| |
| |||||||
Log-Analyse und Auswertung: Protection Center - Anti-Malware hat nicht geholfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2011, 15:20
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Protection Center - Anti-Malware hat nicht geholfen Du musst den Windows-Ordner auswählen - den des auf Platte installierten Windows. Oder wird die Partition nicht angezeigt? Wenn nur Laufwerk B: (RAMdrive) und das CDROM angezeigt werden, haben wir ein Problem... 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.09.2011, 16:05
| #17 |
 | Protection Center - Anti-Malware hat nicht geholfen Okay ich denke ich habe den richtigen Ordner gefunden. Eine Extra.txt wurde jedoch nicht erstellt. Hier die OTL.txtOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 9/6/2011 8:43:18 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.21 Mb Free Space | 75.21% Space Free | Partition Type: NTFS
Drive E: | 424.66 Gb Total Space | 386.99 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
Drive F: | 40.00 Gb Total Space | 21.60 Gb Free Space | 54.00% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (BsScanner)
SRV - File not found [On_Demand] -- -- (BgRaSvc)
SRV - [2011/05/26 08:34:34 | 000,191,752 | -H-- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/10 14:57:04 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/09/02 07:57:36 | 000,058,248 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2010/09/02 07:50:26 | 000,175,496 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2010/09/02 07:50:15 | 000,270,728 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2010/09/02 07:47:02 | 000,169,864 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2010/09/02 07:43:10 | 000,355,720 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2010/04/23 19:10:54 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/23 19:10:44 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/03 23:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/12/10 02:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/10 02:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/22 20:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) [On_Demand] -- E:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:45:11 | 000,296,400 | -H-- | M] () [Auto] -- E:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2007/07/24 05:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto] -- E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (.tdx)
DRV - [2011/07/06 13:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/02 07:48:54 | 000,056,400 | -H-- | M] (BullGuard Ltd.) [File_System | System] -- E:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/08/06 11:52:54 | 000,016,896 | -H-- | M] (Siliten) [Kernel | On_Demand] -- E:\Windows\System32\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c) Siliten HID Devices(FlexDef2c)
DRV - [2010/05/24 09:46:34 | 000,193,056 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/04/23 19:10:54 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/23 19:10:52 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/23 19:10:50 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/23 19:10:44 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/03/04 11:53:08 | 000,067,624 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/02 07:24:58 | 001,006,624 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/26 23:01:22 | 000,132,480 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010/02/03 13:06:34 | 000,232,960 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/09/17 22:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:12:11 | 000,074,240 | -H-- | M] () [Kernel | System] -- E:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/07/24 05:03:56 | 000,101,760 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Medion | MSN [binary data]
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Medion | MSN [binary data]
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = rudi
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 11:00:25 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/24 11:53:40 | 000,000,000 | -H-D | M]
[2011/06/06 07:55:07 | 000,000,000 | -H-D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/06/06 07:55:07 | 000,000,000 | -H-D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/31 11:00:25 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/06 07:54:54 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 11:00:23 | 000,001,392 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/31 11:00:23 | 000,002,252 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/31 11:00:23 | 000,001,153 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/31 11:00:23 | 000,006,805 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/31 11:00:23 | 000,001,178 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/31 11:00:23 | 000,001,105 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\rudi_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard] File not found
O4 - HKLM..\Run: [CLMLServer] E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] E:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [Launch SilverCrest GML807] E:\Program Files\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe (Siliten)
O4 - HKLM..\Run: [LMgrOSD] File not found
O4 - HKLM..\Run: [LMgrVolOSD] E:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVBg] E:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] E:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\.DEFAULT..\Run: [MGkvxUlhYCnUvhK] E:\ProgramData\MGkvxUlhYCnUvhK.exe (RealVNC Ltd.)
O4 - HKU\rudi_ON_E..\Run: [2F7ZUJ7GVIWWVUYDTUFFFZSMGIW] E:\SystemData\217FA966EB8.exe (Len Larva Saw)
O4 - HKU\rudi_ON_E..\Run: [CTSyncU.exe] E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\rudi_ON_E..\RunOnce: [FlashPlayerUpdate] E:\Windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.253
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/05 07:25:17 | 000,000,000 | -H-D | C] -- E:\System Recovery
[2011/09/05 07:24:48 | 000,325,632 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:31 | 000,407,040 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/04 10:43:05 | 000,000,000 | -H-D | C] -- E:\Program Files\ESET
[2011/09/04 10:42:15 | 002,322,184 | -H-- | C] (ESET) -- E:\Users\rudi\Desktop\esetsmartinstaller_enu.exe
[2011/08/31 14:32:34 | 000,000,000 | -H-D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/31 14:32:34 | 000,000,000 | -H-D | C] -- E:\Program Files\7-Zip
[2011/08/31 10:46:31 | 000,580,608 | -H-- | C] (OldTimer Tools) -- E:\Users\rudi\Desktop\OTL.exe
[2011/08/31 07:28:59 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Malwarebytes
[2011/08/31 07:28:52 | 000,041,272 | -H-- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/31 07:28:52 | 000,000,000 | -H-D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 07:28:52 | 000,000,000 | -H-D | C] -- E:\ProgramData\Malwarebytes
[2011/08/31 07:28:49 | 000,022,712 | -H-- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbam.sys
[2011/08/31 07:28:49 | 000,000,000 | -H-D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2011/08/31 07:27:58 | 009,466,208 | -H-- | C] (Malwarebytes Corporation ) -- E:\Users\rudi\Desktop\herbert.exe
[2011/08/31 07:08:15 | 000,000,000 | -H-D | C] -- E:\Windows\Minidump
[2011/08/31 06:25:21 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Opuxoz
[2011/08/31 06:23:09 | 000,000,000 | -H-D | C] -- E:\Windows\Sun
[2011/08/24 08:03:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tzres.dll
[2011/08/22 15:54:27 | 003,957,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2011/08/22 15:54:25 | 003,902,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2011/08/22 15:53:10 | 000,599,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2011/08/22 15:53:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iedkcs32.dll
[2011/08/22 15:53:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedsbs.dll
[2011/08/22 15:53:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mstime.dll
[2011/08/22 15:53:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2011/08/22 15:53:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2011/08/22 15:53:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2011/08/22 15:53:04 | 000,048,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2011/08/22 15:53:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2011/08/22 15:53:02 | 000,386,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2011/08/22 15:53:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2011/08/22 15:52:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2011/08/22 15:52:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2011/08/22 15:52:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2011/08/22 15:52:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/22 15:52:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/22 15:52:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/22 15:52:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/22 15:52:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/22 15:52:40 | 000,319,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbcjt32.dll
[2011/08/22 15:52:40 | 000,122,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccp32.dll
[2011/08/22 15:52:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccr32.dll
[2011/08/22 15:52:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbctrac.dll
[2011/08/22 15:52:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccu32.dll
[2010/06/28 09:06:07 | 000,004,096 | -H-- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/05 07:46:35 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2011/09/05 07:25:18 | 000,000,192 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | M] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | M] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/05 07:24:48 | 000,325,632 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verbindungsassistent
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials 4
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/09/05 07:15:15 | 000,407,040 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/05 06:23:19 | 2307,862,528 | -HS- | M] () -- E:\hiberfil.sys
[2011/09/04 10:42:42 | 002,322,184 | -H-- | M] (ESET) -- E:\Users\rudi\Desktop\esetsmartinstaller_enu.exe
[2011/09/02 13:13:38 | 004,194,304 | -H-- | M] () -- E:\Windows\System32\xadqgnnk.dll
[2011/08/31 14:32:21 | 001,110,476 | -H-- | M] () -- E:\Users\rudi\Desktop\7z920.exe
[2011/08/31 12:22:08 | 000,002,002 | -H-- | M] () -- E:\Users\rudi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/31 11:56:01 | 210,290,938 | -H-- | M] () -- E:\Windows\MEMORY.DMP
[2011/08/31 11:26:10 | 000,302,592 | -H-- | M] () -- E:\Users\rudi\Desktop\2vnj04l6.exe
[2011/08/31 11:11:10 | 000,050,477 | -H-- | M] () -- E:\Users\rudi\Desktop\Defogger.exe
[2011/08/31 10:46:32 | 000,580,608 | -H-- | M] (OldTimer Tools) -- E:\Users\rudi\Desktop\OTL.exe
[2011/08/31 10:26:35 | 000,001,090 | -H-- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/31 10:22:15 | 000,003,224 | -H-- | M] () -- E:\bootsqm.dat
[2011/08/31 08:27:02 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 08:27:02 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 07:28:15 | 009,466,208 | -H-- | M] (Malwarebytes Corporation ) -- E:\Users\rudi\Desktop\herbert.exe
[2011/08/31 06:50:10 | 000,001,094 | -H-- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/31 04:43:37 | 000,654,610 | -H-- | M] () -- E:\Windows\System32\perfh007.dat
[2011/08/31 04:43:37 | 000,616,452 | -H-- | M] () -- E:\Windows\System32\perfh009.dat
[2011/08/31 04:43:37 | 000,130,192 | -H-- | M] () -- E:\Windows\System32\perfc007.dat
[2011/08/31 04:43:37 | 000,106,574 | -H-- | M] () -- E:\Windows\System32\perfc009.dat
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/05 07:25:18 | 000,000,192 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | C] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | C] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/02 13:13:38 | 004,194,304 | -H-- | C] () -- E:\Windows\System32\xadqgnnk.dll
[2011/08/31 14:32:15 | 001,110,476 | -H-- | C] () -- E:\Users\rudi\Desktop\7z920.exe
[2011/08/31 11:26:07 | 000,302,592 | -H-- | C] () -- E:\Users\rudi\Desktop\2vnj04l6.exe
[2011/08/31 11:11:10 | 000,050,477 | -H-- | C] () -- E:\Users\rudi\Desktop\Defogger.exe
[2011/08/31 10:22:15 | 000,003,224 | -H-- | C] () -- E:\bootsqm.dat
[2011/08/31 07:06:59 | 210,290,938 | -H-- | C] () -- E:\Windows\MEMORY.DMP
[2011/08/28 13:42:17 | 000,069,632 | -H-- | C] () -- E:\Users\rudi\AppData\Roaming\chrtmp
[2011/02/20 16:09:02 | 000,000,952 | -HS- | C] () -- E:\ProgramData\KGyGaAvL.sys
[2010/09/02 12:03:42 | 000,033,134 | -H-- | C] () -- E:\Users\rudi\AppData\Roaming\UserTile.png
[2010/06/28 19:38:29 | 000,451,072 | -H-- | C] () -- E:\Windows\System32\ISSRemoveSP.exe
[2010/06/28 19:28:10 | 000,000,032 | -H-- | C] () -- E:\Windows\System32\drivers\rtkhdaud.dat
[2010/06/28 11:46:27 | 000,072,017 | -H-- | C] () -- E:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/06/28 09:06:08 | 000,208,896 | -H-- | C] () -- E:\Windows\System32\iglhsip32.dll
[2010/06/28 09:06:08 | 000,143,360 | -H-- | C] () -- E:\Windows\System32\iglhcp32.dll
[2010/06/28 09:06:07 | 000,870,560 | -H-- | C] () -- E:\Windows\System32\igkrng575.bin
[2010/06/28 09:06:07 | 000,104,636 | -H-- | C] () -- E:\Windows\System32\igfcg575m.bin
[2010/06/28 09:06:06 | 000,127,868 | -H-- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2010/06/28 09:06:06 | 000,000,151 | -H-- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2010/05/18 02:50:33 | 000,654,610 | -H-- | C] () -- E:\Windows\System32\perfh007.dat
[2010/05/18 02:50:33 | 000,295,922 | -H-- | C] () -- E:\Windows\System32\perfi007.dat
[2010/05/18 02:50:33 | 000,130,192 | -H-- | C] () -- E:\Windows\System32\perfc007.dat
[2010/05/18 02:50:33 | 000,038,104 | -H-- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,287,744 | -H-- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,452 | -H-- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | -H-- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,574 | -H-- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | -H-- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | -H-- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | -H-- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:12:11 | 000,074,240 | -H-- | C] () -- E:\Windows\System32\drivers\tdx.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
========== LOP Check ==========
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/09/04 10:53:47 | 000,000,000 | -H-D | M] -- E:\ProgramData\BullGuard
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/06/28 12:01:40 | 000,000,000 | -H-D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2010/10/14 15:25:58 | 000,000,000 | -H-D | M] -- E:\ProgramData\VirtualizedApplications
[2011/07/24 11:55:33 | 000,000,000 | -H-D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/22 03:14:34 | 000,032,632 | -H-- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
|
|
07.09.2011, 08:13
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Protection Center - Anti-Malware hat nicht geholfen Mach einen OTL-Fix über OTLPE: starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand] -- -- (.tdx)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - File not found
O3 - HKU\rudi_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [MGkvxUlhYCnUvhK] E:\ProgramData\MGkvxUlhYCnUvhK.exe (RealVNC Ltd.)
O4 - HKU\rudi_ON_E..\Run: [2F7ZUJ7GVIWWVUYDTUFFFZSMGIW] E:\SystemData\217FA966EB8.exe (Len Larva Saw)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - E:\autoexec.bat -- [ NTFS ]
[2011/09/05 07:25:17 | 000,000,000 | -H-D | C] -- E:\System Recovery
[2011/09/05 07:24:48 | 000,325,632 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:31 | 000,407,040 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/08/31 06:25:21 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Opuxoz
[2011/09/05 07:25:18 | 000,000,192 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | M] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | M] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/05 07:24:48 | 000,325,632 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:15 | 000,407,040 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/02 13:13:38 | 004,194,304 | -H-- | M] () -- E:\Windows\System32\xadqgnnk.dll
[2011/09/05 07:25:18 | 000,000,192 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | C] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | C] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/02 13:13:38 | 004,194,304 | -H-- | C] () -- E:\Windows\System32\xadqgnnk.dll
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
07.09.2011, 12:08
| #19 |
| | Protection Center - Anti-Malware hat nicht geholfen Habe nach dem Fix den PC neu gestartet und wieder auf AHCI umgestellt. Windows startet leider immer noch nicht. Hier der Logfile nach dem Fix: ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.tdx deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC872B94-35E3-4B94-B028-184A2A1C7CCE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC872B94-35E3-4B94-B028-184A2A1C7CCE}\ deleted successfully. Registry value HKEY_USERS\rudi_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MGkvxUlhYCnUvhK deleted successfully. E:\ProgramData\MGkvxUlhYCnUvhK.exe moved successfully. Registry value HKEY_USERS\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Run\\2F7ZUJ7GVIWWVUYDTUFFFZSMGIW deleted successfully. E:\SystemData\217FA966EB8.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! E:\autoexec.bat moved successfully. E:\System Recovery folder moved successfully. E:\ProgramData\P1kAlMiG2Kb7Fz.exe moved successfully. File E:\ProgramData\MGkvxUlhYCnUvhK.exe not found. E:\Users\rudi\AppData\Roaming\Opuxoz folder moved successfully. E:\ProgramData\~P1kAlMiG2Kb7Fz moved successfully. E:\ProgramData\~P1kAlMiG2Kb7Fzr moved successfully. E:\System Recovery.lnk moved successfully. E:\ProgramData\P1kAlMiG2Kb7Fz moved successfully. File E:\ProgramData\P1kAlMiG2Kb7Fz.exe not found. File E:\ProgramData\MGkvxUlhYCnUvhK.exe not found. E:\Windows\System32\xadqgnnk.dll moved successfully. File E:\ProgramData\~P1kAlMiG2Kb7Fz not found. File E:\ProgramData\~P1kAlMiG2Kb7Fzr not found. File E:\System Recovery.lnk not found. File E:\ProgramData\P1kAlMiG2Kb7Fz not found. File E:\Windows\System32\xadqgnnk.dll not found. ========== COMMANDS ========== HOSTS file reset successfully OTLPE by OldTimer - Version 3.1.48.0 log created on 09072011_175343 |
|
07.09.2011, 13:42
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Protection Center - Anti-Malware hat nicht geholfen Dann mach bitte ein neues OTLPE-Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Protection Center - Anti-Malware hat nicht geholfen |
| autorun, bho, bingbar, bonjour, c:\windows\system32\rundll32.exe, cdrom, converter, defender, download, explorer, firefox, format, google earth, helper, html, launch, malware, malwarebytes, microsoft, mozilla, mp3, plug-in, protection center, realtek, registry, rundll, scan, software, start menu, studio, version=1.0, webcheck, windows, windows media player, winlogon, winlogon.exe |
Linear-Darstellung
