| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.08.2012, 16:19
| #1 |
 |  tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Hallo Trojaner-Board-Team, habe gestern einen aufgeregten Anruf meiner Mutter erhalten, dass sich der Antivir Echtzeit-Scanner nicht mehr starten ließe und zuvor eine Warnmeldung über einen Trojaner kam, welchen sie dann in Quarantäne verschoben hat. Laut ihrem Bericht hätten sich auch auf dem Desktop Dateien merkwürdig verschoben. Auf die Frage wann diese Meldung eintraf konnte sie mir keine klare Antwort geben, nach mehrmaligem Nachstochern hieß es dann dass sie nach Infos über Tagesgeld-Konten gesucht hätte und auch ein (vielleicht vermeintliches?) Flash-Update installiert hat. Nachdem ich sie dann bat die W-LAN Verbindung zu deaktivieren und mir zu sagen welche Prozesse den im Taskmanager gelistet sind (lässt sich starten) bekam ich auch eine 'tofitugikloq.exe' genannt. Eine Google Suche brachte mich dann in's AntiVir Forum: hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=147501 Ich habe sie dann gebeten den Laptop auszuschalten und mir zu bringen, in der Hoffnung, dass mir die Leute aus dem Trojaner-Board bei der Beseitigung helfen können. In Antiv selbst sind bis auf die Ereignisse, dass der Echtzeit-Scanner nicht gestartet werden konnte keine Meldungen zu finden. - Den defogger habe ich ausgeführt. - Als nächstes den OTL Quickscan. Hier die beiden Ergebnisse: Code:
ATTFilter OTL logfile created on: 8/6/2012 4:48:19 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = E:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.93 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 75.02% Memory free 7.86 Gb Paging File | 6.81 Gb Available in Paging File | 86.60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220.78 Gb Total Space | 77.76 Gb Free Space | 35.22% Space Free | Partition Type: NTFS Drive E: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.42% Space Free | Partition Type: FAT Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/06 15:38:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2012/07/18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/07/18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/03/09 20:46:02 | 001,668,608 | ---- | M] (Gerhard Junker) -- C:\Program Files (x86)\ncid.Net\ncid.Net.exe PRC - [2009/10/06 15:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2009/08/06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009/08/06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009/08/04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009/07/27 11:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 15:57:16 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e642f8e9415d53aa2bc08fc3af938236\System.Deployment.ni.dll MOD - [2012/06/14 15:56:56 | 000,168,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Thought.vCards\c2a70e2258cb428e2955c2a74b1af89c\Thought.vCards.ni.dll MOD - [2012/06/14 15:56:54 | 001,893,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net\8ba0c5a3d9e12d6884675c2e9c6e7a03\ncid.Net.ni.exe MOD - [2012/06/14 15:56:54 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.PhoneNumber\0277ae7345c7e79803baed1993f25218\ncid.Net.PhoneNumber.ni.dll MOD - [2012/06/13 11:29:22 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll MOD - [2012/06/13 11:29:12 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll MOD - [2012/05/11 09:43:10 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll MOD - [2012/05/11 09:43:10 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll MOD - [2012/05/11 09:43:07 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll MOD - [2012/05/11 09:41:57 | 001,036,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.resources\4bcbd4da2285537eaa849c0a17f12342\ncid.Net.resources.ni.dll MOD - [2012/05/11 08:47:28 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll MOD - [2012/05/11 08:47:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012/05/11 08:47:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012/05/11 08:47:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll MOD - [2012/05/11 08:47:14 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012/05/11 08:47:07 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2012/02/13 17:32:24 | 000,501,760 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll MOD - [2012/02/13 17:32:24 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\ikpFlac.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc) SRV:64bit: - [2010/02/02 13:18:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009/08/06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2012/08/03 18:00:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/20 19:41:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/07/18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/17 09:32:11 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010/02/02 13:23:52 | 001,393,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/02/02 13:18:22 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009/08/06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc) DRV:64bit: - [2012/07/18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/05/08 17:01:30 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/09/16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt) DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/03/12 18:21:52 | 000,097,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009/08/10 05:07:14 | 000,222,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/27 09:04:36 | 000,058,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/07/16 13:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/07 11:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/18 14:12:32 | 000,272,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2009/06/02 13:15:30 | 000,060,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/02 13:15:30 | 000,022,576 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/02 13:15:30 | 000,020,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDNServ.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 10:46:08 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008/05/02 11:58:48 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2008/05/02 11:58:48 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enDE359DE359 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM1DE&apn_uid=a1437966-3a52-4b75-8b98-d7af7abd1c14&apn_sauid=F994B060-80AD-475F-BB29-32A7FC208B7E& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.startup.homepage: "hxxp://translate.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "72.64.146.135" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 19:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 18:06:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 19:41:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 18:06:21 | 000,000,000 | ---D | M] [2009/12/24 20:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions [2012/07/25 08:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions [2012/04/25 16:46:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/06/28 21:38:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\searchplugins\askcom.xml [2012/05/05 19:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/20 19:41:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/04 16:23:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/05/05 19:46:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/05 19:46:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/05/05 19:46:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/05/05 19:46:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/05/05 19:46:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/05/05 19:46:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKCU..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found O4 - HKCU..\Run: [tofitugikloq] C:\Users\Angel\tofitugikloq.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} hxxp://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F15E88C-E0B3-48D0-B2E8-786E78F0D0DB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B8A2BB3-070D-414E-9C6B-204905F6B18B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/06 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Malwarebytes [2012/08/06 16:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/06 16:37:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/06 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/06 16:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/05 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0F2A8490-B547-44DE-B85B-17ED4BE37932} [2012/08/05 16:52:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FC98BDA5-9222-4A7B-8A82-662F1A251F16} [2012/08/05 14:15:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Avira [2012/08/05 14:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/08/05 14:15:22 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/08/05 14:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/08/05 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/08/05 14:01:32 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2A1B29BC-BD14-4E2A-8320-4B4CE8C72975} [2012/08/05 08:43:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012/08/05 08:25:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C393F80C-5DC5-4F5B-B01C-BD6BBCB0C4F1} [2012/08/04 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4298C5ED-5904-4CB9-A51B-B993778192B1} [2012/08/04 16:47:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D1B39D9E-7D63-4025-9857-2FDDC30BF7D1} [2012/08/03 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D51E223A-188A-449A-89C0-0885CC746015} [2012/08/03 06:51:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A9EA1514-318D-4BBE-B36D-7A1315DBB775} [2012/08/03 06:51:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{81A7388D-526A-4C36-80EA-485FFD468517} [2012/08/02 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{AF3C7BAC-BE63-4C4F-9F24-FD956D378356} [2012/08/02 13:59:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{83E83CF0-109C-4063-B707-0FCACF64BCBC} [2012/08/02 07:18:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B32B4029-F120-4566-88E5-96AE77EBE604} [2012/08/02 07:18:34 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0A0BB435-8575-45D5-8B70-DD54642B3ADC} [2012/08/01 18:05:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E94945B2-721A-49CF-816B-291B1C6317A8} [2012/08/01 18:04:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{004528C4-506A-43AE-A9EB-9CF345E23ECF} [2012/08/01 15:17:20 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B52B08D6-DE30-48D3-A364-F750423671F9} [2012/07/31 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3D013B09-2BD6-482E-992F-A7A6957ADB11} [2012/07/31 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E1A833D2-492A-4127-82EB-85DB85D5CC4F} [2012/07/31 07:28:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7135BE73-81B5-49AE-92FE-FABDD7E8B018} [2012/07/30 19:32:59 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6C03D25D-A50F-4833-BAD6-CFC7569FCBE7} [2012/07/30 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{DBA7071C-BB07-4848-BA5A-FB18064F8EC8} [2012/07/30 07:17:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{992D4117-32BD-40D2-ACDE-167095639D3A} [2012/07/30 07:17:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F07B4786-B8EB-436B-B295-A2F5C0883046} [2012/07/29 18:49:15 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{70BCDE55-75BC-41B2-AA64-8D6EAACE15ED} [2012/07/29 18:48:56 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A9802FC1-CBAE-408D-9B71-59BC446BD6D9} [2012/07/29 15:20:02 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4A760BF5-9475-4D91-B4B6-6F060B561B53} [2012/07/29 07:47:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8021E1CF-3DEF-492A-8FCA-EF94DA70BDB5} [2012/07/29 07:47:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8D2BC982-9E21-487B-A84E-FFD850CBA25B} [2012/07/28 20:07:00 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{667E5069-FB4B-4484-87A5-DA506A118BB2} [2012/07/28 07:07:03 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{CB1782DE-B3F5-46F5-8368-388B4886FF7A} [2012/07/28 07:06:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{5029FCD2-B6FA-4EE0-86A0-0D1D8F23B304} [2012/07/27 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{AA0F268E-8BB7-44AE-89B5-2883A902C6A9} [2012/07/27 16:12:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F279A05F-2BC2-4D70-94BB-7A7898BFE5A7} [2012/07/27 11:50:31 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{45344224-4D6C-4DCC-86E8-090E214E1F54} [2012/07/27 07:17:59 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6C975C15-BE79-4D02-8D83-A649F9B1299D} [2012/07/27 07:17:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{91D8B556-46C1-47A1-B733-F05A5B6B354E} [2012/07/26 18:25:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{43A63EB4-CAA3-4E77-B5BC-75A51421BA51} [2012/07/26 18:25:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{DA5E44A1-9C39-4D88-B8F2-466E025524FB} [2012/07/26 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F1A30590-FACA-4874-8CD1-936004CFA4B2} [2012/07/26 07:35:06 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0EE56CA8-B230-490E-AE8A-67DC14602005} [2012/07/26 07:34:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{08EA1CF3-90CD-42EF-8B7E-17C39661C824} [2012/07/25 21:27:54 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A6E85B55-E59B-4615-A90B-F8BDF01F2F43} [2012/07/25 21:27:31 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{90472706-1D9E-40DD-A7AB-653E746674CA} [2012/07/25 07:57:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A936BC72-4432-4A32-BF3C-1093E62C0D60} [2012/07/25 07:57:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FC5AA590-5119-48AA-9291-A0AFE06E57E8} [2012/07/24 18:57:19 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{44C7B76B-5ECB-4C63-90EA-FA3AC73D8352} [2012/07/24 16:56:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D4C2B43C-2A8F-4436-820C-4BEDEA93AA9A} [2012/07/24 12:17:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F6E223DE-4C07-4D2D-9F96-DA6971D9FB9C} [2012/07/24 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B0FF446B-B969-436A-8988-C1772E73B6AE} [2012/07/24 07:33:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7B70ADCD-9F76-4275-98DC-A97B6B97E723} [2012/07/24 07:33:11 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2F3C1881-14A4-44DE-8E0D-E0072FFCD682} [2012/07/23 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4DEFBEB3-D11F-40A0-8963-552B8B54752C} [2012/07/23 07:02:12 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7F09DDBE-2CE2-4A31-9F0A-22CA472607DA} [2012/07/23 07:02:00 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{67850B28-A240-45B9-BAFE-81317131236B} [2012/07/22 21:01:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{814064F9-D306-4B6C-83D6-01AA8EA0CA99} [2012/07/22 07:02:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{779E63A8-7427-4AB3-B7C5-028910495737} [2012/07/22 07:02:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8CC70E14-F86C-442E-A3EA-036A341AD060} [2012/07/21 12:25:03 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8CFAB31D-AA98-4ABC-BADB-0C3BE73B900D} [2012/07/21 12:24:40 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{BAD5BAE9-E01E-4A50-9407-4DCC600666A9} [2012/07/20 20:30:17 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{58DE76D4-F66E-414C-BE54-D63427A7E700} [2012/07/20 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{9E401AF8-813B-4CCE-A2DC-8EBDA1E68546} [2012/07/20 07:45:26 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{77FBC17C-1350-4DF5-BDF0-3A3AC6E30ECA} [2012/07/20 07:45:09 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4F63956C-59BF-44B7-92FB-B1B41174865F} [2012/07/19 19:41:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B17F65BB-3C4A-42DA-A0B6-23F8146602A5} [2012/07/19 19:41:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C1065987-E699-4192-9181-862E886B4C62} [2012/07/19 07:22:57 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{1833A7E9-1F09-4421-9E0B-01B358CC4F23} [2012/07/19 07:22:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{15D775A6-0B52-4B37-B26A-169D0E6EDF92} [2012/07/18 07:53:05 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{12B02651-FD2E-4539-9182-086FCD5E030D} [2012/07/18 07:52:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{368E241A-EDCE-445D-9758-DC914669DB3E} [2012/07/17 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{28527A7F-8E14-4EFB-972B-A18D84830A61} [2012/07/17 16:42:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C2B2E779-3512-41AA-A870-013993A8C39D} [2012/07/17 12:29:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{346A2883-03A3-4D65-A206-F00D200811FC} [2012/07/17 07:26:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2433BC7D-D9FC-4DBD-86D7-18221283DEBF} [2012/07/17 07:26:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FD75142F-B2D3-4D36-BC14-F2D54CE909AD} [2012/07/16 09:21:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{335E1CA3-3FFD-4238-A0D4-D624D39A069E} [2012/07/16 09:21:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A65CA88E-A5FF-4BB7-BBE4-608F11FE0E3F} [2012/07/15 21:20:56 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E561E596-6BAD-423E-96D7-90DEDC5AF564} [2012/07/15 21:20:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F2623810-7AAC-4912-AED6-57FD38F121B5} [2012/07/15 20:00:10 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B5140536-BDB0-41CB-B7B9-B6995F959E1B} [2012/07/15 07:00:51 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{34505BD7-E14D-4692-A7B0-04401ABE6125} [2012/07/15 07:00:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F65FE5EB-1887-420C-9513-95B2C41F54A8} [2012/07/14 16:29:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B40D7C8A-CE29-4DC3-A8F7-932E039DE319} [2012/07/14 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{817E913B-12E4-46AB-8CA4-A520369F2684} [2012/07/14 15:32:47 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{348D0520-CD50-49B0-BC61-CAAE791541C3} [2012/07/14 07:39:33 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C65DF41D-BF5C-48BF-864A-A6E48A6EE27D} [2012/07/14 07:39:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{18DD0A3C-BEAE-4BD3-BB28-990E853C6D3F} [2012/07/13 21:33:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{504135C6-7505-41D3-971C-6933826AEFEB} [2012/07/13 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6CC1C0DF-75BE-44C8-A4BE-9319D134279B} [2012/07/13 08:25:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3A69C5D8-EED0-4944-8A54-F266C974CE3B} [2012/07/12 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8E750453-C1D9-489C-8515-FB4501A5A057} [2012/07/12 15:32:04 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E2997D8F-6791-40F4-8C8D-BF89A76EE88C} [2012/07/11 21:24:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F9A9FF0C-40A8-4A10-8F7F-9DBACF8906C4} [2012/07/11 21:24:13 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4F37BA7F-B4F1-46ED-B007-48F2BF0F721C} [2012/07/11 07:23:11 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3EB8ADCC-5A75-4D72-A382-2615912E2FBA} [2012/07/11 07:22:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8EA280BB-C226-495D-B5D1-C038D72A45BA} [2012/07/10 20:36:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F4BC6F34-2E93-4574-8431-EBA54AEFB3CD} [2012/07/10 06:53:06 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{BD88CF78-8B70-457C-8146-929364AA1AE6} [2012/07/10 06:52:48 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B642EDDF-9161-489D-AF40-22E03D6CC1F5} [2012/07/09 14:29:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8408E21E-8095-4AFB-B68F-74AE82759523} [2012/07/09 14:28:39 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3E698BD1-5051-4674-B23D-A2F2F2B08FE1} [2012/07/09 08:00:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{9B8AACB6-F2A3-43E5-8A2D-5C273A5366DB} [2012/07/09 08:00:09 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{96D93D74-81D9-4E3B-BC53-1E735C339353} [2012/07/08 20:36:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A03328FE-3BD1-459C-91E8-E239F3FF70F2} [2012/07/08 08:05:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{63A02F39-4182-4365-9FCF-94BBAB929227} [2012/07/08 08:04:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{90CA27F7-BA6E-4638-8B81-DD6C0ABDFC04} [2009/08/14 12:17:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2012/08/06 17:02:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/06 16:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/06 16:39:15 | 000,732,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/06 16:39:15 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/06 16:39:15 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/06 16:36:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 16:36:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 16:36:17 | 000,000,000 | ---- | M] () -- C:\Users\Angel\defogger_reenable [2012/08/06 16:28:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/06 16:28:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/06 16:28:34 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys [2012/08/05 08:36:23 | 000,090,584 | ---- | M] () -- C:\Users\Angel\tofitugikloq.exe [2012/07/20 19:41:21 | 000,002,048 | ---- | M] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/07/18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/07/11 08:49:23 | 000,451,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2012/08/06 16:36:17 | 000,000,000 | ---- | C] () -- C:\Users\Angel\defogger_reenable [2012/08/05 13:00:44 | 000,085,976 | ---- | C] () -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys [2012/08/05 08:37:36 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@ [2012/08/05 08:37:36 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@ [2012/08/05 08:37:36 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@ [2012/08/05 08:36:57 | 000,090,584 | ---- | C] () -- C:\Users\Angel\tofitugikloq.exe [2012/07/11 08:45:09 | 003,148,800 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2012/07/11 07:28:28 | 000,458,704 | ---- | C] () -- C:\Windows\SysNative\drivers\cng.sys [2012/07/11 07:28:27 | 000,151,920 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecpkg.sys [2012/07/11 07:28:25 | 000,095,600 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys [2012/03/12 07:38:27 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@ [2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Users\Angel\AppData\Local\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@ [2011/07/30 22:47:14 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/08/08 16:08:11 | 000,000,860 | ---- | C] () -- C:\Users\Angel\.recently-used.xbel [2010/06/21 14:21:09 | 000,000,001 | R--- | C] () -- C:\Users\Angel\serverport [2009/12/27 20:04:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2010/02/21 12:56:08 | 000,000,000 | -HSD | M] -- C:\Users\Angel\AppData\Roaming\.# [2011/12/26 17:26:50 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Awem [2010/03/26 12:37:57 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Canneverbe Limited [2011/12/21 22:26:47 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager [2011/08/17 15:25:34 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\DVDVideoSoft [2010/02/21 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\GameConsole [2010/02/17 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\GetRightToGo [2010/08/08 16:08:11 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\gtk-2.0 [2010/08/28 18:40:44 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Iggels [2011/07/22 19:19:03 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\OpenCandy [2011/06/13 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\OpenOffice.org [2010/08/08 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PhotoFiltre [2010/02/21 13:03:00 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PlayFirst [2011/11/06 09:43:09 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PowerCinema [2012/08/05 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\QuickScan [2011/09/12 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Skinux [2012/03/20 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\SoftDMA [2010/02/22 09:21:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Thinstall [2009/12/24 21:45:03 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\TuneUp Software [2010/05/22 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\VoipStunt [2010/08/28 19:56:38 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Youtube Downloader HD [2012/07/13 08:21:30 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:E2B84483 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1D32EC29 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > Code:
ATTFilter OTL Extras logfile created on: 8/6/2012 4:48:19 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3.93 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 75.02% Memory free
7.86 Gb Paging File | 6.81 Gb Available in Paging File | 86.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 77.76 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.42% Space Free | Partition Type: FAT
Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{517DC9BF-48CD-480B-BE9A-8272DD9E536F}" = ncid.Net 2.6.14
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{787F0AC6-1C11-44AF-A07A-82C153D39FCA}_is1" = eMpTy-V-loader version 3.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E492D84D-F8CB-48C7-A78C-D62537D5AE46}" = GMX SMS-Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"Fotosizer" = Fotosizer 1.27
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 4.0.815
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"MAGIX Foto Clinic 4.5 D" = MAGIX Foto Clinic 4.5 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Star Defender 2_is1" = Star Defender 2
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.5
"VoipStunt_is1" = VoipStunt
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/14/2012 2:55:06 PM | Computer Name = Angel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ncid.Net.exe, version: 2.6.14.0, time stamp:
0x4f5a4fe4 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0xa88 Faulting application start time: 0x01cd61a81a7b7d44 Faulting application path:
C:\Program Files (x86)\ncid.Net\ncid.Net.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 6cbfa323-cde5-11e1-87f0-00262263434f
Error - 8/5/2012 7:44:22 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 8/5/2012 7:54:30 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 8/5/2012 8:17:08 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 8/5/2012 8:21:30 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 8/5/2012 10:47:27 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 8/5/2012 11:04:26 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 8/5/2012 12:16:21 PM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 8/5/2012 12:22:46 PM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 8/6/2012 10:29:00 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
[ Media Center Events ]
Error - 8/28/2010 1:35:27 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 07:35:25 - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)
Error - 8/28/2010 1:36:00 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 07:36:00 - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)
[ System Events ]
Error - 8/5/2012 12:16:57 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 8/5/2012 12:16:57 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 8/5/2012 12:22:53 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7024
Description = The Avira Echtzeit Scanner service terminated with service-specific
error %%307.
Error - 8/6/2012 10:28:44 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%31
Error - 8/6/2012 10:28:51 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 8/6/2012 10:28:53 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%2
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.
Error - 8/6/2012 10:29:50 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7024
Description = The Avira Echtzeit Scanner service terminated with service-specific
error %%307.
< End of report >
Ich hoffe mir kann hier jemand helfen. Danke im Voraus, Daniel Geändert von LeProphete (06.08.2012 um 16:25 Uhr) |
|
08.08.2012, 10:49
| #2 |
| | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Entschuldigung für den Doppelpost, aber ich denke der Malwarebytes Log könnte hier doch etwas weiterhelfen, habe den Laptop nun doch kurzfristig ins Netz gelassen um das Datenbankupdate durchzuführen.
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.07.06 Windows 7 Service Pack 1 x64 FAT Internet Explorer 8.0.7601.17514 Angel :: ANGEL-PC [Administrator] 08.08.2012 07:14:36 mbam-log-2012-08-08 (11-31-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 627501 Laufzeit: 3 Stunde(n), 22 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Angel\tofitugikloq.exe (Trojan.Phex.THAGen3) -> 2616 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tofitugikloq (Trojan.Phex.THAGen3) -> Daten: C:\Users\Angel\tofitugikloq.exe -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Angel\tofitugikloq.exe (Trojan.Phex.THAGen3) -> Keine Aktion durchgeführt. C:\Users\Angel\AppData\Local\Temp\1598479.exe (Trojan.Phex.THAGen3) -> Keine Aktion durchgeführt. C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) Gruß, Daniel |
|
10.08.2012, 19:40
| #3 |
| /// Helfer-Team  | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc)
DRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enDE359DE359
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM1DE&apn_uid=a1437966-3a52-4b75-8b98-d7af7abd1c14&apn_sauid=F994B060-80AD-475F-BB29-32A7FC208B7E&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://translate.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "72.64.146.135"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found
O4 - HKCU..\Run: [tofitugikloq] C:\Users\Angel\tofitugikloq.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
File not found -- C:\Windows\SysNative\
[2012/08/05 08:36:23 | 000,090,584 | ---- | M] () -- C:\Users\Angel\tofitugikloq.exe
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
[2012/08/06 17:02:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/06 16:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 16:28:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 08:37:36 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@
[2012/08/05 08:37:36 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@
[2012/08/05 08:37:36 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@
[2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@
[2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Users\Angel\AppData\Local\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@
[2010/02/21 12:56:08 | 000,000,000 | -HSD | M] -- C:\Users\Angel\AppData\Roaming\.#
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
11.08.2012, 09:13
| #4 |
| | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Danke fuer die Antwort, hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named b5d9fc19103ad2dc was found to stop!
Service\Driver key b5d9fc19103ad2dc not found.
File C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys not found.
Error: No service named b5d9fc19103ad2dc was found to stop!
Service\Driver key b5d9fc19103ad2dc not found.
File C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr
Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "${8}" removed from browser.search.param.yahoo-type
Prefs.js: "hxxp://translate.google.de/" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "72.64.146.135" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ncid.Net deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tofitugikloq not found.
File C:\Users\Angel\tofitugikloq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\Users\Angel\tofitugikloq.exe not found.
ADS C:\ProgramData\Temp:E2B84483 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:1D32EC29 deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@ moved successfully.
C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@ moved successfully.
C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@ moved successfully.
C:\Users\Angel\AppData\Local\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@ moved successfully.
C:\Users\Angel\AppData\Roaming\.# folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Angel\Desktop\cmd.bat deleted successfully.
C:\Users\Angel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Angel
->Temp folder emptied: 12934146 bytes
->Temporary Internet Files folder emptied: 120633304 bytes
->Java cache emptied: 60323008 bytes
->FireFox cache emptied: 325409596 bytes
->Flash cache emptied: 17151472 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1972126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13295689 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 526.00 mb
[EMPTYFLASH]
User: All Users
User: Angel
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08112012_100250
Files\Folders moved on Reboot...
C:\Users\Angel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Angel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Daniel |
|
11.08.2012, 15:12
| #5 |
| /// Helfer-Team | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
11.08.2012, 18:35
| #6 |
| | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Weiter geht's..  Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Angel :: ANGEL-PC [Administrator] 11.08.2012 16:22:09 mbam-log-2012-08-11 (16-22-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 612428 Laufzeit: 2 Stunde(n), 59 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\08112012_100250\C_Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@ (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/11/2012 at 19:32:09
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Angel - ANGEL-PC
# Running from : C:\Users\Angel\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Angel\AppData\Local\OpenCandy
Folder Found : C:\Users\Angel\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Angel\AppData\Roaming\OpenCandy
File Found : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\searchplugins\Askcom.xml
***** [Registry] *****
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\Headlight
[x64] Key Found : HKCU\Software\Softonic
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1691 octets] - [11/08/2012 19:32:09]
########## EOF - C:\AdwCleaner[R1].txt - [1819 octets] ##########
Gruß, Daniel |
|
11.08.2012, 18:52
| #7 |
| /// Helfer-Team | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
11.08.2012, 22:10
| #8 |
| | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Danke fuer die schnelle Antwort. Beide Scans sind nun fertig. AdwCleaner: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/11/2012 at 19:59:57
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Angel - ANGEL-PC
# Running from : C:\Users\Angel\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Angel\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Angel\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Angel\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\searchplugins\Askcom.xml
***** [Registry] *****
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\prefs.js
C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1812 octets] - [11/08/2012 19:32:09]
AdwCleaner[S1].txt - [1541 octets] - [11/08/2012 19:59:57]
########## EOF - C:\AdwCleaner[S1].txt - [1669 octets] ##########
Emsisoft Anti-Malware: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 8/11/2012 8:07:21 PM
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 8/11/2012 8:07:52 PM
C:\_OTL\MovedFiles\08112012_100250\C_Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@ gefunden: Trojan.Win64.Sirefef.AMN!E1
C:\_OTL\MovedFiles\08112012_100250\C_Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@ gefunden: Backdoor.Win64.AMN!E1
Gescannt 869010
Gefunden 2
Scan Ende: 8/11/2012 11:02:57 PM
Scan Zeit: 2:55:05
Daniel |
|
12.08.2012, 00:47
| #9 |
| /// Helfer-Team | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
12.08.2012, 11:34
| #10 |
| | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? So, hier das Log von ESET (Ich hoffe die folgenden Schritte benötigen nicht auch alle 3,5 Stunden  ) :Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e3118a567ad92f4ba98c1ff9b8e0ee48
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-12 10:26:15
# local_time=2012-08-12 12:26:15 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 586215 586215 0 0
# compatibility_mode=5893 16776574 66 94 606531 96384986 0 0
# compatibility_mode=8192 67108863 100 0 157087 157087 0 0
# scanned=432342
# found=1
# cleaned=1
# scan_time=12039
C:\_OTL\MovedFiles\08112012_100250\C_Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@ Win64/Sirefef.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Daniel |
|
12.08.2012, 13:25
| #11 |
| /// Helfer-Team | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? |
|
12.08.2012, 13:36
| #12 |
| | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Nach dem Starten des Programms erhalte ich folgende Fehlermeldung: "Failed to install the remover driver (Error code 0xC0070001F)" Was nun? |
|
12.08.2012, 14:26
| #13 |
| /// Helfer-Team | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
12.08.2012, 16:14
| #14 |
| | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? Combofix Log: Code:
ATTFilter ComboFix 12-08-10.02 - Angel 12.08.2012 16:50:30.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1033.18.4026.2873 [GMT 2:00]
ausgeführt von:: c:\users\Angel\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-12 bis 2012-08-12 ))))))))))))))))))))))))))))))
.
.
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\program files\Defraggler
2012-08-12 11:39 . 2012-08-12 11:39 -------- d-----w- c:\program files\CCleaner
2012-08-12 11:38 . 2012-08-12 11:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-12 11:37 . 2012-08-12 11:37 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-12 11:37 . 2012-08-12 11:37 -------- d-----w- c:\program files (x86)\Java
2012-08-12 11:36 . 2012-08-12 11:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-12 11:36 . 2012-08-12 11:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-12 11:34 . 2012-08-12 11:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-12 11:28 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-12 11:28 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-12 11:28 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-12 11:28 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-12 11:27 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-12 11:27 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-12 11:27 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-12 11:27 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-12 11:27 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-12 11:27 . 2012-08-12 11:27 -------- d-----w- c:\programdata\AVAST Software
2012-08-12 11:27 . 2012-08-12 11:27 -------- d-----w- c:\program files\AVAST Software
2012-08-11 18:05 . 2012-08-12 06:58 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-11 08:02 . 2012-08-11 08:02 -------- d-----w- C:\_OTL
2012-08-06 14:37 . 2012-08-06 14:37 -------- d-----w- c:\users\Angel\AppData\Roaming\Malwarebytes
2012-08-06 14:37 . 2012-08-07 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-06 14:37 . 2012-08-06 14:37 -------- d-----w- c:\programdata\Malwarebytes
2012-08-06 14:37 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-05 06:43 . 2012-08-05 06:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 11:37 . 2010-05-03 08:18 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-05 06:37 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-11 06:40 . 2009-12-27 14:23 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-08-04 14:47 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{769E472F-D01F-4DC9-A6CB-5709B9F2D773}\mpengine.dll
2012-06-22 06:05 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-12 03:08 . 2012-07-11 06:45 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 05:28 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 05:29 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:29 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:27 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:29 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:29 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:28 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 05:24 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 05:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:24 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 05:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 05:24 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 05:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 05:28 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:28 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 05:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 05:28 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:28 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:28 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:28 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 14:20 . 2010-01-13 07:17 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-31 10:25 . 2009-12-24 19:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-13 05:16 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 05:16 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 05:16 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 250056]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - b5d9fc19103ad2dc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 11:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.69.100.174 80.69.100.206
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b5d9fc19103ad2dc]
"ImagePath"="\SystemRoot\System32\Drivers\b5d9fc19103ad2dc.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-12 17:06:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-12 15:06
.
Vor Suchlauf: 84.754.583.552 bytes free
Nach Suchlauf: 84.484.546.560 bytes free
.
- - End Of File - - 7D412695FEC59D518B846E8867C0794C
Gruß, Daniel |
|
12.08.2012, 18:25
| #15 |
| /// Helfer-Team | tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? ZAccess: AVG Zero.Access Remover als Administrator starten |
|
| Themen zu tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? |
| antivir, beseitigung, bho, cdburnerxp, desktop, downloader, echtzeit-scanner, excel, failed, flash player, frage, google, google earth, home, install.exe, launch, locker, logfile, mywinlocker, plug-in, realtek, registry, security, siteadvisor, software, starten, taskmanager, tofitugikloq.exe, trojan.phex.thagen3, usb 2.0, viren, windows, youtube downloader |
Linear-Darstellung
