved successfully. C:\Program Files\VistaCodecPack\rm\Browser\Plugins folder moved successfully. C:\Program Files\VistaCodecPack\rm\Browser\Components folder moved successfully. C:\Program Files\VistaCodecPack\rm\Browser folder moved successfully. C:\Program Files\VistaCodecPack\rm folder moved successfully. C:\Program Files\VistaCodecPack\icons folder moved successfully. C:\Program Files\VistaCodecPack\filters\languages folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\zh@Traditional\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\zh@Traditional folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\zh@Simplified\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\zh@Simplified folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\swe\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\swe folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\spa\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\spa folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\slv\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\slv folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\slo\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\slo folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\rus\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\rus folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\pt_BR\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\pt_BR folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\pol\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\pol folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\kor\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\kor folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\jpn\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\jpn folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\ita\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\ita folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\ind\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\ind folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\hun\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\hun folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\heb\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\heb folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\gre\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\gre folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\ger\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\ger folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\fre\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\fre folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\fin\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\fin folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\dut\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\dut folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\cze\LC_MESSAGES folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang\cze folder moved successfully. C:\Program Files\VistaCodecPack\filters\lang folder moved successfully. C:\Program Files\VistaCodecPack\filters folder moved successfully. C:\Program Files\VistaCodecPack folder moved successfully. C:\ProgramData\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4} folder moved successfully. C:\ProgramData\VistaCodecs folder moved successfully. File\Folder C:\Users\All Users\VistaCodecs not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 5261297 bytes ->Temporary Internet Files folder emptied: 8393935 bytes ->Java cache emptied: 27649284 bytes ->FireFox cache emptied: 53835585 bytes ->Flash cache emptied: 782 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 75 bytes User: Nadja ->Temp folder emptied: 515951 bytes ->Temporary Internet Files folder emptied: 344044 bytes ->Java cache emptied: 1158391 bytes ->FireFox cache emptied: 148647834 bytes ->Flash cache emptied: 1090 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 548342 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 235,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: *** ->Flash cache emptied: 0 bytes User: Mcx1 ->Flash cache emptied: 0 bytes User: Nadja ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version log created on 07172012_155048 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
![]() | #14 |
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
Logfiles bitte immer in CODE-Tags posten
![]() | #15 |
So, nächste Schritt auch erledigt.
ATTFilter # AdwCleaner v1.702 - Logfile created 07/18/2012 at 18:35:10 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : *** - HOME-PC # Running from : C:\Users\***\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\***\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\Conduit Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\ConduitCommon Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\ConduitEngine Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} ***** [Registry] ***** Key Found : HKCU\Software\Softonic ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v12.0 (de) Profile name : default File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\prefs.js Found : user_pref("CT2269050..clientLogIsEnabled", false); Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true); Found : user_pref("CT2269050.CTID", "CT2269050"); Found : user_pref("CT2269050.CurrentServerDate", "17-7-2012"); Found : user_pref("CT2269050.DialogsAlignMode", "LTR"); Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Jul 16 2012 17:39:53 GMT+0200"); Found : user_pref("CT2269050.DownloadReferralCookieData", ""); Found : user_pref("CT2269050.EMailNotifierPollDate", "Fri Aug 13 2010 21:01:14 GMT+0200"); Found : user_pref("CT2269050.FirstServerDate", "7-8-2010"); Found : user_pref("CT2269050.FirstTime", true); Found : user_pref("CT2269050.FirstTimeFF3", true); Found : user_pref("CT2269050.FirstTimeSettingsDone", true); Found : user_pref("CT2269050.FixPageNotFoundErrors", true); Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2269050.HasUserGlobalKeys", true); Found : user_pref("CT2269050.Initialize", true); Found : user_pref("CT2269050.InitializeCommonPrefs", true); Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Found : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 11:22:43 GMT+0200"); Found : user_pref("CT2269050.InvalidateCache", false); Found : user_pref("CT2269050.IsGrouping", false); Found : user_pref("CT2269050.IsMulticommunity", false); Found : user_pref("CT2269050.IsOpenThankYouPage", false); Found : user_pref("CT2269050.IsOpenUninstallPage", false); Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue Jul 17 2012 17:39:54 GMT+0200"); Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Aug 13 2010 19:51:55 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 15:24:51 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 16:18:37 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 29 2012 13:21:31 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Jul 17 2012 21:14:55 GMT+0200"); Found : user_pref("CT2269050.LatestVersion", ""); Found : user_pref("CT2269050.Locale", "en"); Found : user_pref("CT2269050.LoginCache", 4); Found : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2269050.RadioIsPodcast", false); Found : user_pref("CT2269050.RadioLastCheckTime", "Fri Aug 13 2010 13:29:24 GMT+0200"); Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Found : user_pref("CT2269050.RadioMediaID", "12473383"); Found : user_pref("CT2269050.RadioMediaType", "Media Player"); Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Found : user_pref("CT2269050.RadioStationURL", "hxxp://"); Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Found : user_pref("CT2269050.SearchInNewTabEnabled", true); Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Tue Jul 17 2012 17:39:53 GMT+0200"); Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Tue Jul 17 2012 17:39:53 GMT+0200"); Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Found : user_pref("CT2269050.SettingsLastCheckTime", "Tue Jul 17 2012 21:14:53 GMT+0200"); Found : user_pref("CT2269050.SettingsLastUpdate", "1341904940"); Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Aug 07 2010 11:22:42 GMT+0200"); Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578"); Found : user_pref("CT2269050.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2269050.UserID", "UN33306201193065366"); Found : user_pref("CT2269050.WeatherNetwork", ""); Found : user_pref("CT2269050.WeatherPollDate", "Fri Aug 13 2010 20:52:15 GMT+0200"); Found : user_pref("CT2269050.WeatherUnit", "C"); Found : user_pref("CT2269050.alertChannelId", "666138"); Found : user_pref("CT2269050.clientLogIsEnabled", true); Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true); Found : user_pref("CT2269050.initDone", true); Found : user_pref("CT2269050.myStuffEnabled", true); Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2269050.revertSettingsEnabled", true); Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2269050.searchProtectorEnableByLogin", true); Found : user_pref("CT2269050.testingCtid", ""); Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Tue Jul 17 2012 17:39:54 GMT+0200"); Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CT2269050.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=666138&fid=661999", "\"0\""[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...] Found : user_pref("CommunityToolbar.EngineHiddenByUser", true); Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.IsEngineShown", false); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.se[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 10 2011 19:57:46 GMT+02[...] Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 14:39:22 GMT+0200"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 14:39:14 GMT+0200"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "{b72c522d-5b31-4697-a4eb-a8127ee59c27}"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 13 2010 13:29:24 GMT+0200"); Found : user_pref("CommunityToolbar.globalUserId", "ba0e873b-c11f-4406-ad87-803a6db52242"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 06 2011 11:47:31 GMT+0200"); Found : user_pref("ConduitEngine.CTID", "ConduitEngine"); Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200"); Found : user_pref("ConduitEngine.FirstServerDate", "03/30/2011 20"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Wed Mar 30 2011 19:17:18 GMT+0200"); Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200"); Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Mar 30 2011 22:18:13 GMT+0200"); Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 30 2011 22:18:13 GMT+0200"); Found : user_pref("ConduitEngine.UserID", "UN28008922307916746"); Found : user_pref("ConduitEngine.componentAlertEnabled", false); Found : user_pref("ConduitEngine.engineLocale", "de"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200"); Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 30 2011 19:17:18 GMT+0200"); Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Found : user_pref("ConduitEngine.usagesFlag", 1); Profile name : default File : C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\r58ep3d6.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [14840 octets] - [18/07/2012 18:35:10] ########## EOF - C:\AdwCleaner[R1].txt - [14969 octets] ########## |
![]() |
Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? |
aktiv, avira, befall, e-banking, erledigt, frage, fragen, geladen, geschichte, googeln, hallo zusammen, herzlichen, hoffe, laptop, laufen, löschen, malwarebytes, minute, programme, quarantäne, recht, super, tr/atraps.gen, viren, weiterhelfen, überprüfen, zaccess, zusammen |