| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Vista Recovery - Virus (Trojaner)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.05.2011, 20:23
| #1 |
| |  Windows Vista Recovery - Virus (Trojaner) Erstmal ein großes Kompliment an die Macher dieser Seite! Habe gesehen das Probleme sehr schnell beantwortet werden. Seid gestern Abend habe ich folgendes Problem. Als erstes öffnete sich dieses Fenster, konnte es weder schließen noch minimieren.  Anschließend bekam ich eine aufforderung meinen PC neu zustarten. Daraufhin (wie bei den meisten beschrieben) ein Schwarzer Desktop sowie alle Ordner verschwunden bzw. wie sich herrausgestellt hat versteckt. Die zweite Fehlermeldung war Folgende.  Kann den Desktophintergrund, Ordner und etc. zwar alles wieder zurücksetzen wie es vor dem Virus war, aber wenn ich ihn Ausschalte und wieder neu Hochfahre sind wieder die gleichen Merkmale und Fehler. Habe in anderen Foren von Usern mit dem gleichem Problem mich zwar schon versucht schlau zu machen und mir selbst zu helfen jedoch kläglich. Führe den TDSS Killer leider vergeblich aus. Bei mir wird kein Fehler entdeckt. Möchte noch als Randnotiz hinfügen. Das ist der Fehler der von AntiVir angezeigt wird.  Und wenn dieser Fehler auftritt und ich ihn versuche zu Schließen bzw. Minimieren fährt mein PC sofort herunter.  MfG Timo _____________________________________________________________________________________________ Betriebssystemname Microsoft® Windows Vista™ Home Premium Version 6.0.6001 Service Pack 1 Build 6001 Zusätzliche Betriebssystembeschreibung Nicht verfügbar Betriebssystemhersteller Microsoft Corporation Systemname TIMO-PC Systemhersteller Packard Bell BV Systemmodell IMEDIA D3860 GE Systemtyp X86-basierter PC Prozessor Pentium(R) Dual-Core CPU E5200 @ 2.50GHz, 2500 MHz, 2 Kern(e), 2 logische(r) Prozessor(en) BIOS-Version/-Datum American Megatrends Inc. PBDV10.P19, 04.06.2009 SMBIOS-Version 2.5 Windows-Verzeichnis C:\Windows Systemverzeichnis C:\Windows\system32 Startgerät \Device\HarddiskVolume2 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "6.0.6001.18000" Benutzername Timo-PC\Timo Zeitzone Mitteleuropäische Sommerzeit Installierter physikalischer Speicher (RAM) 4,00 GB Gesamter realer Speicher 3,00 GB Verfügbarer realer Speicher 1,72 GB Gesamter virtueller Speicher 6,22 GB Verfügbarer virtueller Speicher 4,88 GB Größe der Auslagerungsdatei 3,29 GB Auslagerungsdatei C:\pagefile.sys Geändert von da_timo (30.05.2011 um 21:11 Uhr) |
|
31.05.2011, 20:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Vista Recovery - Virus (Trojaner) Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
31.05.2011, 20:57
| #3 |
| | Windows Vista Recovery - Virus (Trojaner) kurze zwischenfrage
__________________ist jetzt ca. 1std gelaufen. was nun? entferne auswahl speichere logdatei?? |
|
31.05.2011, 21:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista Recovery - Virus (Trojaner) Wie es in der Anleitung steht. Alle Funde entfernen, dann das Log posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.05.2011, 22:03
| #5 |
| | Windows Vista Recovery - Virus (Trojaner) OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2011 22:49:44 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Timo\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,36% Memory free 6,23 Gb Paging File | 5,08 Gb Available in Paging File | 81,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 284,09 Gb Total Space | 175,02 Gb Free Space | 61,61% Space Free | Partition Type: NTFS Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.30 18:59:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.0\ICQ.exe PRC - [2009.12.05 12:17:17 | 000,040,960 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.18 11:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe PRC - [2008.09.18 11:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe PRC - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe PRC - [2008.07.07 17:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe PRC - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\System32\HidService.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.28 17:16:06 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ========== Modules (SafeList) ========== MOD - [2011.05.30 18:59:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009.12.05 12:17:17 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Timo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.11 08:07:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\System32\HidService.exe -- (GenericHidService) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) ========== Driver Services (SafeList) ========== DRV - [2009.12.07 23:40:46 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.06 23:29:00 | 009,759,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.05.11 13:49:22 | 000,064,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2003.10.15 18:52:00 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0709&m=imedia_d3860_ge IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0709&m=imedia_d3860_ge IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0709&m=imedia_d3860_ge IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://kwick.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/" FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.23 FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}:1.0 FF - prefs.js..extensions.enabledItems: {63414328-3ab4-2c84-6c41-5a473c4b2ff7}:1.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.23 21:00:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 21:00:36 | 000,000,000 | ---D | M] [2009.09.12 14:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions [2011.05.31 20:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions [2010.04.28 18:42:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.17 17:43:16 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011.03.17 17:43:11 | 000,000,000 | ---D | M] ("Get Styles") -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80} [2011.04.20 18:18:09 | 000,000,000 | ---D | M] ("Usage Stat") -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96} [2010.05.26 18:37:04 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99} [2010.06.28 18:18:38 | 000,000,000 | ---D | M] (QAssistant) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7} [2011.03.17 17:25:38 | 000,000,000 | ---D | M] (KFD Flv) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16} [2010.06.02 18:23:14 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\71a4tujl.default\extensions\firefox@tvunetworks.com [2009.12.05 12:17:19 | 000,001,834 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\71a4tujl.default\searchplugins\{4F2CAFBF-6500-4DE7-9BF8-08CDDC8048BB}.xml [2009.12.05 12:17:19 | 000,002,041 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\71a4tujl.default\searchplugins\{9246D9FA-6113-4FEE-8C2A-4E800A4AD0DE}.xml [2009.12.05 12:17:19 | 000,002,152 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\71a4tujl.default\searchplugins\{FA87BA1B-B51A-4862-8D31-B115C3598D04}.xml [2010.01.21 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.03 05:37:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.03 05:37:28 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.03 05:37:28 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.03 05:37:28 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.03 05:37:28 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Programme\Get Styles\enlbrdr.dll (TODO: <Company name>) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FijiKeyboard] c:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV) O4 - HKLM..\Run: [FujiKeyboard] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Timo\AppData\Roaming\OCS\SM\SearchAnonymizer.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [wcmdmgr] C:\Windows\wt\updater\wcmdmgrl.exe (WildTangent, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Get Styles\ct.htm () O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Get Styles\ct.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Timo\AppData\LocalLow\Microñoft\redir.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: C:\Users\Timo\Pictures\Wallpaper\Drogba_Nike.jpg O24 - Desktop BackupWallPaper: C:\Users\Timo\Pictures\Wallpaper\Drogba_Nike.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d5101a7a-17f6-11df-b6aa-002511354c9a}\Shell - "" = AutoRun O33 - MountPoints2\{d5101a7a-17f6-11df-b6aa-002511354c9a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.31 22:40:22 | 000,000,000 | R--D | C] -- C:\Users\Timo\Documents\Notes [2011.05.31 21:27:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2011.05.31 20:57:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Malwarebytes [2011.05.31 20:57:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.31 20:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.31 20:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.31 20:57:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.31 20:57:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.29 23:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.05.29 22:46:03 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.05.29 22:40:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4 [2011.05.29 22:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2 [2011.05.29 22:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1 [2011.05.02 15:05:20 | 000,000,000 | ---D | C] -- C:\Users\Timo\Documents\Freunde [2011.05.02 11:26:33 | 000,000,000 | R--D | C] -- C:\Users\Timo\Desktop\Desktop ========== Files - Modified Within 30 Days ========== [2011.05.31 22:26:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.05.31 22:25:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.31 22:25:10 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.31 22:25:10 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.31 22:25:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.31 22:25:02 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys [2011.05.31 22:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.31 20:57:40 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.30 21:08:05 | 001,164,662 | ---- | M] () -- C:\Users\Timo\Desktop\Meldung.bmp [2011.05.30 21:06:35 | 000,595,454 | ---- | M] () -- C:\Users\Timo\Desktop\Fehlermeldung - AntiVir.bmp [2011.05.30 21:05:23 | 000,565,526 | ---- | M] () -- C:\Users\Timo\Desktop\Critical Hard Disk.bmp [2011.05.30 21:00:58 | 000,697,734 | ---- | M] () -- C:\Users\Timo\Desktop\Eigenes Thema.bmp [2011.05.30 20:55:21 | 000,050,477 | ---- | M] () -- C:\Users\Timo\Desktop\Defogger.exe [2011.05.30 20:48:38 | 000,268,698 | ---- | M] () -- C:\Users\Timo\Desktop\Fehlermeldung.bmp [2011.05.30 20:46:32 | 000,000,411 | ---- | M] () -- C:\Users\Timo\Dokumente - Verknüpfung.lnk [2011.05.30 19:16:52 | 000,606,105 | ---- | M] () -- C:\Users\Timo\Desktop\unhide.exe [2011.05.30 18:59:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2011.05.29 22:50:55 | 000,080,832 | ---- | M] () -- C:\Users\Timo\Desktop\Unbenannt.jpg [2011.05.29 22:46:07 | 000,000,152 | ---- | M] () -- C:\ProgramData\~32300792r [2011.05.29 22:46:07 | 000,000,128 | ---- | M] () -- C:\ProgramData\~32300792 [2011.05.29 16:15:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.05.20 07:02:46 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.20 07:02:46 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.20 07:02:46 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.20 07:02:46 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2011.05.31 20:57:40 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.30 21:07:46 | 001,164,662 | ---- | C] () -- C:\Users\Timo\Desktop\Meldung.bmp [2011.05.30 21:04:34 | 000,565,526 | ---- | C] () -- C:\Users\Timo\Desktop\Critical Hard Disk.bmp [2011.05.30 21:00:22 | 000,697,734 | ---- | C] () -- C:\Users\Timo\Desktop\Eigenes Thema.bmp [2011.05.30 20:55:21 | 000,050,477 | ---- | C] () -- C:\Users\Timo\Desktop\Defogger.exe [2011.05.30 20:48:00 | 000,595,454 | ---- | C] () -- C:\Users\Timo\Desktop\Fehlermeldung - AntiVir.bmp [2011.05.30 20:48:00 | 000,268,698 | ---- | C] () -- C:\Users\Timo\Desktop\Fehlermeldung.bmp [2011.05.30 20:46:32 | 000,000,411 | ---- | C] () -- C:\Users\Timo\Dokumente - Verknüpfung.lnk [2011.05.30 19:21:11 | 000,606,105 | ---- | C] () -- C:\Users\Timo\Desktop\unhide.exe [2011.05.29 22:50:55 | 000,080,832 | ---- | C] () -- C:\Users\Timo\Desktop\Unbenannt.jpg [2011.05.29 22:46:07 | 000,000,152 | ---- | C] () -- C:\ProgramData\~32300792r [2011.05.29 22:46:07 | 000,000,128 | ---- | C] () -- C:\ProgramData\~32300792 [2011.02.03 20:55:46 | 000,000,011 | ---- | C] () -- C:\Windows\wanpatan.ini [2011.02.03 20:55:34 | 000,028,672 | ---- | C] () -- C:\Windows\gscr.dll [2010.04.11 19:35:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.02 13:54:11 | 000,000,260 | ---- | C] () -- C:\Windows\wininit.ini [2010.03.21 01:04:57 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.03.06 22:30:04 | 000,096,456 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2010.02.11 09:58:56 | 000,004,096 | ---- | C] () -- C:\Windows\System32\detoured.dll [2009.09.13 17:28:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.13 13:14:07 | 000,074,240 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.13 12:56:24 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe [2009.09.13 12:56:19 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe [2009.09.13 12:56:19 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe [2009.09.12 14:46:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.12 13:41:39 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.09.12 13:41:31 | 000,008,164 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2009.07.25 06:09:56 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009.01.11 08:05:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.11 07:56:57 | 000,000,566 | ---- | C] () -- C:\Windows\System32\hidservice.ini [2009.01.11 07:53:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2009.01.11 07:53:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.01.11 07:53:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.01.11 07:53:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.01.11 07:13:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.01.11 07:13:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,301,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2010.10.02 19:12:17 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Audacity [2011.05.31 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Desktopicon [2009.10.11 10:08:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EA [2011.05.29 22:47:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ICQ [2011.01.06 13:10:16 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\kikin [2010.06.02 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2009.12.05 12:17:17 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OCS [2009.12.05 12:17:20 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Opera [2009.09.12 17:51:41 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Packard Bell [2010.01.23 22:13:04 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\thriXXX [2010.12.04 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TS3Client [2011.05.31 22:24:03 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.11.03 21:08:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Adobe [2010.08.23 21:35:06 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Apple Computer [2010.10.02 19:12:17 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Audacity [2011.05.31 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Desktopicon [2011.01.19 23:08:01 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\dvdcss [2009.10.11 10:08:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EA [2009.09.12 14:32:56 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Google [2011.05.29 22:47:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ICQ [2009.09.12 13:47:01 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Identities [2011.01.06 13:10:16 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\kikin [2009.09.12 14:31:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Macromedia [2011.05.31 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Media Center Programs [2010.06.02 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.03.27 14:26:22 | 000,000,000 | --SD | M] -- C:\Users\Timo\AppData\Roaming\Microsoft [2009.09.12 14:46:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Mozilla [2009.10.03 11:42:03 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Nero [2009.12.05 12:17:17 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OCS [2009.12.05 12:17:20 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Opera [2009.09.12 17:51:41 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Packard Bell [2010.04.28 19:13:29 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\teamspeak2 [2010.01.23 22:13:04 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\thriXXX [2010.12.04 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TS3Client [2009.11.10 21:11:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TVU Networks [2011.04.14 16:35:54 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\vlc [2009.10.17 21:55:48 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.12.05 12:18:50 | 000,031,836 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Desktopicon\uninst.exe [2009.09.29 20:29:09 | 000,006,144 | ---- | M] (Electronic Arts Canada) -- C:\Users\Timo\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe [2009.09.29 20:29:08 | 000,005,120 | ---- | M] (Electronic Arts Canada) -- C:\Users\Timo\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe [2009.10.11 10:08:22 | 000,030,208 | ---- | M] (Electronic Arts Canada) -- C:\Users\Timo\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe [2009.09.30 19:15:50 | 000,013,312 | ---- | M] (Electronic Arts Canada) -- C:\Users\Timo\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe [2009.09.29 20:29:04 | 000,009,216 | ---- | M] (Electronic Arts Canada) -- C:\Users\Timo\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe [2010.10.24 14:40:23 | 000,752,688 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\kikin\kikin_updater_2.4.15.exe [2011.01.06 13:10:19 | 001,166,568 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\kikin\kikin_updater_2.9.1.exe [2009.12.05 12:17:17 | 000,106,496 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2009.12.05 12:17:17 | 000,040,960 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010.02.24 20:33:27 | 002,777,414 | ---- | M] (TVU networks) -- C:\Users\Timo\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.2.1.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73\IDE\WinVista\sata_ide\nvstor32.sys [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys [2007.10.31 05:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73\IDE\WinVista\sataraid\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Timo\Documents\clip0006.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Timo\Documents\clip0005.avi:TOC.WMV < End of report > |
|
01.06.2011, 08:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista Recovery - Virus (Trojaner) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ --> Windows Vista Recovery - Virus (Trojaner) |
|
02.06.2011, 20:14
| #7 |
| | Windows Vista Recovery - Virus (Trojaner) nein tur mir leid, gibt keine weiteren logs. kann mir jetzt auch alles anzeigen lassen bzw. wird auch gespeichert. jedoch hab ich das gefühl, dass der virus nur geblockt wurde. kann ich ihn komplett entfernen? |
|
03.06.2011, 10:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista Recovery - Virus (Trojaner) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d5101a7a-17f6-11df-b6aa-002511354c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{d5101a7a-17f6-11df-b6aa-002511354c9a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
[2011.05.29 22:46:07 | 000,000,152 | ---- | M] () -- C:\ProgramData\~32300792r
[2011.05.29 22:46:07 | 000,000,128 | ---- | M] () -- C:\ProgramData\~32300792
@Alternate Data Stream - 64 bytes -> C:\Users\Timo\Documents\clip0006.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Timo\Documents\clip0005.avi:TOC.WMV
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows Vista Recovery - Virus (Trojaner) |
| anderen, antivir, desktop, entdeck, fehlermeldung, fenster, folge, foren, großes, neu, ordner, physikalischer speicher, probleme, recovery, schließen, schnell, schwarzer desktop, seite, tdss, trojaner, usern, verschwunden, virus, vista, vista recovery, windows, windows vista, zurücksetzen |
Textbox.
.
Linear-Darstellung
