Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?


Plagegeister aller Art und deren Bekämpfung: tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.08.2012, 16:19   #1
LeProphete
 
tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Standard

tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?


Hallo Trojaner-Board-Team,

habe gestern einen aufgeregten Anruf meiner Mutter erhalten, dass sich der Antivir Echtzeit-Scanner nicht mehr starten ließe und zuvor eine Warnmeldung über einen Trojaner kam, welchen sie dann in Quarantäne verschoben hat.
Laut ihrem Bericht hätten sich auch auf dem Desktop Dateien merkwürdig verschoben.

Auf die Frage wann diese Meldung eintraf konnte sie mir keine klare Antwort geben, nach mehrmaligem Nachstochern hieß es dann dass sie nach Infos über Tagesgeld-Konten gesucht hätte und auch ein (vielleicht vermeintliches?) Flash-Update installiert hat.

Nachdem ich sie dann bat die W-LAN Verbindung zu deaktivieren und mir zu sagen welche Prozesse den im Taskmanager gelistet sind (lässt sich starten) bekam ich auch eine 'tofitugikloq.exe' genannt.
Eine Google Suche brachte mich dann in's AntiVir Forum:
hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=147501

Ich habe sie dann gebeten den Laptop auszuschalten und mir zu bringen, in der Hoffnung, dass mir die Leute aus dem Trojaner-Board bei der Beseitigung helfen können.
In Antiv selbst sind bis auf die Ereignisse, dass der Echtzeit-Scanner nicht gestartet werden konnte keine Meldungen zu finden.

- Den defogger habe ich ausgeführt.
- Als nächstes den OTL Quickscan. Hier die beiden Ergebnisse:

Code:
ATTFilter
OTL logfile created on: 8/6/2012 4:48:19 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.93 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 75.02% Memory free
7.86 Gb Paging File | 6.81 Gb Available in Paging File | 86.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 77.76 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.42% Space Free | Partition Type: FAT
 
Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/06 15:38:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/07/18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/03/09 20:46:02 | 001,668,608 | ---- | M] (Gerhard Junker) -- C:\Program Files (x86)\ncid.Net\ncid.Net.exe
PRC - [2009/10/06 15:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/08/06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/27 11:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/14 15:57:16 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e642f8e9415d53aa2bc08fc3af938236\System.Deployment.ni.dll
MOD - [2012/06/14 15:56:56 | 000,168,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Thought.vCards\c2a70e2258cb428e2955c2a74b1af89c\Thought.vCards.ni.dll
MOD - [2012/06/14 15:56:54 | 001,893,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net\8ba0c5a3d9e12d6884675c2e9c6e7a03\ncid.Net.ni.exe
MOD - [2012/06/14 15:56:54 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.PhoneNumber\0277ae7345c7e79803baed1993f25218\ncid.Net.PhoneNumber.ni.dll
MOD - [2012/06/13 11:29:22 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012/06/13 11:29:12 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012/05/11 09:43:10 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 09:43:10 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/11 09:43:07 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll
MOD - [2012/05/11 09:41:57 | 001,036,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.resources\4bcbd4da2285537eaa849c0a17f12342\ncid.Net.resources.ni.dll
MOD - [2012/05/11 08:47:28 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
MOD - [2012/05/11 08:47:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/05/11 08:47:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/05/11 08:47:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/05/11 08:47:14 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/11 08:47:07 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2012/02/13 17:32:24 | 000,501,760 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll
MOD - [2012/02/13 17:32:24 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\ikpFlac.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc)
SRV:64bit: - [2010/02/02 13:18:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/08/06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/08/03 18:00:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 19:41:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 09:32:11 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/02/02 13:23:52 | 001,393,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/02 13:18:22 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/08/05 13:00:44 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys -- (b5d9fc19103ad2dc)
DRV:64bit: - [2012/07/18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/05/08 17:01:30 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/12 18:21:52 | 000,097,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/08/10 05:07:14 | 000,222,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/27 09:04:36 | 000,058,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/16 13:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/18 14:12:32 | 000,272,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 13:15:30 | 000,060,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 13:15:30 | 000,022,576 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 13:15:30 | 000,020,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDNServ.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 10:46:08 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/05/02 11:58:48 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/05/02 11:58:48 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27361209a135l03c4z1m5t48l2x629
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enDE359DE359
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{88AA4EA4-6D02-41B2-860D-87AC59D3F588}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM1DE&apn_uid=a1437966-3a52-4b75-8b98-d7af7abd1c14&apn_sauid=F994B060-80AD-475F-BB29-32A7FC208B7E&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "hxxp://translate.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "72.64.146.135"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 19:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 18:06:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 19:41:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 18:06:21 | 000,000,000 | ---D | M]
 
[2009/12/24 20:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions
[2012/07/25 08:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions
[2012/04/25 16:46:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/28 21:38:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\vxd4ormv.default\searchplugins\askcom.xml
[2012/05/05 19:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/20 19:41:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/04 16:23:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/05/05 19:46:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/05 19:46:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/05 19:46:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/05 19:46:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/05 19:46:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/05 19:46:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found
O4 - HKCU..\Run: [tofitugikloq] C:\Users\Angel\tofitugikloq.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} hxxp://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F15E88C-E0B3-48D0-B2E8-786E78F0D0DB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B8A2BB3-070D-414E-9C6B-204905F6B18B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/06 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Malwarebytes
[2012/08/06 16:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 16:37:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/06 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/06 16:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/05 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0F2A8490-B547-44DE-B85B-17ED4BE37932}
[2012/08/05 16:52:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FC98BDA5-9222-4A7B-8A82-662F1A251F16}
[2012/08/05 14:15:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Avira
[2012/08/05 14:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/05 14:15:22 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/08/05 14:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/05 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/08/05 14:01:32 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2A1B29BC-BD14-4E2A-8320-4B4CE8C72975}
[2012/08/05 08:43:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/05 08:25:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C393F80C-5DC5-4F5B-B01C-BD6BBCB0C4F1}
[2012/08/04 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4298C5ED-5904-4CB9-A51B-B993778192B1}
[2012/08/04 16:47:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D1B39D9E-7D63-4025-9857-2FDDC30BF7D1}
[2012/08/03 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D51E223A-188A-449A-89C0-0885CC746015}
[2012/08/03 06:51:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A9EA1514-318D-4BBE-B36D-7A1315DBB775}
[2012/08/03 06:51:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{81A7388D-526A-4C36-80EA-485FFD468517}
[2012/08/02 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{AF3C7BAC-BE63-4C4F-9F24-FD956D378356}
[2012/08/02 13:59:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{83E83CF0-109C-4063-B707-0FCACF64BCBC}
[2012/08/02 07:18:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B32B4029-F120-4566-88E5-96AE77EBE604}
[2012/08/02 07:18:34 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0A0BB435-8575-45D5-8B70-DD54642B3ADC}
[2012/08/01 18:05:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E94945B2-721A-49CF-816B-291B1C6317A8}
[2012/08/01 18:04:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{004528C4-506A-43AE-A9EB-9CF345E23ECF}
[2012/08/01 15:17:20 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B52B08D6-DE30-48D3-A364-F750423671F9}
[2012/07/31 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3D013B09-2BD6-482E-992F-A7A6957ADB11}
[2012/07/31 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E1A833D2-492A-4127-82EB-85DB85D5CC4F}
[2012/07/31 07:28:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7135BE73-81B5-49AE-92FE-FABDD7E8B018}
[2012/07/30 19:32:59 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6C03D25D-A50F-4833-BAD6-CFC7569FCBE7}
[2012/07/30 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{DBA7071C-BB07-4848-BA5A-FB18064F8EC8}
[2012/07/30 07:17:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{992D4117-32BD-40D2-ACDE-167095639D3A}
[2012/07/30 07:17:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F07B4786-B8EB-436B-B295-A2F5C0883046}
[2012/07/29 18:49:15 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{70BCDE55-75BC-41B2-AA64-8D6EAACE15ED}
[2012/07/29 18:48:56 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A9802FC1-CBAE-408D-9B71-59BC446BD6D9}
[2012/07/29 15:20:02 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4A760BF5-9475-4D91-B4B6-6F060B561B53}
[2012/07/29 07:47:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8021E1CF-3DEF-492A-8FCA-EF94DA70BDB5}
[2012/07/29 07:47:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8D2BC982-9E21-487B-A84E-FFD850CBA25B}
[2012/07/28 20:07:00 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{667E5069-FB4B-4484-87A5-DA506A118BB2}
[2012/07/28 07:07:03 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{CB1782DE-B3F5-46F5-8368-388B4886FF7A}
[2012/07/28 07:06:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{5029FCD2-B6FA-4EE0-86A0-0D1D8F23B304}
[2012/07/27 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{AA0F268E-8BB7-44AE-89B5-2883A902C6A9}
[2012/07/27 16:12:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F279A05F-2BC2-4D70-94BB-7A7898BFE5A7}
[2012/07/27 11:50:31 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{45344224-4D6C-4DCC-86E8-090E214E1F54}
[2012/07/27 07:17:59 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6C975C15-BE79-4D02-8D83-A649F9B1299D}
[2012/07/27 07:17:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{91D8B556-46C1-47A1-B733-F05A5B6B354E}
[2012/07/26 18:25:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{43A63EB4-CAA3-4E77-B5BC-75A51421BA51}
[2012/07/26 18:25:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{DA5E44A1-9C39-4D88-B8F2-466E025524FB}
[2012/07/26 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F1A30590-FACA-4874-8CD1-936004CFA4B2}
[2012/07/26 07:35:06 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{0EE56CA8-B230-490E-AE8A-67DC14602005}
[2012/07/26 07:34:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{08EA1CF3-90CD-42EF-8B7E-17C39661C824}
[2012/07/25 21:27:54 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A6E85B55-E59B-4615-A90B-F8BDF01F2F43}
[2012/07/25 21:27:31 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{90472706-1D9E-40DD-A7AB-653E746674CA}
[2012/07/25 07:57:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A936BC72-4432-4A32-BF3C-1093E62C0D60}
[2012/07/25 07:57:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FC5AA590-5119-48AA-9291-A0AFE06E57E8}
[2012/07/24 18:57:19 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{44C7B76B-5ECB-4C63-90EA-FA3AC73D8352}
[2012/07/24 16:56:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{D4C2B43C-2A8F-4436-820C-4BEDEA93AA9A}
[2012/07/24 12:17:52 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F6E223DE-4C07-4D2D-9F96-DA6971D9FB9C}
[2012/07/24 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B0FF446B-B969-436A-8988-C1772E73B6AE}
[2012/07/24 07:33:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7B70ADCD-9F76-4275-98DC-A97B6B97E723}
[2012/07/24 07:33:11 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2F3C1881-14A4-44DE-8E0D-E0072FFCD682}
[2012/07/23 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4DEFBEB3-D11F-40A0-8963-552B8B54752C}
[2012/07/23 07:02:12 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{7F09DDBE-2CE2-4A31-9F0A-22CA472607DA}
[2012/07/23 07:02:00 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{67850B28-A240-45B9-BAFE-81317131236B}
[2012/07/22 21:01:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{814064F9-D306-4B6C-83D6-01AA8EA0CA99}
[2012/07/22 07:02:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{779E63A8-7427-4AB3-B7C5-028910495737}
[2012/07/22 07:02:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8CC70E14-F86C-442E-A3EA-036A341AD060}
[2012/07/21 12:25:03 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8CFAB31D-AA98-4ABC-BADB-0C3BE73B900D}
[2012/07/21 12:24:40 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{BAD5BAE9-E01E-4A50-9407-4DCC600666A9}
[2012/07/20 20:30:17 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{58DE76D4-F66E-414C-BE54-D63427A7E700}
[2012/07/20 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{9E401AF8-813B-4CCE-A2DC-8EBDA1E68546}
[2012/07/20 07:45:26 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{77FBC17C-1350-4DF5-BDF0-3A3AC6E30ECA}
[2012/07/20 07:45:09 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4F63956C-59BF-44B7-92FB-B1B41174865F}
[2012/07/19 19:41:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B17F65BB-3C4A-42DA-A0B6-23F8146602A5}
[2012/07/19 19:41:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C1065987-E699-4192-9181-862E886B4C62}
[2012/07/19 07:22:57 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{1833A7E9-1F09-4421-9E0B-01B358CC4F23}
[2012/07/19 07:22:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{15D775A6-0B52-4B37-B26A-169D0E6EDF92}
[2012/07/18 07:53:05 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{12B02651-FD2E-4539-9182-086FCD5E030D}
[2012/07/18 07:52:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{368E241A-EDCE-445D-9758-DC914669DB3E}
[2012/07/17 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{28527A7F-8E14-4EFB-972B-A18D84830A61}
[2012/07/17 16:42:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C2B2E779-3512-41AA-A870-013993A8C39D}
[2012/07/17 12:29:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{346A2883-03A3-4D65-A206-F00D200811FC}
[2012/07/17 07:26:45 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{2433BC7D-D9FC-4DBD-86D7-18221283DEBF}
[2012/07/17 07:26:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{FD75142F-B2D3-4D36-BC14-F2D54CE909AD}
[2012/07/16 09:21:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{335E1CA3-3FFD-4238-A0D4-D624D39A069E}
[2012/07/16 09:21:27 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A65CA88E-A5FF-4BB7-BBE4-608F11FE0E3F}
[2012/07/15 21:20:56 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E561E596-6BAD-423E-96D7-90DEDC5AF564}
[2012/07/15 21:20:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F2623810-7AAC-4912-AED6-57FD38F121B5}
[2012/07/15 20:00:10 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B5140536-BDB0-41CB-B7B9-B6995F959E1B}
[2012/07/15 07:00:51 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{34505BD7-E14D-4692-A7B0-04401ABE6125}
[2012/07/15 07:00:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F65FE5EB-1887-420C-9513-95B2C41F54A8}
[2012/07/14 16:29:41 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B40D7C8A-CE29-4DC3-A8F7-932E039DE319}
[2012/07/14 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{817E913B-12E4-46AB-8CA4-A520369F2684}
[2012/07/14 15:32:47 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{348D0520-CD50-49B0-BC61-CAAE791541C3}
[2012/07/14 07:39:33 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{C65DF41D-BF5C-48BF-864A-A6E48A6EE27D}
[2012/07/14 07:39:21 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{18DD0A3C-BEAE-4BD3-BB28-990E853C6D3F}
[2012/07/13 21:33:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{504135C6-7505-41D3-971C-6933826AEFEB}
[2012/07/13 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{6CC1C0DF-75BE-44C8-A4BE-9319D134279B}
[2012/07/13 08:25:36 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3A69C5D8-EED0-4944-8A54-F266C974CE3B}
[2012/07/12 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8E750453-C1D9-489C-8515-FB4501A5A057}
[2012/07/12 15:32:04 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{E2997D8F-6791-40F4-8C8D-BF89A76EE88C}
[2012/07/11 21:24:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F9A9FF0C-40A8-4A10-8F7F-9DBACF8906C4}
[2012/07/11 21:24:13 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{4F37BA7F-B4F1-46ED-B007-48F2BF0F721C}
[2012/07/11 07:23:11 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3EB8ADCC-5A75-4D72-A382-2615912E2FBA}
[2012/07/11 07:22:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8EA280BB-C226-495D-B5D1-C038D72A45BA}
[2012/07/10 20:36:49 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{F4BC6F34-2E93-4574-8431-EBA54AEFB3CD}
[2012/07/10 06:53:06 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{BD88CF78-8B70-457C-8146-929364AA1AE6}
[2012/07/10 06:52:48 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{B642EDDF-9161-489D-AF40-22E03D6CC1F5}
[2012/07/09 14:29:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{8408E21E-8095-4AFB-B68F-74AE82759523}
[2012/07/09 14:28:39 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{3E698BD1-5051-4674-B23D-A2F2F2B08FE1}
[2012/07/09 08:00:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{9B8AACB6-F2A3-43E5-8A2D-5C273A5366DB}
[2012/07/09 08:00:09 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{96D93D74-81D9-4E3B-BC53-1E735C339353}
[2012/07/08 20:36:42 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{A03328FE-3BD1-459C-91E8-E239F3FF70F2}
[2012/07/08 08:05:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{63A02F39-4182-4365-9FCF-94BBAB929227}
[2012/07/08 08:04:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\{90CA27F7-BA6E-4638-8B81-DD6C0ABDFC04}
[2009/08/14 12:17:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012/08/06 17:02:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/06 16:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 16:39:15 | 000,732,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/06 16:39:15 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/06 16:39:15 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/06 16:36:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 16:36:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 16:36:17 | 000,000,000 | ---- | M] () -- C:\Users\Angel\defogger_reenable
[2012/08/06 16:28:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/06 16:28:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 16:28:34 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 13:00:44 | 000,085,976 | ---- | M] () -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys
[2012/08/05 08:36:23 | 000,090,584 | ---- | M] () -- C:\Users\Angel\tofitugikloq.exe
[2012/07/20 19:41:21 | 000,002,048 | ---- | M] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/07/11 08:49:23 | 000,451,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012/08/06 16:36:17 | 000,000,000 | ---- | C] () -- C:\Users\Angel\defogger_reenable
[2012/08/05 13:00:44 | 000,085,976 | ---- | C] () -- C:\Windows\SysNative\drivers\b5d9fc19103ad2dc.sys
[2012/08/05 08:37:36 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\800000cb.@
[2012/08/05 08:37:36 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\80000000.@
[2012/08/05 08:37:36 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\U\00000001.@
[2012/08/05 08:36:57 | 000,090,584 | ---- | C] () -- C:\Users\Angel\tofitugikloq.exe
[2012/07/11 08:45:09 | 003,148,800 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2012/07/11 07:28:28 | 000,458,704 | ---- | C] () -- C:\Windows\SysNative\drivers\cng.sys
[2012/07/11 07:28:27 | 000,151,920 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2012/07/11 07:28:25 | 000,095,600 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2012/03/12 07:38:27 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@
[2012/01/11 06:42:47 | 000,002,048 | -HS- | C] () -- C:\Users\Angel\AppData\Local\{1d2b5b35-d15d-f5e3-c622-4077bc46a1b3}\@
[2011/07/30 22:47:14 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/08 16:08:11 | 000,000,860 | ---- | C] () -- C:\Users\Angel\.recently-used.xbel
[2010/06/21 14:21:09 | 000,000,001 | R--- | C] () -- C:\Users\Angel\serverport
[2009/12/27 20:04:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2010/02/21 12:56:08 | 000,000,000 | -HSD | M] -- C:\Users\Angel\AppData\Roaming\.#
[2011/12/26 17:26:50 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Awem
[2010/03/26 12:37:57 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Canneverbe Limited
[2011/12/21 22:26:47 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011/08/17 15:25:34 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\DVDVideoSoft
[2010/02/21 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\GameConsole
[2010/02/17 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\GetRightToGo
[2010/08/08 16:08:11 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\gtk-2.0
[2010/08/28 18:40:44 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Iggels
[2011/07/22 19:19:03 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\OpenCandy
[2011/06/13 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\OpenOffice.org
[2010/08/08 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PhotoFiltre
[2010/02/21 13:03:00 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PlayFirst
[2011/11/06 09:43:09 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PowerCinema
[2012/08/05 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\QuickScan
[2011/09/12 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Skinux
[2012/03/20 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\SoftDMA
[2010/02/22 09:21:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Thinstall
[2009/12/24 21:45:03 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\TuneUp Software
[2010/05/22 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\VoipStunt
[2010/08/28 19:56:38 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Youtube Downloader HD
[2012/07/13 08:21:30 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 8/6/2012 4:48:19 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.93 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 75.02% Memory free
7.86 Gb Paging File | 6.81 Gb Available in Paging File | 86.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 77.76 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.42% Space Free | Partition Type: FAT
 
Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{517DC9BF-48CD-480B-BE9A-8272DD9E536F}" = ncid.Net 2.6.14
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{787F0AC6-1C11-44AF-A07A-82C153D39FCA}_is1" = eMpTy-V-loader version 3.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E492D84D-F8CB-48C7-A78C-D62537D5AE46}" = GMX SMS-Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"Fotosizer" = Fotosizer 1.27
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 4.0.815
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"MAGIX Foto Clinic 4.5 D" = MAGIX Foto Clinic 4.5 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Star Defender 2_is1" = Star Defender 2
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.5
"VoipStunt_is1" = VoipStunt
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/14/2012 2:55:06 PM | Computer Name = Angel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ncid.Net.exe, version: 2.6.14.0, time stamp:
 0x4f5a4fe4  Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
 0x4e211319  Exception code: 0xe0434352  Fault offset: 0x0000b9bc  Faulting process id:
 0xa88  Faulting application start time: 0x01cd61a81a7b7d44  Faulting application path:
 C:\Program Files (x86)\ncid.Net\ncid.Net.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: 6cbfa323-cde5-11e1-87f0-00262263434f
 
Error - 8/5/2012 7:44:22 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 7:54:30 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 8:17:08 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 8:21:30 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 10:47:27 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 11:04:26 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 12:16:21 PM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/5/2012 12:22:46 PM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 8/6/2012 10:29:00 AM | Computer Name = Angel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
[ Media Center Events ]
Error - 8/28/2010 1:35:27 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 07:35:25 - Failed to retrieve MCESpotlight (Error: The underlying 
connection was closed: An unexpected error occurred on a receive.)  
 
Error - 8/28/2010 1:36:00 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 07:36:00 - Failed to retrieve Broadband (Error: The underlying connection
 was closed: An unexpected error occurred on a receive.)  
 
[ System Events ]
Error - 8/5/2012 12:16:57 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 8/5/2012 12:16:57 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147024891
 
Error - 8/5/2012 12:22:53 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7024
Description = The Avira Echtzeit Scanner service terminated with service-specific
 error %%307.
 
Error - 8/6/2012 10:28:44 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error:   %%31
 
Error - 8/6/2012 10:28:51 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error: 
  %%1060
 
Error - 8/6/2012 10:28:53 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
 service: BFE. This service might not be installed.
 
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the 
following error:   %%2
 
Error - 8/6/2012 10:28:54 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
 This service might not be installed.
 
Error - 8/6/2012 10:29:50 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7024
Description = The Avira Echtzeit Scanner service terminated with service-specific
 error %%307.
 
 
< End of report >
Gleich Vorweg eine Frage: Ich habe auf dem Laptop nun Malwarebytes installiert, jedoch möchte die Software ein Datenbank Update machen (34 Tage alt zurzeit), jedoch möchte ich den Laptop ungerne an mein W-LAN Netz lassen. Wie soll ich da verfahren?

Ich hoffe mir kann hier jemand helfen.
Danke im Voraus,

Daniel
Geändert von LeProphete (06.08.2012 um 16:25 Uhr)

 

Themen zu tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?
antivir, beseitigung, bho, cdburnerxp, desktop, downloader, echtzeit-scanner, excel, failed, flash player, frage, google, google earth, home, install.exe, launch, locker, logfile, mywinlocker, plug-in, realtek, registry, security, siteadvisor, software, starten, taskmanager, tofitugikloq.exe, trojan.phex.thagen3, usb 2.0, viren, windows, youtube downloader


« Computer wurde gesperrt, kann mit 100€ über Ukash entsperrt werden | fehlermeldung Deo0_sar.exe ? »


Ähnliche Themen: tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  3. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  4. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  5. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  6. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  8. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  9. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  14. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  16. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  17. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? - Hallo Trojaner-Board-Team, habe gestern einen aufgeregten Anruf meiner Mutter erhalten, dass sich der Antivir Echtzeit-Scanner nicht mehr starten ließe und zuvor eine Warnmeldung über einen Trojaner kam, welchen sie dann - tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2?...
Archiv
Du betrachtest: tofitugikloq.exe // TR/ATRAPS.Gen bzw. TR/ATRAPS.Gen2? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131