Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt

Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt


Log-Analyse und Auswertung: Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 29.05.2011, 20:34   #1
papaskoo
 
Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt - Beitrag

Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt


Hallo ihr Lieben,

ich wurde gestern beim Surfen vom Trojaner "Trojan.FakeMS" befallen mit den hier anscheinend bekannten Begleiterscheinungen: Schwarzer und leerer Desktop, User-files, Libraries und Eigenen Dateien sind verschwunden (eventl. versteckt) und es kamen Error-Meldungen, dass die HD defekt wäre, bzw. mein System befallen ist. Es folgte ein erzwungener Restart.
Ich dachte mir schon, dass es so ein erpresserischer Trojaner Arsch ist, der von mir will, dass ich irgendwelche Programme herunterlade. Ähnliches habe ich dann auch bei euch gelesen: http://www.trojaner-board.de/99673-f...-detected.html

1. Als erstes habe ich in der Registry den Eintrag "lobouyvvyw.exe" in Run entfernt, damit mein System nicht dauernd restartet.
2. Als nächstes habe ich Malwarebytes rüberlaufen lassen und die 4 befallenen Dateien entfernt.
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6713

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

29.05.2011 20:01:03
mbam-log-2011-05-29 (20-00-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 277131
Laufzeit: 40 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\lobouyvvyw.exe (Trojan.FakeMS) -> No action taken.
c:\Users\Pasi\AppData\Local\Temp\0.11180625347784401.exe (Trojan.FakeMS) -> No action taken.
c:\Users\Pasi\AppData\Local\Temp\tmpD39C.tmp (Trojan.FakeMS) -> No action taken.
c:\programdata\28303096.exe (Trojan.Agent) -> No action taken.
Nach dem Neustart hat sich am optischen Zustand allerdings nichts geändert. Bevor ich nun auf eigene Faust weitersäubere, wollte ich lieber die Fachmänner fragen und um eure Hilfe beten. Der OTL und GMER Log folgen gleich. Vielen Dank!

Hier die Logs OTL.txt und Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.05.2011 21:26:56 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Pasi\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,29% Memory free
6,50 Gb Paging File | 5,24 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 16,43 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive F: | 471,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PASI-PC | User Name: Pasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.29 21:05:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Pasi\Downloads\OTL.exe
PRC - [2011.05.07 19:09:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.28 14:41:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.17 15:31:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.14 15:04:48 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010.12.14 15:03:16 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.29 18:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2006.07.18 17:15:18 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VMSnap3.exe
PRC - [2006.07.04 15:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
PRC - [2006.01.25 00:07:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM303_STI.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.29 21:05:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Pasi\Downloads\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.28 14:41:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.17 15:31:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.14 15:03:16 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.12.14 15:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.07.29 18:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.24 19:39:20 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.17 15:31:38 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.02.23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.29 20:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.23 22:39:49 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.17 23:39:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.17 23:31:26 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.27 14:41:10 | 000,306,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.06.10 04:19:15 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.03.18 19:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007.03.16 17:24:50 | 001,474,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.11 10:07:09 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 C9 4E 3D 34 1E CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.07 19:09:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 19:09:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.29 12:40:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.03.12 02:27:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Extensions
[2010.11.21 04:48:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.24 13:53:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\9y584fcc.default\extensions
[2011.03.12 02:27:29 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\9y584fcc.default\extensions\firefox@tvunetworks.com
[2011.05.20 15:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.20 15:13:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.03.12 02:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\PASI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9Y584FCC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.07 19:09:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.03.03 17:32:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.07 19:09:04 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.07 19:09:04 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.05.07 19:09:04 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.07 19:09:04 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.07 19:09:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.07 19:09:04 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [VMSnap3] C:\Windows\VMSnap3.exe (Vimicro)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.09.21 04:23:26 | 000,000,710 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2224acd9-862a-11e0-82b0-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{2224acd9-862a-11e0-82b0-00059a3c7800}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9761c121-fc7f-11df-aacd-001fd028da4b}\Shell - "" = AutoRun
O33 - MountPoints2\{9761c121-fc7f-11df-aacd-001fd028da4b}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{dcc4710d-f28d-11df-bd92-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dcc4710d-f28d-11df-bd92-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2009.09.21 03:12:55 | 000,777,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.29 15:26:32 | 000,000,000 | ---D | C] -- C:\Users\Pasi\AppData\Roaming\Malwarebytes
[2011.05.29 15:26:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 15:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.29 15:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.29 15:26:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.29 15:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.29 15:25:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Pasi\mbam-setup-1.50.1.1100.exe
[2011.05.29 00:39:58 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.24 19:54:33 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Local\Activision
[2011.05.24 19:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011.05.24 19:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011.05.24 19:39:20 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.05.24 19:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.05.24 19:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.05.24 19:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2011.05.24 19:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2011.05.24 19:15:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.05.22 15:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2011.05.22 15:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung ML-3470 Series
[2011.05.22 15:59:21 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2011.05.22 15:59:04 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2011.05.22 15:59:04 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2011.05.22 15:58:15 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sml347ci.exe
[2011.05.22 15:58:15 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sml347ci.dll
[2011.05.22 15:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.05.21 21:15:54 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS
[2011.05.21 20:59:20 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Local\Diagnostics
[2011.05.21 20:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2011.05.21 20:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\avmwlanstick
[2011.05.21 20:33:34 | 000,265,088 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusb.sys
[2011.05.21 20:33:34 | 000,074,752 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwlanci.dll
[2011.05.21 20:33:34 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys
[2011.05.21 20:33:34 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver
[2011.05.21 20:33:31 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AVM_Driver
[2011.05.20 15:12:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras
[2011.05.20 15:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.20 15:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.05.19 23:49:51 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\Desktop\Call of Duty 4 Modern Warfare + MP FULL-RIP[COTTA]
[2011.05.15 22:46:58 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Roaming\vlc
[2011.05.15 22:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Users\Pasi\*.tmp files -> C:\Users\Pasi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.29 20:10:06 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.29 20:10:06 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.29 20:07:02 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.29 20:07:02 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.29 20:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.29 20:02:49 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.29 20:00:36 | 000,186,770 | ---- | M] () -- C:\Users\Pasi\Desktop\trojaner.jpg
[2011.05.29 19:59:51 | 003,932,214 | ---- | M] () -- C:\Users\Pasi\Desktop\New Bitmap Image.bmp
[2011.05.29 15:26:27 | 000,001,095 | ---- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.05.29 15:26:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 15:26:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Pasi\mbam-setup-1.50.1.1100.exe
[2011.05.29 00:53:54 | 359,520,698 | -H-- | M] () -- C:\Users\Pasi\Desktop\Calista Natural Big Boobs Fucked On The Bed.wmv
[2011.05.29 00:52:10 | 234,119,326 | -H-- | M] () -- C:\Users\Pasi\Desktop\BustyTeen_Brooke_Lynn.mp4
[2011.05.29 00:39:59 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~28303096r
[2011.05.29 00:39:59 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28303096
[2011.05.29 00:39:58 | 000,000,635 | -H-- | M] () -- C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk
[2011.05.29 00:39:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\28303096
[2011.05.26 21:15:43 | 000,654,319 | -H-- | M] () -- C:\Users\Pasi\Desktop\wer ist das.png
[2011.05.26 21:09:08 | 003,421,879 | -H-- | M] () -- C:\Users\Pasi\Desktop\love-lost-prod-by-black-diamond.mp3
[2011.05.24 19:39:20 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.05.24 19:19:05 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2011.05.24 19:15:16 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011.05.24 15:53:28 | 000,022,328 | -H-- | M] () -- C:\Users\Pasi\AppData\Roaming\PnkBstrK.sys
[2011.05.24 15:53:28 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.20 00:32:28 | 000,001,272 | -H-- | M] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - MP.lnk
[2011.05.20 00:32:28 | 000,001,272 | -H-- | M] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - Modern Warfare.lnk
[2011.05.07 19:09:17 | 000,002,002 | -H-- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.05.05 16:07:42 | 000,001,411 | -H-- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.05.05 12:08:25 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Users\Pasi\*.tmp files -> C:\Users\Pasi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.29 20:00:27 | 000,186,770 | ---- | C] () -- C:\Users\Pasi\Desktop\trojaner.jpg
[2011.05.29 19:59:25 | 003,932,214 | ---- | C] () -- C:\Users\Pasi\Desktop\New Bitmap Image.bmp
[2011.05.29 15:26:27 | 000,001,095 | ---- | C] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.05.29 15:26:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 00:40:45 | 234,119,326 | -H-- | C] () -- C:\Users\Pasi\Desktop\BustyTeen_Brooke_Lynn.mp4
[2011.05.29 00:39:59 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~28303096r
[2011.05.29 00:39:58 | 000,000,635 | -H-- | C] () -- C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk
[2011.05.29 00:39:58 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~28303096
[2011.05.29 00:39:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\28303096
[2011.05.29 00:30:15 | 359,520,698 | -H-- | C] () -- C:\Users\Pasi\Desktop\Calista Natural Big Boobs Fucked On The Bed.wmv
[2011.05.26 21:08:13 | 003,421,879 | -H-- | C] () -- C:\Users\Pasi\Desktop\love-lost-prod-by-black-diamond.mp3
[2011.05.26 21:03:50 | 000,654,319 | -H-- | C] () -- C:\Users\Pasi\Desktop\wer ist das.png
[2011.05.24 19:15:16 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011.05.22 15:59:22 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.05.21 20:33:35 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.05.20 00:32:28 | 000,001,272 | -H-- | C] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - MP.lnk
[2011.05.20 00:32:28 | 000,001,272 | -H-- | C] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - Modern Warfare.lnk
[2011.05.05 12:08:25 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.22 19:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.28 16:00:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.12 02:33:22 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.03.04 18:48:43 | 000,000,600 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\winscp.rnd
[2010.12.12 02:03:07 | 000,000,095 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\Movies2iPhone.ini
[2010.11.21 03:53:57 | 000,022,328 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\PnkBstrK.sys
[2010.11.21 03:53:57 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.21 03:53:24 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.11.21 03:53:22 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.11.21 03:53:22 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.20 20:31:15 | 000,126,976 | ---- | C] () -- C:\Windows\System32\vmcoinst_zc0301plh.dll
[2010.11.20 20:30:48 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2010.11.20 20:30:48 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.12.04 10:48:08 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009.12.04 10:48:06 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ml347Pl3.dll
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,364,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\DAEMON Tools Lite
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\elsterformular
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Foxit
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Foxit Software
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\IrfanView
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Leadertech
[2011.03.12 02:27:30 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\OpenOffice.org
[2011.03.12 02:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Thunderbird
[2011.03.12 02:27:35 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\TrueCrypt
[2011.03.12 02:27:35 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\TuneUp Software
[2011.05.29 21:11:54 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\uTorrent
[2009.07.14 06:53:46 | 000,021,196 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.03.12 11:02:27 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR
[2009.07.14 06:54:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.12 02:34:41 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q
[2011.04.23 16:12:12 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.07.13 18:05:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.29 15:26:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.05.29 20:01:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.12 03:05:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.05.29 16:39:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.12 00:24:14 | 000,000,000 | -H-D | M] -- C:\Temp
[2011.03.12 02:28:41 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.29 01:43:20 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-27 13:08:54
 
< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.05.2011 21:26:56 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Pasi\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,29% Memory free
6,50 Gb Paging File | 5,24 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 16,43 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive F: | 471,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PASI-PC | User Name: Pasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{362483B1-91EB-4CB4-B9BB-3B4B4C644404}" = ZC0301PLH_Driver_Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = VIMICRO USB PC Camera (ZC0301PLH)
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Download Manager" = Download Manager 2.3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Movies2iPhone" = Movies2iPhone 1.21 beta for Windows
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MySSID_is1" = Vtune 7.12
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Samsung ML-3470 Series" = Samsung ML-3470 Series
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2011 20:33:12 | Computer Name = Pasi-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = 
 
Error - 11.03.2011 20:33:13 | Computer Name = Pasi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Avira\AntiVir
 Desktop\avwsc.exe".  Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11.03.2011 21:06:27 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (3836) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 14.03.2011 16:32:03 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (2844) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 23.04.2011 10:12:36 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (304) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 05.05.2011 06:08:40 | Computer Name = Pasi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WU-IE9-Windows7-x86.exe, version: 9.0.8112.16421,
 time stamp: 0x4d762851  Faulting module name: WU-IE9-Windows7-x86.exe, version: 9.0.8112.16421,
 time stamp: 0x4d762851  Exception code: 0xc0000005  Fault offset: 0x000162b1  Faulting
 process id: 0x8e0  Faulting application start time: 0x01cc0b0ba2dacbca  Faulting application
 path: C:\Windows\SoftwareDistribution\Download\Install\WU-IE9-Windows7-x86.exe  Faulting
 module path: C:\Windows\SoftwareDistribution\Download\Install\WU-IE9-Windows7-x86.exe
Report
 Id: a5c88529-76ff-11e0-b693-001fd028da4b
 
Error - 19.05.2011 19:50:49 | Computer Name = Pasi-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: fd0    Start
 Time: 01cc1673fcac8331    Termination Time: 93    Application Path: C:\Program Files\Mozilla
 Firefox\firefox.exe    Report Id: cecf7bf1-8272-11e0-9643-001fd028da4b  
 
Error - 24.05.2011 09:48:41 | Computer Name = Pasi-PC | Source = VSS | ID = 8194
Description = 
 
Error - 26.05.2011 22:13:02 | Computer Name = Pasi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TuneUpUtilitiesService32.exe, version: 
10.0.3000.99, time stamp: 0x4d076afa  Faulting module name: unknown, version: 0.0.0.0,
 time stamp: 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00540052  Faulting
 process id: 0x134  Faulting application start time: 0x01cc1c0898973586  Faulting application
 path: C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe  Faulting
 module path: unknown  Report Id: d91b965c-8806-11e0-b478-001fd028da4b
 
Error - 28.05.2011 19:37:01 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (2504) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
[ System Events ]
Error - 29.05.2011 09:11:30 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
 error:   %%1083
 
Error - 29.05.2011 09:11:32 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%20
 
Error - 29.05.2011 09:11:40 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sptd
 
Error - 29.05.2011 09:15:59 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
Error - 29.05.2011 13:57:51 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
Error - 29.05.2011 14:02:41 | Computer Name = Pasi-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
 
Error - 29.05.2011 14:02:52 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
 error:   %%1083
 
Error - 29.05.2011 14:02:54 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%20
 
Error - 29.05.2011 14:03:01 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sptd
 
Error - 29.05.2011 14:03:14 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
 
< End of report >
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-05-29 22:18:27
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD6400AAKS-65A7B2 rev.01.03B01
Running: jciu6nkj.exe; Driver: C:\Users\Pasi\AppData\Local\Temp\kxldapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1           8308A339 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2  830C3D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000057       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----[/QUOTE]
--- --- ---
Geändert von papaskoo (29.05.2011 um 21:21 Uhr)

 

Themen zu Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt
action center, anti-malware, appdata, assembly, befall, c:\windows\system32\rundll32.exe, call of duty, dateien, dateien versteckt, defekt, desktop, explorer, extras.txt, folge, frage, fragen, gen, gmer, install.exe, langs, launch, leerer desktop, locker, malwarebytes, microsoft office word, mozilla thunderbird, neustart, nvlddmkm.sys, oldtimer, otl.txt, plug-in, programme, registry, searchplugins, service, sptd.sys, start menu, surfen, system, temp, trojan.agent, trojan.fakems, trojaner, verschwunden, version, webcheck


« TR/VB.Downloader.Gen in C:\Windows\System32\ | Virenproblem »


Ähnliche Themen: Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt


  1. Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.
    Plagegeister aller Art und deren Bekämpfung - 09.04.2015 (15)
  2. Backdoor.agent.?Desktop schwarz, Dateien versteckt.
    Log-Analyse und Auswertung - 28.03.2013 (17)
  3. Alle Dateien versteckt nach Befall mit S.M.A.R.T Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (50)
  4. Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"
    Log-Analyse und Auswertung - 09.07.2012 (29)
  5. S.M.A.R.T data recovery - Desktop schwarz, Daten versteckt, Startmenü leer
    Log-Analyse und Auswertung - 14.05.2012 (3)
  6. TR/Crypt.XPACK.Gen , Dateien versteckt, Desktop schwarz
    Log-Analyse und Auswertung - 15.04.2012 (25)
  7. S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt
    Log-Analyse und Auswertung - 10.04.2012 (15)
  8. Verknüpfungen von Desktop gelöscht/ Desktop schwarz und keinen Zugriff auf Dateien
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (1)
  9. Fake alert: Desktop, Startmenü, Eigene Dateien unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (3)
  10. Hdd angeblich beschädigt, alle Dateien/Ordner versteckt, Hintergrund schwarz
    Plagegeister aller Art und deren Bekämpfung - 16.11.2011 (11)
  11. Alle Dateien und Programme weg, Desktop schwarz
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (19)
  12. Desktop schwarz, Dateien versteckt, RAM ausgelastet/Festplattenfehler-Meldung
    Plagegeister aller Art und deren Bekämpfung - 04.06.2011 (7)
  13. Dateien versteckt, Desktop leer - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (11)
  14. TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(
    Log-Analyse und Auswertung - 29.04.2011 (6)
  15. TR/Kazy.mekml.1 , Eigene Dateien weg, Desktop futsch,....
    Log-Analyse und Auswertung - 28.04.2011 (1)
  16. TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (9)
  17. Eigene Dateien weg/Desktop verändert --> Trojaner?
    Mülltonne - 22.12.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt - Hallo ihr Lieben, ich wurde gestern beim Surfen vom Trojaner "Trojan.FakeMS" befallen mit den hier anscheinend bekannten Begleiterscheinungen: Schwarzer und leerer Desktop, User-files, Libraries und Eigenen Dateien sind verschwunden (eventl. - Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt...
Archiv
Du betrachtest: Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131