Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.08.2012, 17:19   #1
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Hallo Trojaner-Board-Team,

habe gestern einen aufgeregten Anruf meiner Mutter erhalten, dass sich der Antivir Echtzeit-Scanner nicht mehr starten ließe und zuvor eine Warnmeldung über einen Trojaner kam, welchen sie dann in Quarantäne verschoben hat.
Laut ihrem Bericht hätten sich auch auf dem Desktop Dateien merkwürdig verschoben.

Auf die Frage wann diese Meldung eintraf konnte sie mir keine klare Antwort geben, nach mehrmaligem Nachstochern hieß es dann dass sie nach Infos über Tagesgeld-Konten gesucht hätte und auch ein (vielleicht vermeintliches?) Flash-Update installiert hat.

Nachdem ich sie dann bat die W-LAN Verbindung zu deaktivieren und mir zu sagen welche Prozesse den im Taskmanager gelistet sind (lässt sich starten) bekam ich auch eine 'tofitugikloq.exe' genannt.
Eine Google Suche brachte mich dann in's AntiVir Forum:
hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=147501

Ich habe sie dann gebeten den Laptop auszuschalten und mir zu bringen, in der Hoffnung, dass mir die Leute aus dem Trojaner-Board bei der Beseitigung helfen können.
In Antiv selbst sind bis auf die Ereignisse, dass der Echtzeit-Scanner nicht gestartet werden konnte keine Meldungen zu finden.

- Den defogger habe ich ausgeführt.
- Als nächstes den OTL Quickscan. Hier die beiden Ergebnisse:

Code:
ATTFilter
OTL logfile created on: 8/6/2012 4:48:19 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.93 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 75.02% Memory free
7.86 Gb Paging File | 6.81 Gb Available in Paging File | 86.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 77.76 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.42% Space Free | Partition Type: FAT
 
Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/06 15:38:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/07/18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/03/09 20:46:02 | 001,668,608 | ---- | M] (Gerhard Junker) -- C:\Program Files (x86)\ncid.Net\ncid.Net.exe
PRC - [2009/10/06 15:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/08/06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/27 11:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/14 15:57:16 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e642f8e9415d53aa2bc08fc3af938236\System.Deployment.ni.dll
MOD - [2012/06/14 15:56:56 | 000,168,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Thought.vCards\c2a70e2258cb428e2955c2a74b1af89c\Thought.vCards.ni.dll
MOD - [2012/06/14 15:56:54 | 001,893,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net\8ba0c5a3d9e12d6884675c2e9c6e7a03\ncid.Net.ni.exe
MOD - [2012/06/14 15:56:54 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.PhoneNumber\0277ae7345c7e79803baed1993f25218\ncid.Net.PhoneNumber.ni.dll
MOD - [2012/06/13 11:29:22 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012/06/13 11:29:12 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012/05/11 09:43:10 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 09:43:10 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/11 09:43:07 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll
MOD - [2012/05/11 09:41:57 | 001,036,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.resources\4bcbd4da2285537eaa849c0a17f12342\ncid.Net.resources.ni.dll
MOD - [2012/05/11 08:47:28 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
MOD - [2012/05/11 08:47:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/05/11 08:47:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/05/11 08:47:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/05/11 08:47:14 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/11 08:47:07 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2012/02/13 17:32:24 | 000,501,760 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll
MOD - [2012/02/13 17:32:24 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\ikpFlac.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc)
SRV:64bit: - [2010/02/02 13:18:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/08/06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/08/03 18:00:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 19:41:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 09:32:11 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/02/02 13:23:52 | 001,393,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/02 13:18:22 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc)
DRV:64bit: - [2012/07/18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/05/08 17:01:30 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/12 18:21:52 | 000,097,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/08/10 05:07:14 | 000,222,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/27 09:04:36 | 000,058,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/16 13:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/18 14:12:32 | 000,272,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 13:15:30 | 000,060,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 13:15:30 | 000,022,576 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 13:15:30 | 000,020,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDNServ.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 10:46:08 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/05/02 11:58:48 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/05/02 11:58:48 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enDE359DE359
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM1DE&apn_uid=a1437966-3a52-4b75-8b98-d7af7abd1c14&apn_sauid=F994B060-80AD-475F-BB29-32A7FC208B7E&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "hxxp://translate.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "72.64.146.135"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 19:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 18:06:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 19:41:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 18:06:21 | 000,000,000 | ---D | M]
 
[2009/12/24 20:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions
[2012/07/25 08:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions
[2012/04/25 16:46:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/28 21:38:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\searchplugins\askcom.xml
[2012/05/05 19:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/20 19:41:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/04 16:23:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/05/05 19:46:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/05 19:46:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/05 19:46:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/05 19:46:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/05 19:46:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/05 19:46:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found
O4 - HKCU..\Run: [tofitugikloq] C:\Users\Angel\tofitugikloq.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} hxxp://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F15E88C-E0B3-48D0-B2E8-786E78F0D0DB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B8A2BB3-070D-414E-9C6B-204905F6B18B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/06 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Malwarebytes
[2012/08/06 16:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 16:37:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/06 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/06 16:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/05 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0F2A8490-B547-44DE-B85B-17ED4BE37932}
[2012/08/05 16:52:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FC98BDA5-9222-4A7B-8A82-662F1A251F16}
[2012/08/05 14:15:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Avira
[2012/08/05 14:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/05 14:15:22 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/08/05 14:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/05 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/08/05 14:01:32 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2A1B29BC-BD14-4E2A-8320-4B4CE8C72975}
[2012/08/05 08:43:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/05 08:25:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C393F80C-5DC5-4F5B-B01C-BD6BBCB0C4F1}
[2012/08/04 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4298C5ED-5904-4CB9-A51B-B993778192B1}
[2012/08/04 16:47:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D1B39D9E-7D63-4025-9857-2FDDC30BF7D1}
[2012/08/03 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D51E223A-188A-449A-89C0-0885CC746015}
[2012/08/03 06:51:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A9EA1514-318D-4BBE-B36D-7A1315DBB775}
[2012/08/03 06:51:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{81A7388D-526A-4C36-80EA-485FFD468517}
[2012/08/02 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{AF3C7BAC-BE63-4C4F-9F24-FD956D378356}
[2012/08/02 13:59:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{83E83CF0-109C-4063-B707-0FCACF64BCBC}
[2012/08/02 07:18:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B32B4029-F120-4566-88E5-96AE77EBE604}
[2012/08/02 07:18:34 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0A0BB435-8575-45D5-8B70-DD54642B3ADC}
[2012/08/01 18:05:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E94945B2-721A-49CF-816B-291B1C6317A8}
[2012/08/01 18:04:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{004528C4-506A-43AE-A9EB-9CF345E23ECF}
[2012/08/01 15:17:20 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B52B08D6-DE30-48D3-A364-F750423671F9}
[2012/07/31 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3D013B09-2BD6-482E-992F-A7A6957ADB11}
[2012/07/31 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E1A833D2-492A-4127-82EB-85DB85D5CC4F}
[2012/07/31 07:28:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7135BE73-81B5-49AE-92FE-FABDD7E8B018}
[2012/07/30 19:32:59 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6C03D25D-A50F-4833-BAD6-CFC7569FCBE7}
[2012/07/30 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{DBA7071C-BB07-4848-BA5A-FB18064F8EC8}
[2012/07/30 07:17:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{992D4117-32BD-40D2-ACDE-167095639D3A}
[2012/07/30 07:17:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F07B4786-B8EB-436B-B295-A2F5C0883046}
[2012/07/29 18:49:15 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{70BCDE55-75BC-41B2-AA64-8D6EAACE15ED}
[2012/07/29 18:48:56 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A9802FC1-CBAE-408D-9B71-59BC446BD6D9}
[2012/07/29 15:20:02 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4A760BF5-9475-4D91-B4B6-6F060B561B53}
[2012/07/29 07:47:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8021E1CF-3DEF-492A-8FCA-EF94DA70BDB5}
[2012/07/29 07:47:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8D2BC982-9E21-487B-A84E-FFD850CBA25B}
[2012/07/28 20:07:00 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{667E5069-FB4B-4484-87A5-DA506A118BB2}
[2012/07/28 07:07:03 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{CB1782DE-B3F5-46F5-8368-388B4886FF7A}
[2012/07/28 07:06:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{5029FCD2-B6FA-4EE0-86A0-0D1D8F23B304}
[2012/07/27 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{AA0F268E-8BB7-44AE-89B5-2883A902C6A9}
[2012/07/27 16:12:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F279A05F-2BC2-4D70-94BB-7A7898BFE5A7}
[2012/07/27 11:50:31 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{45344224-4D6C-4DCC-86E8-090E214E1F54}
[2012/07/27 07:17:59 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6C975C15-BE79-4D02-8D83-A649F9B1299D}
[2012/07/27 07:17:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{91D8B556-46C1-47A1-B733-F05A5B6B354E}
[2012/07/26 18:25:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{43A63EB4-CAA3-4E77-B5BC-75A51421BA51}
[2012/07/26 18:25:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{DA5E44A1-9C39-4D88-B8F2-466E025524FB}
[2012/07/26 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F1A30590-FACA-4874-8CD1-936004CFA4B2}
[2012/07/26 07:35:06 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0EE56CA8-B230-490E-AE8A-67DC14602005}
[2012/07/26 07:34:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{08EA1CF3-90CD-42EF-8B7E-17C39661C824}
[2012/07/25 21:27:54 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A6E85B55-E59B-4615-A90B-F8BDF01F2F43}
[2012/07/25 21:27:31 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{90472706-1D9E-40DD-A7AB-653E746674CA}
[2012/07/25 07:57:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A936BC72-4432-4A32-BF3C-1093E62C0D60}
[2012/07/25 07:57:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FC5AA590-5119-48AA-9291-A0AFE06E57E8}
[2012/07/24 18:57:19 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{44C7B76B-5ECB-4C63-90EA-FA3AC73D8352}
[2012/07/24 16:56:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D4C2B43C-2A8F-4436-820C-4BEDEA93AA9A}
[2012/07/24 12:17:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F6E223DE-4C07-4D2D-9F96-DA6971D9FB9C}
[2012/07/24 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B0FF446B-B969-436A-8988-C1772E73B6AE}
[2012/07/24 07:33:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7B70ADCD-9F76-4275-98DC-A97B6B97E723}
[2012/07/24 07:33:11 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2F3C1881-14A4-44DE-8E0D-E0072FFCD682}
[2012/07/23 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4DEFBEB3-D11F-40A0-8963-552B8B54752C}
[2012/07/23 07:02:12 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7F09DDBE-2CE2-4A31-9F0A-22CA472607DA}
[2012/07/23 07:02:00 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{67850B28-A240-45B9-BAFE-81317131236B}
[2012/07/22 21:01:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{814064F9-D306-4B6C-83D6-01AA8EA0CA99}
[2012/07/22 07:02:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{779E63A8-7427-4AB3-B7C5-028910495737}
[2012/07/22 07:02:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8CC70E14-F86C-442E-A3EA-036A341AD060}
[2012/07/21 12:25:03 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8CFAB31D-AA98-4ABC-BADB-0C3BE73B900D}
[2012/07/21 12:24:40 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{BAD5BAE9-E01E-4A50-9407-4DCC600666A9}
[2012/07/20 20:30:17 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{58DE76D4-F66E-414C-BE54-D63427A7E700}
[2012/07/20 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{9E401AF8-813B-4CCE-A2DC-8EBDA1E68546}
[2012/07/20 07:45:26 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{77FBC17C-1350-4DF5-BDF0-3A3AC6E30ECA}
[2012/07/20 07:45:09 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4F63956C-59BF-44B7-92FB-B1B41174865F}
[2012/07/19 19:41:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B17F65BB-3C4A-42DA-A0B6-23F8146602A5}
[2012/07/19 19:41:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C1065987-E699-4192-9181-862E886B4C62}
[2012/07/19 07:22:57 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{1833A7E9-1F09-4421-9E0B-01B358CC4F23}
[2012/07/19 07:22:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{15D775A6-0B52-4B37-B26A-169D0E6EDF92}
[2012/07/18 07:53:05 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{12B02651-FD2E-4539-9182-086FCD5E030D}
[2012/07/18 07:52:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{368E241A-EDCE-445D-9758-DC914669DB3E}
[2012/07/17 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{28527A7F-8E14-4EFB-972B-A18D84830A61}
[2012/07/17 16:42:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C2B2E779-3512-41AA-A870-013993A8C39D}
[2012/07/17 12:29:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{346A2883-03A3-4D65-A206-F00D200811FC}
[2012/07/17 07:26:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2433BC7D-D9FC-4DBD-86D7-18221283DEBF}
[2012/07/17 07:26:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FD75142F-B2D3-4D36-BC14-F2D54CE909AD}
[2012/07/16 09:21:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{335E1CA3-3FFD-4238-A0D4-D624D39A069E}
[2012/07/16 09:21:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A65CA88E-A5FF-4BB7-BBE4-608F11FE0E3F}
[2012/07/15 21:20:56 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E561E596-6BAD-423E-96D7-90DEDC5AF564}
[2012/07/15 21:20:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F2623810-7AAC-4912-AED6-57FD38F121B5}
[2012/07/15 20:00:10 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B5140536-BDB0-41CB-B7B9-B6995F959E1B}
[2012/07/15 07:00:51 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{34505BD7-E14D-4692-A7B0-04401ABE6125}
[2012/07/15 07:00:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F65FE5EB-1887-420C-9513-95B2C41F54A8}
[2012/07/14 16:29:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B40D7C8A-CE29-4DC3-A8F7-932E039DE319}
[2012/07/14 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{817E913B-12E4-46AB-8CA4-A520369F2684}
[2012/07/14 15:32:47 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{348D0520-CD50-49B0-BC61-CAAE791541C3}
[2012/07/14 07:39:33 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C65DF41D-BF5C-48BF-864A-A6E48A6EE27D}
[2012/07/14 07:39:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{18DD0A3C-BEAE-4BD3-BB28-990E853C6D3F}
[2012/07/13 21:33:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{504135C6-7505-41D3-971C-6933826AEFEB}
[2012/07/13 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6CC1C0DF-75BE-44C8-A4BE-9319D134279B}
[2012/07/13 08:25:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3A69C5D8-EED0-4944-8A54-F266C974CE3B}
[2012/07/12 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8E750453-C1D9-489C-8515-FB4501A5A057}
[2012/07/12 15:32:04 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E2997D8F-6791-40F4-8C8D-BF89A76EE88C}
[2012/07/11 21:24:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F9A9FF0C-40A8-4A10-8F7F-9DBACF8906C4}
[2012/07/11 21:24:13 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4F37BA7F-B4F1-46ED-B007-48F2BF0F721C}
[2012/07/11 07:23:11 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3EB8ADCC-5A75-4D72-A382-2615912E2FBA}
[2012/07/11 07:22:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8EA280BB-C226-495D-B5D1-C038D72A45BA}
[2012/07/10 20:36:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F4BC6F34-2E93-4574-8431-EBA54AEFB3CD}
[2012/07/10 06:53:06 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{BD88CF78-8B70-457C-8146-929364AA1AE6}
[2012/07/10 06:52:48 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B642EDDF-9161-489D-AF40-22E03D6CC1F5}
[2012/07/09 14:29:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8408E21E-8095-4AFB-B68F-74AE82759523}
[2012/07/09 14:28:39 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3E698BD1-5051-4674-B23D-A2F2F2B08FE1}
[2012/07/09 08:00:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{9B8AACB6-F2A3-43E5-8A2D-5C273A5366DB}
[2012/07/09 08:00:09 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{96D93D74-81D9-4E3B-BC53-1E735C339353}
[2012/07/08 20:36:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A03328FE-3BD1-459C-91E8-E239F3FF70F2}
[2012/07/08 08:05:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{63A02F39-4182-4365-9FCF-94BBAB929227}
[2012/07/08 08:04:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{90CA27F7-BA6E-4638-8B81-DD6C0ABDFC04}
[2009/08/14 12:17:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012/08/06 17:02:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/06 16:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 16:39:15 | 000,732,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/06 16:39:15 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/06 16:39:15 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/06 16:36:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 16:36:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 16:36:17 | 000,000,000 | ---- | M] () -- C:\Users\Angel\defogger_reenable
[2012/08/06 16:28:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/06 16:28:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 16:28:34 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 13:00:44 | 000,085,976 | ---- | M] () -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys
[2012/08/05 08:36:23 | 000,090,584 | ---- | M] () -- C:\Users\Angel\tofitugikloq.exe
[2012/07/20 19:41:21 | 000,002,048 | ---- | M] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/07/11 08:49:23 | 000,451,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012/08/06 16:36:17 | 000,000,000 | ---- | C] () -- C:\Users\Angel\defogger_reenable
[2012/08/05 13:00:44 | 000,085,976 | ---- | C] () -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys
[2012/08/05 08:37:36 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@
[2012/08/05 08:37:36 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@
[2012/08/05 08:37:36 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@
[2012/08/05 08:36:57 | 000,090,584 | ---- | C] () -- C:\Users\Angel\tofitugikloq.exe
[2012/07/11 08:45:09 | 003,148,800 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2012/07/11 07:28:28 | 000,458,704 | ---- | C] () -- C:\Windows\SysNative\drivers\cng.sys
[2012/07/11 07:28:27 | 000,151,920 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2012/07/11 07:28:25 | 000,095,600 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2012/03/12 07:38:27 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@
[2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Users\Angel\AppData\Local\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@
[2011/07/30 22:47:14 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/08 16:08:11 | 000,000,860 | ---- | C] () -- C:\Users\Angel\.recently-used.xbel
[2010/06/21 14:21:09 | 000,000,001 | R--- | C] () -- C:\Users\Angel\serverport
[2009/12/27 20:04:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2010/02/21 12:56:08 | 000,000,000 | -HSD | M] -- C:\Users\Angel\AppData\Roaming\.#
[2011/12/26 17:26:50 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Awem
[2010/03/26 12:37:57 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Canneverbe Limited
[2011/12/21 22:26:47 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011/08/17 15:25:34 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\DVDVideoSoft
[2010/02/21 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\GameConsole
[2010/02/17 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\GetRightToGo
[2010/08/08 16:08:11 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\gtk-2.0
[2010/08/28 18:40:44 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Iggels
[2011/07/22 19:19:03 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\OpenCandy
[2011/06/13 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\OpenOffice.org
[2010/08/08 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PhotoFiltre
[2010/02/21 13:03:00 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PlayFirst
[2011/11/06 09:43:09 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PowerCinema
[2012/08/05 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\QuickScan
[2011/09/12 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Skinux
[2012/03/20 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\SoftDMA
[2010/02/22 09:21:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Thinstall
[2009/12/24 21:45:03 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\TuneUp Software
[2010/05/22 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\VoipStunt
[2010/08/28 19:56:38 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Youtube Downloader HD
[2012/07/13 08:21:30 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 8/6/2012 4:48:19 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.93 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 75.02% Memory free
7.86 Gb Paging File | 6.81 Gb Available in Paging File | 86.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 77.76 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.42% Space Free | Partition Type: FAT
 
Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{517DC9BF-48CD-480B-BE9A-8272DD9E536F}" = ncid.Net 2.6.14
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{787F0AC6-1C11-44AF-A07A-82C153D39FCA}_is1" = eMpTy-V-loader version 3.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E492D84D-F8CB-48C7-A78C-D62537D5AE46}" = GMX SMS-Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"Fotosizer" = Fotosizer 1.27
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 4.0.815
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"MAGIX Foto Clinic 4.5 D" = MAGIX Foto Clinic 4.5 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Star Defender 2_is1" = Star Defender 2
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.5
"VoipStunt_is1" = VoipStunt
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/14/2012 2:55:06 PM | Computer Name = Angel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ncid.Net.exe, version: 2.6.14.0, time stamp:
 0x4f5a4fe4  Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
 0x4e211319  Exception code: 0xe0434352  Fault offset: 0x0000b9bc  Faulting process id:
 0xa88  Faulting application start time: 0x01cd61a81a7b7d44  Faulting application path:
 C:\Program Files (x86)\ncid.Net\ncid.Net.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: 6cbfa323-cde5-11e1-87f0-00262263434f
 
Error - 8/5/2012 7:44:22 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 7:54:30 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 8:17:08 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 8:21:30 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 10:47:27 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 11:04:26 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 12:16:21 PM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 12:22:46 PM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/6/2012 10:29:00 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
[ Media Center Events ]
Error - 8/28/2010 1:35:27 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 07:35:25 - Failed to retrieve MCESpotlight (Error: The underlying 
connection was closed: An unexpected error occurred on a receive.)  
 
Error - 8/28/2010 1:36:00 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 07:36:00 - Failed to retrieve Broadband (Error: The underlying connection
 was closed: An unexpected error occurred on a receive.)  
 
[ System Events ]
Error - 8/5/2012 12:16:57 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 8/5/2012 12:16:57 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147024891
 
Error - 8/5/2012 12:22:53 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7024
Description = The Avira Echtzeit Scanner service terminated with service-specific
 error %%307.
 
Error - 8/6/2012 10:28:44 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error:   %%31
 
Error - 8/6/2012 10:28:51 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error: 
  %%1060
 
Error - 8/6/2012 10:28:53 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
 service: BFE. This service might not be installed.
 
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the 
following error:   %%2
 
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
 This service might not be installed.
 
Error - 8/6/2012 10:29:50 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7024
Description = The Avira Echtzeit Scanner service terminated with service-specific
 error %%307.
 
 
< End of report >
         
Gleich Vorweg eine Frage: Ich habe auf dem Laptop nun Malwarebytes installiert, jedoch möchte die Software ein Datenbank Update machen (34 Tage alt zurzeit), jedoch möchte ich den Laptop ungerne an mein W-LAN Netz lassen. Wie soll ich da verfahren?

Ich hoffe mir kann hier jemand helfen.
Danke im Voraus,

Daniel

Geändert von LeProphete (06.08.2012 um 17:25 Uhr)

Alt 08.08.2012, 11:49   #2
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Entschuldigung für den Doppelpost, aber ich denke der Malwarebytes Log könnte hier doch etwas weiterhelfen, habe den Laptop nun doch kurzfristig ins Netz gelassen um das Datenbankupdate durchzuführen.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.07.06

Windows 7 Service Pack 1 x64 FAT
Internet Explorer 8.0.7601.17514
Angel :: ANGEL-PC [Administrator]

08.08.2012 07:14:36
mbam-log-2012-08-08 (11-31-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 627501
Laufzeit: 3 Stunde(n), 22 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Angel\tofitugikloq.exe (Trojan.Phex.THAGen3) -> 2616 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tofitugikloq (Trojan.Phex.THAGen3) -> Daten: C:\Users\Angel\tofitugikloq.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Angel\tofitugikloq.exe (Trojan.Phex.THAGen3) -> Keine Aktion durchgeführt.
C:\Users\Angel\AppData\Local\Temp\1598479.exe (Trojan.Phex.THAGen3) -> Keine Aktion durchgeführt.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
Der Beitrag kann ja wenn möglich von einem Moderator in den ersten eingefügt werden.

Gruß,
Daniel
__________________


Alt 10.08.2012, 20:40   #3
t'john
/// Helfer-Team
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc) 
DRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc) 
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enDE359DE359 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM1DE&apn_uid=a1437966-3a52-4b75-8b98-d7af7abd1c14&apn_sauid=F994B060-80AD-475F-BB29-32A7FC208B7E& 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" 
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" 
FF - prefs.js..browser.search.param.yahoo-type: "${8}" 
FF - prefs.js..browser.startup.homepage: "http://translate.google.de/" 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..network.proxy.http: "72.64.146.135" 
FF - prefs.js..network.proxy.http_port: 3128 
FF - prefs.js..network.proxy.type: 4 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKCU..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found 
O4 - HKCU..\Run: [tofitugikloq] C:\Users\Angel\tofitugikloq.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
File not found -- C:\Windows\SysNative\ 
[2012/08/05 08:36:23 | 000,090,584 | ---- | M] () -- C:\Users\Angel\tofitugikloq.exe 

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:E2B84483 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1D32EC29 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 
[2012/08/06 17:02:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012/08/06 16:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/08/06 16:28:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/08/05 08:37:36 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@ 
[2012/08/05 08:37:36 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@ 
[2012/08/05 08:37:36 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@ 
[2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@ 
[2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Users\Angel\AppData\Local\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@ 
[2010/02/21 12:56:08 | 000,000,000 | -HSD | M] -- C:\Users\Angel\AppData\Roaming\.# 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
__________________

Alt 11.08.2012, 10:13   #4
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Danke fuer die Antwort, hier das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named b5d9fc19103ad2dc was found to stop!
Service\Driver key b5d9fc19103ad2dc not found.
File C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys not found.
Error: No service named b5d9fc19103ad2dc was found to stop!
Service\Driver key b5d9fc19103ad2dc not found.
File C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr
Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "${8}" removed from browser.search.param.yahoo-type
Prefs.js: "hxxp://translate.google.de/" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "72.64.146.135" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ncid.Net deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tofitugikloq not found.
File C:\Users\Angel\tofitugikloq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\Users\Angel\tofitugikloq.exe not found.
ADS C:\ProgramData\Temp:E2B84483 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:1D32EC29 deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@ moved successfully.
C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@ moved successfully.
C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@ moved successfully.
C:\Users\Angel\AppData\Local\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@ moved successfully.
C:\Users\Angel\AppData\Roaming\.# folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Angel\Desktop\cmd.bat deleted successfully.
C:\Users\Angel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Angel
->Temp folder emptied: 12934146 bytes
->Temporary Internet Files folder emptied: 120633304 bytes
->Java cache emptied: 60323008 bytes
->FireFox cache emptied: 325409596 bytes
->Flash cache emptied: 17151472 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1972126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13295689 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 526.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Angel
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08112012_100250

Files\Folders moved on Reboot...
C:\Users\Angel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Angel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Daniel

Alt 11.08.2012, 16:12   #5
t'john
/// Helfer-Team
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Sehr gut!


1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

__________________
Mfg, t'john
Das TB unterstützen

Alt 11.08.2012, 19:35   #6
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Weiter geht's..

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Angel :: ANGEL-PC [Administrator]

11.08.2012 16:22:09
mbam-log-2012-08-11 (16-22-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 612428
Laufzeit: 2 Stunde(n), 59 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\08112012_100250\C_Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@ (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/11/2012 at 19:32:09
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Angel - ANGEL-PC
# Running from : C:\Users\Angel\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Angel\AppData\Local\OpenCandy
Folder Found : C:\Users\Angel\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Angel\AppData\Roaming\OpenCandy
File Found : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\Headlight
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1691 octets] - [11/08/2012 19:32:09]

########## EOF - C:\AdwCleaner[R1].txt - [1819 octets] ##########
         

Gruß,
Daniel

Alt 11.08.2012, 19:52   #7
t'john
/// Helfer-Team
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.08.2012, 23:10   #8
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Danke fuer die schnelle Antwort.
Beide Scans sind nun fertig.

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/11/2012 at 19:59:57
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Angel - ANGEL-PC
# Running from : C:\Users\Angel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Angel\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Angel\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Angel\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\prefs.js

C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1812 octets] - [11/08/2012 19:32:09]
AdwCleaner[S1].txt - [1541 octets] - [11/08/2012 19:59:57]

########## EOF - C:\AdwCleaner[S1].txt - [1669 octets] ##########
         

Emsisoft Anti-Malware:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 8/11/2012 8:07:21 PM

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	8/11/2012 8:07:52 PM

C:\_OTL\MovedFiles\08112012_100250\C_Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@ 	gefunden: Trojan.Win64.Sirefef.AMN!E1
C:\_OTL\MovedFiles\08112012_100250\C_Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@ 	gefunden: Backdoor.Win64.AMN!E1

Gescannt	869010
Gefunden	2

Scan Ende:	8/11/2012 11:02:57 PM
Scan Zeit:	2:55:05
         
MfG
Daniel

Alt 12.08.2012, 01:47   #9
t'john
/// Helfer-Team
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 12:34   #10
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



So, hier das Log von ESET (Ich hoffe die folgenden Schritte benötigen nicht auch alle 3,5 Stunden ) :

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e3118a567ad92f4ba98c1ff9b8e0ee48
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-12 10:26:15
# local_time=2012-08-12 12:26:15 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 586215 586215 0 0
# compatibility_mode=5893 16776574 66 94 606531 96384986 0 0
# compatibility_mode=8192 67108863 100 0 157087 157087 0 0
# scanned=432342
# found=1
# cleaned=1
# scan_time=12039
C:\_OTL\MovedFiles\08112012_100250\C_Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@	Win64/Sirefef.AL trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         
Gruß,
Daniel

Alt 12.08.2012, 14:25   #11
t'john
/// Helfer-Team
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



ZAccess: http://www.trojaner-board.de/114276-...s-remover.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 14:36   #12
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Nach dem Starten des Programms erhalte ich folgende Fehlermeldung:

"Failed to install the remover driver (Error code 0xC0070001F)"

Was nun?

Alt 12.08.2012, 15:26   #13
t'john
/// Helfer-Team
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 17:14   #14
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



Combofix Log:

Code:
ATTFilter
ComboFix 12-08-10.02 - Angel 12.08.2012  16:50:30.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1033.18.4026.2873 [GMT 2:00]
ausgeführt von:: c:\users\Angel\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-12 bis 2012-08-12  ))))))))))))))))))))))))))))))
.
.
2012-08-12 11:40 . 2012-08-12 11:40	--------	d-----w-	c:\program files\Defraggler
2012-08-12 11:39 . 2012-08-12 11:39	--------	d-----w-	c:\program files\CCleaner
2012-08-12 11:38 . 2012-08-12 11:38	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-08-12 11:37 . 2012-08-12 11:37	772592	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-08-12 11:37 . 2012-08-12 11:37	--------	d-----w-	c:\program files (x86)\Java
2012-08-12 11:36 . 2012-08-12 11:36	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-12 11:36 . 2012-08-12 11:36	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-12 11:34 . 2012-08-12 11:34	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-08-12 11:28 . 2012-07-03 16:21	355856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-12 11:28 . 2012-07-03 16:21	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-12 11:28 . 2012-07-03 16:21	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-12 11:28 . 2012-07-03 16:21	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-08-12 11:27 . 2012-07-03 16:21	958400	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-12 11:27 . 2012-07-03 16:21	71064	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-08-12 11:27 . 2012-07-03 16:21	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-08-12 11:27 . 2012-07-03 16:21	41224	----a-w-	c:\windows\avastSS.scr
2012-08-12 11:27 . 2012-07-03 16:21	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-08-12 11:27 . 2012-08-12 11:27	--------	d-----w-	c:\programdata\AVAST Software
2012-08-12 11:27 . 2012-08-12 11:27	--------	d-----w-	c:\program files\AVAST Software
2012-08-11 18:05 . 2012-08-12 06:58	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-08-11 08:02 . 2012-08-11 08:02	--------	d-----w-	C:\_OTL
2012-08-06 14:37 . 2012-08-06 14:37	--------	d-----w-	c:\users\Angel\AppData\Roaming\Malwarebytes
2012-08-06 14:37 . 2012-08-07 17:21	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-06 14:37 . 2012-08-06 14:37	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-06 14:37 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-05 06:43 . 2012-08-05 06:43	--------	d-sh--w-	c:\windows\system32\%APPDATA%
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 11:37 . 2010-05-03 08:18	687600	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-05 06:37 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe
2012-07-11 06:40 . 2009-12-27 14:23	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-08-04 14:47	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{769E472F-D01F-4DC9-A6CB-5709B9F2D773}\mpengine.dll
2012-06-22 06:05 . 2011-03-28 16:36	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-12 03:08 . 2012-07-11 06:45	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 05:28	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 05:29	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:29	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:27	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:29	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:29	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:28	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 05:24	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:25	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 05:25	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:25	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:24	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 05:25	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 05:24	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:24	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 05:24	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 05:28	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:28	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 05:28	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 05:28	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:28	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:28	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:28	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:28	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:28	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-31 14:20 . 2010-01-13 07:17	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-31 10:25 . 2009-12-24 19:07	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-13 05:16	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 05:16	64512	----a-w-	c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 05:16	981504	----a-w-	c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 250056]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - b5d9fc19103ad2dc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 11:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.69.100.174 80.69.100.206
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b5d9fc19103ad2dc]
"ImagePath"="\SystemRoot\System32\Drivers\b5d9fc19103ad2dc.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-12  17:06:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-12 15:06
.
Vor Suchlauf: 84.754.583.552 bytes free
Nach Suchlauf: 84.484.546.560 bytes free
.
- - End Of File - - 7D412695FEC59D518B846E8867C0794C
         
Mich wundert, dass dort Avira auftaucht obwohl ich es heute morgen (neben anderem Softwaremüll) deinstalliert und Avast installiert habe.

Gruß,
Daniel

Alt 12.08.2012, 19:25   #15
t'john
/// Helfer-Team
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?



ZAccess: AVG Zero.Access Remover als Administrator starten
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?
antivir, beseitigung, bho, cdburnerxp, desktop, downloader, echtzeit-scanner, excel, failed, flash player, frage, google, google earth, home, install.exe, launch, locker, logfile, mywinlocker, realtek, registry, security, siteadvisor, software, starten, taskmanager, tofitugikloq.exe, trojan.phex.thagen3, usb 2.0, viren, windows, youtube downloader



Ähnliche Themen: tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  3. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  4. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  5. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  6. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 28.07.2012 (25)
  8. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  9. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  14. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  16. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  17. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)

Zum Thema tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Hallo Trojaner-Board-Team, habe gestern einen aufgeregten Anruf meiner Mutter erhalten, dass sich der Antivir Echtzeit-Scanner nicht mehr starten ließe und zuvor eine Warnmeldung über einen Trojaner kam, welchen sie dann - tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?...
Archiv
Du betrachtest: tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.