Schwarzer Desktop, verschwundene Dateien & Programme

vince.sp · 07.02.2012, 11:53

Guten Tag, Liebes Trojaner Board,

mein Name ist vince.sp und ich habe Sorgen, die schon öfter hier beschrie(b)en wurden, z.B.:
http://www.trojaner-board.de/99348-f...versteckt.html

Meine Antiviren/Internet-Security Software Comodo (Internet Security Premium) hat sich eingeschaltet, mitgeteilt was ich schon sah, nämlich, dass eine Schadsoftware wütet. Ich habe dann vermutlich eine oder mehrere der Fehlermeldungen mit den dort angezeigten Auswahlbutton weggeklickt und das System neugestartet.

Anschließend habe ich einen Comodo-Scan und einen Malwarebytes-Scan durchgeführt und Schädlinge gelöscht. Dann habe ich eine Systemwiederherstellung vorgenommen. Hat auch geklappt.

Dann gings weiter mit einem erneuten Malwarebytes-Fullscan, ausführen der OTL.exe und dem defogger.

Die dds.com konnte ich nicht ausführen, weil sie mehrmals direkt nach dem Download auf den Desktop von selbigem verschwand.

Zuletzt habe ich unhide laufen lassen.

Im Folgenden findet Ihr verschiedene Logfile

Das neuste Malwarebytes-Logile:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
spoerl :: RAVSP-THINK [Administrator]

06.02.2012 19:32:26
mbam-log-2012-02-06 (19-32-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 304148
Laufzeit: 36 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier ein weiteres Malwarebytes-Logfile von gestern:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
spoerl :: RAVSP-THINK [Administrator]

06.02.2012 18:02:16
mbam-log-2012-02-06 (18-02-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209304
Laufzeit: 6 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\wgjpPXjtqGl.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\spoerl\AppData\Local\Temp\0.03111898187281026fdrgs.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier ein Malwarebytes-Logfile aus dem letzten Jahr:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8131

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10.11.2011 14:40:58
mbam-log-2011-11-10 (14-40-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 189570
Laufzeit: 5 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Rogue.PrvacyProtect) -> Value: Privacy Protection -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und noch ein letzte Malwarebytes-Logfile aus 2011:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7862

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

04.10.2011 11:53:30
mbam-log-2011-10-04 (11-53-30).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 204240
Laufzeit: 1 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\*****\AppData\Local\Temp\jar_cache5932596902433320529.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycle.Bin\4b179055353d26c (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Hier die OTL.txt Datei:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.02.2012 09:53:16 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\*****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,85 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 37,93% Memory free
3,70 Gb Paging File | 2,16 Gb Available in Paging File | 58,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 241,49 Gb Total Space | 197,99 Gb Free Space | 81,99% Space Free | Partition Type: NTFS
Drive E: | 30,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Q: | 9,77 Gb Total Space | 1,94 Gb Free Space | 19,89% Space Free | Partition Type: NTFS
 
Computer Name: RAVSP-THINK | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.06 20:00:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.12.16 12:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDFCreator2\pdf24.exe
PRC - [2011.09.03 07:18:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.09.02 15:44:22 | 000,018,432 | ---- | M] () -- C:\Users\ravsp\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe
PRC - [2011.03.16 02:22:43 | 000,070,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.03.16 02:22:14 | 000,070,968 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2011.03.02 16:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2011.02.23 23:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.01.03 07:14:50 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.01.03 07:14:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.25 08:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.03 07:18:05 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.19 18:59:00 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.09 18:31:04 | 000,158,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AdvoluxJava\StartServer.exe -- (StartServer)
SRV - [2011.09.02 15:44:22 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\ravsp\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe -- (PicasaUpdater)
SRV - [2011.03.16 02:22:14 | 000,070,968 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.03.02 16:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011.02.23 23:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011.01.03 07:14:50 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.01.03 07:14:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.11.25 08:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.19 18:59:16 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011.09.10 12:44:42 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.07 10:42:34 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.01 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.12.02 08:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.09.24 12:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "google.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.06 19:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.06 19:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.09.14 11:56:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.02.06 19:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mqu3jflq.default\extensions
[2012.02.06 19:24:53 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mqu3jflq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.02.06 19:25:42 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mqu3jflq.default\extensions\keefox@chris.tomlinson
[2012.02.06 19:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.06 19:25:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQU3JFLQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQU3JFLQ.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Picasa) - {AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F} - C:\Users\ravsp\AppData\LocalLow\Picasa\IE\Picasa.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDFCreator2\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Power Manager Power Agenda] C:\PROGRA~2\ThinkPad\UTILIT~1\DPMHost.exe ()
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Switcher] C:\Program Files (x86)\Switcher\Switcher.exe (Bao_Nguyen)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DC3E97F-DAC7-46EF-9AAB-18E3DC36AE56}: DhcpNameServer = 192.168.25.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.05.14 15:36:28 | 000,000,088 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{7a137fef-aedb-11e0-981b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a137fef-aedb-11e0-981b-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{7a137ff2-aedb-11e0-981b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a137ff2-aedb-11e0-981b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\IPView\IPView.exe -- [2007.01.25 14:42:08 | 000,966,656 | R--- | M] (SHI Elektronische Medien GmbH)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.06 20:00:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.02.06 19:31:37 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.06 18:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.02 13:05:36 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\FireShot
[2012.02.02 13:03:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Dominik_Reichl
[2012.02.01 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2012.02.01 10:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2012.01.30 13:34:52 | 000,000,000 | -H-D | C] -- C:\Users\*****\Desktop\POs
[2012.01.23 11:30:33 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\Vorlagen Kanzlei
[2012.01.20 19:00:52 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\GNU
[2012.01.20 19:00:44 | 000,000,000 | ---D | C] -- C:\Users\*****\.kde
[2012.01.20 10:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
[2012.01.20 10:37:41 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\gnupg
[2012.01.20 10:37:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\GNU
[2012.01.20 10:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2012.01.19 17:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012.01.19 12:44:44 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\YCanPDF
[2012.01.19 12:44:43 | 000,000,000 | ---D | C] -- C:\tmp
[2012.01.19 12:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\PDFToJPG
[2012.01.19 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF To JPG
[2012.01.19 11:35:06 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\PDF24
[2012.01.19 11:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator2
[2012.01.19 11:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator2
[2012.01.17 12:34:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.17 12:30:08 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012.01.17 12:26:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CPA_VA
[2012.01.17 12:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.01.17 12:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.01.17 12:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012.01.17 12:04:01 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012.01.17 12:04:01 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012.01.17 12:04:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Comodo
[2012.01.16 10:02:51 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.16 10:02:51 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.16 10:02:51 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.16 10:02:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.16 10:02:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.16 10:02:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.16 10:02:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012.01.16 10:02:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012.01.16 09:38:56 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.16 09:38:56 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.16 09:38:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.16 09:38:56 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.16 09:38:39 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.16 09:38:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.16 09:38:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.16 09:38:31 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\Misc
[2012.01.12 16:48:39 | 000,000,000 | ---D | C] -- C:\wordpress
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.07 09:55:47 | 000,000,437 | ---- | M] () -- C:\Users\*****\Desktop\Scans Server.lnk
[2012.02.07 09:54:42 | 000,000,437 | ---- | M] () -- C:\Users\*****\Desktop\Server *****.lnk
[2012.02.07 09:53:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.02.07 09:49:02 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.02.07 09:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.07 09:48:54 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.02.06 20:00:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.02.06 19:33:58 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.06 19:33:58 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.06 19:31:39 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.06 19:26:44 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012.02.06 19:26:32 | 1491,382,272 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.01 11:23:37 | 000,616,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.01 11:23:37 | 000,580,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.01 11:23:37 | 000,122,020 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.01 11:23:37 | 000,098,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.01 10:44:28 | 000,001,120 | ---- | M] () -- C:\Users\*****\Desktop\KeePass 2.lnk
[2012.01.31 16:03:19 | 000,001,104 | ---- | M] () -- C:\Users\*****\Desktop\Synkron.lnk
[2012.01.30 10:33:27 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.19 17:04:31 | 000,028,722 | -H-- | M] () -- C:\Users\*****\.recently-used.xbel
[2012.01.19 17:04:31 | 000,000,043 | ---- | M] () -- C:\Windows\gswin64.ini
[2012.01.19 16:54:16 | 000,000,960 | ---- | M] () -- C:\Program Files (x86)\Programme (x86) - Verknüpfung.lnk
[2012.01.17 12:04:01 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012.01.17 12:04:01 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012.01.17 12:02:10 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.01.16 18:20:48 | 000,062,878 | ---- | M] () -- C:\screenshot.png
[2012.01.11 14:53:04 | 000,018,999 | ---- | M] () -- C:\plugins.php
[2012.01.11 11:55:52 | 000,010,298 | ---- | M] () -- C:\install.php
[2012.01.11 09:24:58 | 000,323,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.02.07 09:55:47 | 000,000,437 | ---- | C] () -- C:\Users\*****\Desktop\Scans Server.lnk
[2012.02.07 09:54:42 | 000,000,437 | ---- | C] () -- C:\Users\*****\Desktop\Server *****.lnk
[2012.02.06 19:31:39 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.01 11:27:02 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012.02.01 10:44:28 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2012.02.01 10:44:28 | 000,001,120 | ---- | C] () -- C:\Users\*****\Desktop\KeePass 2.lnk
[2012.01.31 16:03:19 | 000,001,104 | ---- | C] () -- C:\Users\*****\Desktop\Synkron.lnk
[2012.01.19 17:04:31 | 000,028,722 | -H-- | C] () -- C:\Users\*****\.recently-used.xbel
[2012.01.19 17:02:25 | 000,000,043 | ---- | C] () -- C:\Windows\gswin64.ini
[2012.01.19 16:54:16 | 000,000,960 | ---- | C] () -- C:\Program Files (x86)\Programme (x86) - Verknüpfung.lnk
[2012.01.17 12:05:36 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.01.16 18:20:48 | 000,062,878 | ---- | C] () -- C:\screenshot.png
[2012.01.11 14:53:03 | 000,018,999 | ---- | C] () -- C:\plugins.php
[2012.01.11 11:47:16 | 000,010,298 | ---- | C] () -- C:\install.php
[2011.11.10 15:12:20 | 001,498,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.14 11:05:32 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.09.15 10:14:08 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll
[2011.09.14 11:34:39 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011.09.14 11:34:39 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2011.09.13 10:17:28 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.09.13 10:17:28 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.07.15 22:59:47 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.15 22:59:46 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.15 22:59:45 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.10.13 17:20:30 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\.Lenovo
[2011.11.22 11:21:43 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2012.02.02 16:46:31 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\AptEdit Lite
[2012.02.06 19:25:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bao_Nguyen
[2011.10.14 11:05:38 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\CAD-KAS
[2011.09.14 10:09:08 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\DesktopPwrMgr
[2012.02.06 19:23:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox
[2012.02.06 19:25:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\eXPert PDF Editor
[2012.01.17 10:32:41 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.02.02 13:05:36 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\FireShot
[2012.02.06 10:13:57 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\gnupg
[2012.02.06 19:25:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2012.02.06 19:25:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\KeePass
[2012.02.06 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2011.10.04 20:33:09 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Pagio
[2011.11.16 18:57:09 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\pdfforge
[2012.02.06 19:25:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2011.09.14 16:53:56 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\TrueCrypt
[2011.10.04 10:27:29 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Unway
[2012.01.19 12:44:44 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\YCanPDF
[2012.02.07 09:53:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.01.26 10:38:48 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.07 09:49:02 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

und die OTL-Extra-Datei:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.02.2012 09:53:16 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\*****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,85 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 37,93% Memory free
3,70 Gb Paging File | 2,16 Gb Available in Paging File | 58,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 241,49 Gb Total Space | 197,99 Gb Free Space | 81,99% Space Free | Partition Type: NTFS
Drive E: | 30,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Q: | 9,77 Gb Total Space | 1,94 Gb Free Space | 19,89% Space Free | Partition Type: NTFS
 
Computer Name: RAVSP-THINK | User Name: spoerl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"171901D8B4D5484C362A709BF264A50F065A14FB" = Windows-Treiberpaket - Intel hdc  (09/10/2010 9.2.0.1011)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016)
"709218CE85195A82A3CF38A2DCA12D470F54FBE1" = Windows-Treiberpaket - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010)
"8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"812A7B18A108DDFB30CF501D85DF544856235AE0" = Windows-Treiberpaket - Intel Corporation (igfx) Display  (01/07/2011 8.15.10.2279)
"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows-Treiberpaket - Intel (MEIx64) System  (10/19/2010 7.0.0.1144)
"A90E1088325AFBD3434009078584361E3C382241" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (12/10/2010 6.0.1.6265)
"A9B611D00F738A4FA650BF91A26C355FB188BFBD" = Windows-Treiberpaket - Realtek (RSUSBSTOR) USB  (12/01/2010 6.1.7600.30127)
"CAF9F19A892F138F76721B44D0DEF2B77D0E2032" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (12/10/2010 6.0.1.6265)
"CCleaner" = CCleaner
"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows-Treiberpaket - Intel USB  (09/16/2010 9.2.0.1013)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkVantage Energie-Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}" = Switcher 2.0.0
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"4202-3427-3408-9544" = Haufe Advolux Kanzleisoftware 2.503
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AptEdit Lite 5_is1" = AptEdit Lite 5.0.3.383
"FileZilla Client" = FileZilla Client 3.5.3
"GPG4Win" = Gpg4win (2.1.0)
"HiDownload Platinum_is1" = HiDownloadPlatinum
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"PDF To JPG_is1" = PDF To JPG 2.0
"SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver" = SHARP MX/DX Series PCL/PS Printer Driver
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Ich habe hier noch ein defogger-log. Weil es keine Fehlermeldung gab, poste ich es erstmal nicht.

Wie Ihr wahrscheinlich seht, arbeite ich mit dem Rechner in meiner Ein-Mann-Rechtsanwaltskanzlei, nutze ihn also gewerblich. Eine Spende ist Euch daher sicher.

VIELEN DANK IM VORAUS!

Schwarzer Desktop, verschwundene Dateien & Programme

Log-Analyse und Auswertung: Schwarzer Desktop, verschwundene Dateien & Programme

Schwarzer Desktop, verschwundene Dateien & Programme

Ähnliche Themen: Schwarzer Desktop, verschwundene Dateien & Programme