| |
| |||||||
Log-Analyse und Auswertung: Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien verstecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.05.2011, 20:34
| #1 | |
| |  Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt Hallo ihr Lieben, ich wurde gestern beim Surfen vom Trojaner "Trojan.FakeMS" befallen mit den hier anscheinend bekannten Begleiterscheinungen: Schwarzer und leerer Desktop, User-files, Libraries und Eigenen Dateien sind verschwunden (eventl. versteckt) und es kamen Error-Meldungen, dass die HD defekt wäre, bzw. mein System befallen ist. Es folgte ein erzwungener Restart. Ich dachte mir schon, dass es so ein erpresserischer Trojaner Arsch ist, der von mir will, dass ich irgendwelche Programme herunterlade. Ähnliches habe ich dann auch bei euch gelesen: http://www.trojaner-board.de/99673-f...-detected.html 1. Als erstes habe ich in der Registry den Eintrag "lobouyvvyw.exe" in Run entfernt, damit mein System nicht dauernd restartet. 2. Als nächstes habe ich Malwarebytes rüberlaufen lassen und die 4 befallenen Dateien entfernt. Zitat:
Hier die Logs OTL.txt und Extras.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.05.2011 21:26:56 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Pasi\Downloads An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,29% Memory free 6,50 Gb Paging File | 5,24 Gb Available in Paging File | 80,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 16,43 Gb Free Space | 16,82% Space Free | Partition Type: NTFS Drive F: | 471,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PASI-PC | User Name: Pasi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.29 21:05:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Pasi\Downloads\OTL.exe PRC - [2011.05.07 19:09:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.04.28 14:41:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.17 15:31:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.14 15:04:48 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2010.12.14 15:03:16 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.29 18:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2006.07.18 17:15:18 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VMSnap3.exe PRC - [2006.07.04 15:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe PRC - [2006.01.25 00:07:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM303_STI.EXE ========== Modules (SafeList) ========== MOD - [2011.05.29 21:05:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Pasi\Downloads\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.28 14:41:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.17 15:31:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.14 15:03:16 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.12.14 15:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.07.29 18:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.05.24 19:39:20 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.03.17 15:31:38 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.02.23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.11.29 20:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.23 22:39:49 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.17 23:39:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.17 23:31:26 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.27 14:41:10 | 000,306,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.06.10 04:19:15 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.03.18 19:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303) DRV - [2007.03.16 17:24:50 | 001,474,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2007.01.11 10:07:09 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 C9 4E 3D 34 1E CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.spiegel.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.07 19:09:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 19:09:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.29 12:40:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.03.12 02:27:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Extensions [2010.11.21 04:48:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.24 13:53:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\9y584fcc.default\extensions [2011.03.12 02:27:29 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\9y584fcc.default\extensions\firefox@tvunetworks.com [2011.05.20 15:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.05.20 15:13:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.03.12 02:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\PASI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9Y584FCC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.05.07 19:09:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.03.03 17:32:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.05.07 19:09:04 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.07 19:09:04 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011.05.07 19:09:04 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.07 19:09:04 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.07 19:09:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.07 19:09:04 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro) O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [VMSnap3] C:\Windows\VMSnap3.exe (Vimicro) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.09.21 04:23:26 | 000,000,710 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2224acd9-862a-11e0-82b0-00059a3c7800}\Shell - "" = AutoRun O33 - MountPoints2\{2224acd9-862a-11e0-82b0-00059a3c7800}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{9761c121-fc7f-11df-aacd-001fd028da4b}\Shell - "" = AutoRun O33 - MountPoints2\{9761c121-fc7f-11df-aacd-001fd028da4b}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{dcc4710d-f28d-11df-bd92-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{dcc4710d-f28d-11df-bd92-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2009.09.21 03:12:55 | 000,777,320 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2011.05.29 15:26:32 | 000,000,000 | ---D | C] -- C:\Users\Pasi\AppData\Roaming\Malwarebytes [2011.05.29 15:26:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 15:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.29 15:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.29 15:26:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.29 15:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.05.29 15:25:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Pasi\mbam-setup-1.50.1.1100.exe [2011.05.29 00:39:58 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery [2011.05.24 19:54:33 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Local\Activision [2011.05.24 19:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2011.05.24 19:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Activision [2011.05.24 19:39:20 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.05.24 19:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.05.24 19:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011.05.24 19:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2011.05.24 19:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2011.05.24 19:15:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2011.05.22 15:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate [2011.05.22 15:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung ML-3470 Series [2011.05.22 15:59:21 | 000,000,000 | ---D | C] -- C:\Windows\Samsung [2011.05.22 15:59:04 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll [2011.05.22 15:59:04 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll [2011.05.22 15:58:15 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sml347ci.exe [2011.05.22 15:58:15 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sml347ci.dll [2011.05.22 15:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2011.05.21 21:15:54 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS [2011.05.21 20:59:20 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Local\Diagnostics [2011.05.21 20:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2011.05.21 20:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\avmwlanstick [2011.05.21 20:33:34 | 000,265,088 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusb.sys [2011.05.21 20:33:34 | 000,074,752 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwlanci.dll [2011.05.21 20:33:34 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys [2011.05.21 20:33:34 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2011.05.21 20:33:31 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AVM_Driver [2011.05.20 15:12:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras [2011.05.20 15:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.20 15:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011.05.19 23:49:51 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\Desktop\Call of Duty 4 Modern Warfare + MP FULL-RIP[COTTA] [2011.05.15 22:46:58 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Roaming\vlc [2011.05.15 22:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [1 C:\Users\Pasi\*.tmp files -> C:\Users\Pasi\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.29 20:10:06 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.29 20:10:06 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.29 20:07:02 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.29 20:07:02 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.29 20:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.29 20:02:49 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2011.05.29 20:00:36 | 000,186,770 | ---- | M] () -- C:\Users\Pasi\Desktop\trojaner.jpg [2011.05.29 19:59:51 | 003,932,214 | ---- | M] () -- C:\Users\Pasi\Desktop\New Bitmap Image.bmp [2011.05.29 15:26:27 | 000,001,095 | ---- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.05.29 15:26:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.29 15:26:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Pasi\mbam-setup-1.50.1.1100.exe [2011.05.29 00:53:54 | 359,520,698 | -H-- | M] () -- C:\Users\Pasi\Desktop\Calista Natural Big Boobs Fucked On The Bed.wmv [2011.05.29 00:52:10 | 234,119,326 | -H-- | M] () -- C:\Users\Pasi\Desktop\BustyTeen_Brooke_Lynn.mp4 [2011.05.29 00:39:59 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~28303096r [2011.05.29 00:39:59 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28303096 [2011.05.29 00:39:58 | 000,000,635 | -H-- | M] () -- C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk [2011.05.29 00:39:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\28303096 [2011.05.26 21:15:43 | 000,654,319 | -H-- | M] () -- C:\Users\Pasi\Desktop\wer ist das.png [2011.05.26 21:09:08 | 003,421,879 | -H-- | M] () -- C:\Users\Pasi\Desktop\love-lost-prod-by-black-diamond.mp3 [2011.05.24 19:39:20 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.05.24 19:19:05 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2011.05.24 19:15:16 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF [2011.05.24 15:53:28 | 000,022,328 | -H-- | M] () -- C:\Users\Pasi\AppData\Roaming\PnkBstrK.sys [2011.05.24 15:53:28 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.05.20 00:32:28 | 000,001,272 | -H-- | M] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - MP.lnk [2011.05.20 00:32:28 | 000,001,272 | -H-- | M] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - Modern Warfare.lnk [2011.05.07 19:09:17 | 000,002,002 | -H-- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011.05.05 16:07:42 | 000,001,411 | -H-- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011.05.05 12:08:25 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [1 C:\Users\Pasi\*.tmp files -> C:\Users\Pasi\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.29 20:00:27 | 000,186,770 | ---- | C] () -- C:\Users\Pasi\Desktop\trojaner.jpg [2011.05.29 19:59:25 | 003,932,214 | ---- | C] () -- C:\Users\Pasi\Desktop\New Bitmap Image.bmp [2011.05.29 15:26:27 | 000,001,095 | ---- | C] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.05.29 15:26:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.29 00:40:45 | 234,119,326 | -H-- | C] () -- C:\Users\Pasi\Desktop\BustyTeen_Brooke_Lynn.mp4 [2011.05.29 00:39:59 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~28303096r [2011.05.29 00:39:58 | 000,000,635 | -H-- | C] () -- C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk [2011.05.29 00:39:58 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~28303096 [2011.05.29 00:39:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\28303096 [2011.05.29 00:30:15 | 359,520,698 | -H-- | C] () -- C:\Users\Pasi\Desktop\Calista Natural Big Boobs Fucked On The Bed.wmv [2011.05.26 21:08:13 | 003,421,879 | -H-- | C] () -- C:\Users\Pasi\Desktop\love-lost-prod-by-black-diamond.mp3 [2011.05.26 21:03:50 | 000,654,319 | -H-- | C] () -- C:\Users\Pasi\Desktop\wer ist das.png [2011.05.24 19:15:16 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF [2011.05.22 15:59:22 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.05.21 20:33:35 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2011.05.20 00:32:28 | 000,001,272 | -H-- | C] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - MP.lnk [2011.05.20 00:32:28 | 000,001,272 | -H-- | C] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - Modern Warfare.lnk [2011.05.05 12:08:25 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.22 19:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.28 16:00:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.12 02:33:22 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.03.04 18:48:43 | 000,000,600 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\winscp.rnd [2010.12.12 02:03:07 | 000,000,095 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\Movies2iPhone.ini [2010.11.21 03:53:57 | 000,022,328 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\PnkBstrK.sys [2010.11.21 03:53:57 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.11.21 03:53:24 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.11.21 03:53:22 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.11.21 03:53:22 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.11.20 20:31:15 | 000,126,976 | ---- | C] () -- C:\Windows\System32\vmcoinst_zc0301plh.dll [2010.11.20 20:30:48 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe [2010.11.20 20:30:48 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe [2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.12.04 10:48:08 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll [2009.12.04 10:48:06 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ml347Pl3.dll [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,364,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\DAEMON Tools Lite [2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\elsterformular [2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Foxit [2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Foxit Software [2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\IrfanView [2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Leadertech [2011.03.12 02:27:30 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\OpenOffice.org [2011.03.12 02:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Thunderbird [2011.03.12 02:27:35 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\TrueCrypt [2011.03.12 02:27:35 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\TuneUp Software [2011.05.29 21:11:54 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\uTorrent [2009.07.14 06:53:46 | 000,021,196 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.12 11:02:27 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR [2009.07.14 06:54:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.03.12 02:34:41 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q [2011.04.23 16:12:12 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.07.13 18:05:03 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.29 15:26:23 | 000,000,000 | R--D | M] -- C:\Program Files [2011.05.29 20:01:08 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.03.12 03:05:55 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.05.29 16:39:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.12 00:24:14 | 000,000,000 | -H-D | M] -- C:\Temp [2011.03.12 02:28:41 | 000,000,000 | R--D | M] -- C:\Users [2011.05.29 01:43:20 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-27 13:08:54 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.05.2011 21:26:56 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Pasi\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,29% Memory free
6,50 Gb Paging File | 5,24 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 16,43 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive F: | 471,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PASI-PC | User Name: Pasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{362483B1-91EB-4CB4-B9BB-3B4B4C644404}" = ZC0301PLH_Driver_Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = VIMICRO USB PC Camera (ZC0301PLH)
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Download Manager" = Download Manager 2.3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Movies2iPhone" = Movies2iPhone 1.21 beta for Windows
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MySSID_is1" = Vtune 7.12
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Samsung ML-3470 Series" = Samsung ML-3470 Series
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.03.2011 20:33:12 | Computer Name = Pasi-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =
Error - 11.03.2011 20:33:13 | Computer Name = Pasi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Avira\AntiVir
Desktop\avwsc.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11.03.2011 21:06:27 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (3836) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
Error - 14.03.2011 16:32:03 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (2844) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
Error - 23.04.2011 10:12:36 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (304) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
Error - 05.05.2011 06:08:40 | Computer Name = Pasi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WU-IE9-Windows7-x86.exe, version: 9.0.8112.16421,
time stamp: 0x4d762851 Faulting module name: WU-IE9-Windows7-x86.exe, version: 9.0.8112.16421,
time stamp: 0x4d762851 Exception code: 0xc0000005 Fault offset: 0x000162b1 Faulting
process id: 0x8e0 Faulting application start time: 0x01cc0b0ba2dacbca Faulting application
path: C:\Windows\SoftwareDistribution\Download\Install\WU-IE9-Windows7-x86.exe Faulting
module path: C:\Windows\SoftwareDistribution\Download\Install\WU-IE9-Windows7-x86.exe
Report
Id: a5c88529-76ff-11e0-b693-001fd028da4b
Error - 19.05.2011 19:50:49 | Computer Name = Pasi-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fd0 Start
Time: 01cc1673fcac8331 Termination Time: 93 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: cecf7bf1-8272-11e0-9643-001fd028da4b
Error - 24.05.2011 09:48:41 | Computer Name = Pasi-PC | Source = VSS | ID = 8194
Description =
Error - 26.05.2011 22:13:02 | Computer Name = Pasi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TuneUpUtilitiesService32.exe, version:
10.0.3000.99, time stamp: 0x4d076afa Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00540052 Faulting
process id: 0x134 Faulting application start time: 0x01cc1c0898973586 Faulting application
path: C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe Faulting
module path: unknown Report Id: d91b965c-8806-11e0-b478-001fd028da4b
Error - 28.05.2011 19:37:01 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (2504) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
[ System Events ]
Error - 29.05.2011 09:11:30 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083
Error - 29.05.2011 09:11:32 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20
Error - 29.05.2011 09:11:40 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
Error - 29.05.2011 09:15:59 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 29.05.2011 13:57:51 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 29.05.2011 14:02:41 | Computer Name = Pasi-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 29.05.2011 14:02:52 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083
Error - 29.05.2011 14:02:54 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20
Error - 29.05.2011 14:03:01 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
Error - 29.05.2011 14:03:14 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-05-29 22:18:27
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD6400AAKS-65A7B2 rev.01.03B01
Running: jciu6nkj.exe; Driver: C:\Users\Pasi\AppData\Local\Temp\kxldapod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 8308A339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----[/QUOTE]
Geändert von papaskoo (29.05.2011 um 21:21 Uhr) |
|
30.05.2011, 10:56
| #2 |
| /// Malware-holic   | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL [2011.05.29 00:39:58 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery [2011.05.29 00:39:59 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~28303096r [2011.05.29 00:39:59 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28303096 [2011.05.29 00:39:58 | 000,000,635 | -H-- | M] () -- C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ |
|
30.05.2011, 17:56
| #3 | |
| | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt Vielen Dank für die Hilfe. Hier der OTL Fix-Log und der ComboFix Log
__________________Nach dem Neustart ist der Desktop noch schwarz, die Dateien sind wieder da. Das Startmenü ist allerdings noch leer und die Verknüpfungen in der Taskleiste sind verwaist. "Cant open this iten" .. Aber manuell funktionieren die Programme. Zitat:
Code:
ATTFilter ComboFix 11-05-29.04 - Pasi 30.05.2011 18:32:41.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1033.18.3326.2227 [GMT 2:00]
ausgeführt von:: c:\users\Pasi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pasi\mbam-setup-1.50.1.1100.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-28 bis 2011-05-30 ))))))))))))))))))))))))))))))
.
.
2011-05-30 16:31 . 2011-05-30 16:31 -------- d-----w- C:\32788R22FWJFW
2011-05-30 15:59 . 2011-05-30 15:59 -------- d-----w- C:\_OTL
2011-05-29 13:26 . 2011-05-29 13:26 -------- d-----w- c:\users\Pasi\AppData\Roaming\Malwarebytes
2011-05-29 13:26 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:26 . 2011-05-29 13:26 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 13:26 . 2011-05-29 18:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 13:26 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 23:37 . 2011-05-28 23:37 -------- d-----w- c:\users\Lisa\AppData\Roaming\TuneUp Software
2011-05-27 13:08 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9758B10-5161-4BD6-9578-91C38E5E00FB}\mpengine.dll
2011-05-25 13:38 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 17:54 . 2011-05-24 17:54 -------- d-----w- c:\users\Pasi\AppData\Local\Activision
2011-05-24 17:41 . 2011-05-24 17:41 -------- d-----w- c:\program files\Activision
2011-05-24 17:39 . 2011-05-24 17:39 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-24 17:39 . 2011-05-24 17:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-24 17:18 . 2011-05-24 17:18 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2011-05-24 17:18 . 2011-05-24 17:19 -------- d-----w- c:\users\Pasi\B0BF705768694E4B920CEA2A58DA07F0.TMP
2011-05-24 11:56 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-22 13:59 . 2009-09-21 01:12 482408 ----a-w- c:\windows\ssndii.exe
2011-05-22 13:59 . 2011-05-22 13:59 -------- d-----w- c:\windows\Samsung
2011-05-22 13:59 . 2009-06-11 04:42 81920 ----a-w- c:\windows\system32\ssdevm.dll
2011-05-22 13:59 . 2007-01-08 01:57 49152 ----a-w- c:\windows\system32\ssusbpn.dll
2011-05-22 13:59 . 2007-01-08 01:57 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-05-22 13:59 . 2007-01-08 01:57 38160 ----a-w- c:\windows\system32\msxml2r.dll
2011-05-22 13:59 . 2007-01-08 01:57 21776 ----a-w- c:\windows\system32\msxml2a.dll
2011-05-22 13:59 . 2007-01-08 01:57 701440 ----a-w- c:\windows\system32\msxml2.dll
2011-05-22 13:58 . 2007-01-10 03:40 151552 ----a-w- c:\windows\system32\sml347ci.exe
2011-05-22 13:58 . 2007-01-10 03:40 65536 ----a-w- c:\windows\system32\sml347ci.dll
2011-05-22 13:57 . 2011-05-22 13:57 -------- d-----w- c:\program files\Samsung
2011-05-22 13:55 . 2009-12-04 08:48 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ml347Ppc.dll
2011-05-21 19:15 . 2007-01-11 08:07 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2011-05-21 18:59 . 2011-05-21 18:59 -------- d-----w- c:\users\Pasi\AppData\Local\Diagnostics
2011-05-21 18:33 . 2011-05-21 18:33 -------- d-----w- c:\program files\avmwlanstick
2011-05-21 18:33 . 2007-01-25 23:00 97360 ----a-w- c:\windows\system32\drivers\Fwusb1b.bin
2011-05-21 18:33 . 2011-05-21 18:33 -------- d-----w- c:\windows\AVM_Driver
2011-05-21 18:33 . 2007-01-25 23:00 74752 ----a-w- c:\windows\system32\fwlanci.dll
2011-05-21 18:33 . 2007-01-25 23:00 4352 ----a-w- c:\windows\system32\drivers\avmeject.sys
2011-05-21 18:33 . 2007-01-25 23:00 265088 ----a-w- c:\windows\system32\drivers\fwlanusb.sys
2011-05-21 18:33 . 2011-05-21 18:33 -------- d-----w- c:\users\Pasi\AVM_Driver
2011-05-21 15:41 . 2011-05-21 15:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 13:12 . 2011-05-24 17:39 -------- d-----w- c:\programdata\Skype Extras
2011-05-20 13:12 . 2011-05-20 13:12 -------- d-----w- c:\program files\Common Files\Skype
2011-05-15 20:46 . 2011-05-15 23:35 -------- d-----w- c:\users\Pasi\AppData\Roaming\vlc
2011-05-11 20:06 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 20:06 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-07 17:09 . 2011-05-07 17:09 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 17:09 . 2011-05-07 17:09 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 17:09 . 2011-05-07 17:09 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 17:09 . 2011-05-07 17:09 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 17:09 . 2011-05-07 17:09 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-07 17:09 . 2011-05-07 17:09 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 17:09 . 2011-05-07 17:09 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 17:09 . 2011-05-07 17:09 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 13:53 . 2010-11-21 01:53 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-24 13:53 . 2010-11-21 01:53 22328 ----a-w- c:\users\Pasi\AppData\Roaming\PnkBstrK.sys
2011-05-24 13:53 . 2010-11-21 01:53 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-24 13:52 . 2010-11-21 01:53 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-22 18:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-17 13:31 . 2010-11-17 21:51 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-12 11:23 . 2011-04-28 12:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:39 . 2011-04-28 12:46 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:39 . 2011-04-28 12:46 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39 . 2011-04-28 12:46 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39 . 2011-04-28 12:46 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38 . 2011-04-28 12:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38 . 2011-04-28 12:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38 . 2011-04-28 12:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33 . 2011-04-14 08:46 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 08:46 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-28 12:46 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31 . 2011-04-28 12:46 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:28 . 2011-04-14 08:46 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:32 . 2011-03-03 15:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-03 05:38 . 2011-04-14 08:47 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-14 08:47 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-14 08:46 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-05-07 17:09 . 2011-05-07 17:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-07-30 2158592]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-09-24 614400]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-17 691696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
R3 rt70x86;ASUS RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [2010-04-27 306016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-24 218688]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-11 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-29 248936]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\9y584fcc.default\
FF - prefs.js: browser.startup.homepage - SPIEGEL ONLINE - Nachrichten
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Pasi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
AddRemove-{A64240FF-9C31-4858-AE9D-65483C5DE63A} - c:\users\Pasi\AppData\Local\{DFF7F5B3-9811-4BE0-94D3-DE8D714CEC8A}\Living Hell Light Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-30 18:38:46
ComboFix-quarantined-files.txt 2011-05-30 16:38
.
Vor Suchlauf: 17.514.594.304 bytes free
Nach Suchlauf: 17.280.811.008 bytes free
.
- - End Of File - - A9C0175D05F457FC02D365B21D70929E
Geändert von papaskoo (30.05.2011 um 18:02 Uhr) |
|
30.05.2011, 18:17
| #4 |
| /// Malware-holic | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt öffne computer , öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html aber unter alle programme sind noch welche zu finden oder nicht? den rest können wir leider nicht rückgängig machen. lösche halt die schnellstart verknüpfungen und hänge sie neu an.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2011, 14:45
| #5 |
| | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt Vielen Dank, war ne super Hilfe! Es ist alles wieder da, soweit ich das gesehen habe. Ja die Programme funktionieren, ich mache die Verknüpfungen neu. Ich lade die Daten im Laufe des Abends hoch. Kann ich mein System als sauber betrachten oder empfiehlt sich trotzdem ne Neuinstallation? Viel Erfolg weiterhin! |
|
31.05.2011, 14:50
| #6 |
| /// Malware-holic | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt sieht io aus, wir machen aber noch 2 3 kleinigkeiten.
__________________ --> Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt |
|
02.06.2011, 20:15
| #7 |
| | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt Okay, ist hochgeladen. |
|
05.06.2011, 15:55
| #8 |
| /// Malware-holic | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt lade den CCleaner standard: CCleaner - Standard falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2011, 22:50
| #9 |
| | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 11.03.2011 6,00MB 10.1.102.64 wichtig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 20.05.2011 6,00MB 10.3.181.14 unwichtig Apple Application Support Apple Inc. 21.04.2011 51,0MB 1.5.1 unwichtig Apple Mobile Device Support Apple Inc. 13.03.2011 21,8MB 3.4.0.25 unwichtig Apple Software Update Apple Inc. 20.11.2010 2,26MB 2.1.2.120 unwichtig Audacity 1.3.12 Audacity Team 30.05.2011 32,3MB wichtig Avira AntiVir Personal - Free Antivirus Avira GmbH 27.04.2011 70,7MB 10.0.0.648 wichtig Bonjour Apple Inc. 21.04.2011 1,10MB 2.0.5.0 wichtig Call of Duty: Black Ops 23.05.2011 wichtig CCleaner Piriform 04.06.2011 3.07 wichtig Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 23.05.2011 11,6MB 5.0.6 wichtig Crysis(R) Electronic Arts 20.11.2010 6.353MB 1.00.0000 wichtig DAEMON Tools Lite DT Soft Ltd 23.05.2011 4.40.2.0131 wichtig DAEMON Tools Toolbar DT Soft Ltd 11.03.2011 1.1.2.0185 unwichtig DivX-Setup DivX, Inc. 11.03.2011 2.1.2.2 unbekannt Download Manager 2.3.10 IGN Entertainment, Inc. 11.03.2011 2.3.10 unwichtig FIFA 11 Electronic Arts 20.11.2010 6.262MB 1.0.0.0 wichtig Foxit Reader Foxit Corporation 11.03.2011 11,1MB 4.3.0.1110 wichtig Foxit Toolbar Ask.com 20.11.2010 2,57MB 1.9.1.0 unwichtig GIMP 2.6.11 The GIMP Team 07.04.2011 106,8MB 2.6.11 wichtig IrfanView (remove only) Irfan Skiljan 11.03.2011 1,50MB 4.27 wichtig iTunes Apple Inc. 21.04.2011 143,9MB 10.2.2.12 wichtig Java(TM) 6 Update 22 Oracle 02.03.2011 95,0MB 6.0.220 wichtig LAME v3.98.3 for Audacity 30.05.2011 1,17MB wichtig Malwarebytes' Anti-Malware Malwarebytes Corporation 28.05.2011 10,5MB wichtig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.03.2011 38,8MB 4.0.30319 wichtig Microsoft Office Enterprise 2007 Microsoft Corporation 11.03.2011 12.0.4518.1014 wichtig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20.11.2010 0,42MB 8.0.56336 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 20.11.2010 0,24MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.11.2010 0,58MB 9.0.30729.4148 unbekannt Movies2iPhone 1.21 beta for Windows OKprods Ltd 11.03.2011 1.21 beta for Windows wichtig Mozilla Firefox 4.0.1 (x86 de) Mozilla 06.05.2011 32,7MB 4.0.1 wichtig Mozilla Thunderbird (3.1.10) Mozilla 28.04.2011 3.1.10 (de) wichtig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 30.11.2010 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 01.12.2010 1,33MB 4.20.9876.0 unbekannt NVIDIA Display Control Panel NVIDIA Corporation 11.03.2011 6.14.12.5919 unwichtig NVIDIA Drivers NVIDIA Corporation 11.03.2011 63,0MB 1.10.62.40 wichtig NVIDIA PhysX NVIDIA Corporation 16.11.2010 73,8MB 9.10.0224 unbekannt NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 11.03.2011 7.17.12.5919 unbekannt OpenOffice.org 3.3 OpenOffice.org 08.03.2011 413MB 3.3.9567 wichtig PDF24 Creator 2.8.8 PDF24.org 28.11.2010 16,1MB wichtig PunkBuster Services Even Balance, Inc. 11.03.2011 0.986 unwichtig QuickTime Apple Inc. 11.01.2011 73,7MB 7.69.80.9 unwichtig Samsung ML-3470 Series Samsung Electronics CO.,LTD 21.05.2011 wichtig Skype Toolbars Skype Technologies S.A. 19.05.2011 6,95MB 5.3.7280 unwichtig Skype™ 5.3 Skype Technologies S.A. 19.05.2011 22,6MB 5.3.111 wichtig TrueCrypt TrueCrypt Foundation 11.03.2011 7.0a wichtig TuneUp Utilities 2011 TuneUp Software 11.03.2011 10.0.3000.99 wichtig VIMICRO USB PC Camera (ZC0301PLH) 11.03.2011 wichtig VLC media player 1.1.9 VideoLAN 14.05.2011 1.1.9 wichtig Vtune 7.12 16.11.2010 11,1MB unwichtig Winamp Nullsoft, Inc 11.03.2011 5.581 wichtig WinRAR 11.03.2011 wichtig WinSCP 4.3.2 Martin Prikryl 03.03.2011 8,56MB 4.3.2 wichtig ZC0301PLH_Driver_Setup Vimicro 19.11.2010 1.00.0000 unbekannt µTorrent 11.03.2011 2.2.0 wichtig |
|
06.06.2011, 10:08
| #10 |
| /// Malware-holic | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt deinstaliere DAEMON Tools Toolbar Download Manager Foxit Toolbar Ask PunkBuster Skype Toolbars TuneUp Utilities verzichte auf sonen schrott der kann dir das system zerschießen und bringt nichts. bereinige mit dem ccleaner.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2011, 14:03
| #11 |
| | Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt Okay, ist alles erledigt. Ist sonst noch was zu tun? Sonst bedanke ich mich für die Hilfe! |
|
| Themen zu Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt |
| action center, anti-malware, appdata, assembly, befall, c:\windows\system32\rundll32.exe, call of duty, dateien, dateien versteckt, defekt, desktop, explorer, extras.txt, folge, frage, fragen, gen, gmer, install.exe, langs, launch, leerer desktop, locker, malwarebytes, microsoft office word, mozilla thunderbird, neustart, nvlddmkm.sys, oldtimer, otl.txt, plug-in, programme, registry, searchplugins, service, sptd.sys, start menu, surfen, system, temp, trojan.agent, trojan.fakems, trojaner, verschwunden, version, webcheck |
Linear-Darstellung
