Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Protection Center - Anti-Malware hat nicht geholfen (https://www.trojaner-board.de/103050-protection-center-anti-malware-hat-geholfen.html)

cosinus 06.09.2011 15:20
Du musst den Windows-Ordner auswählen - den des auf Platte installierten Windows.
Oder wird die Partition nicht angezeigt? Wenn nur Laufwerk B: (RAMdrive) und das CDROM angezeigt werden, haben wir ein Problem... :crazy:

TheCaptain 06.09.2011 16:05
Okay ich denke ich habe den richtigen Ordner gefunden. Eine Extra.txt wurde jedoch nicht erstellt. Hier die OTL.txtOTL Logfile:
Code:
OTL logfile created on: 9/6/2011 8:43:18 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.21 Mb Free Space | 75.21% Space Free | Partition Type: NTFS
Drive E: | 424.66 Gb Total Space | 386.99 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
Drive F: | 40.00 Gb Total Space | 21.60 Gb Free Space | 54.00% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (BsScanner)
SRV - File not found [On_Demand] --  -- (BgRaSvc)
SRV - [2011/05/26 08:34:34 | 000,191,752 | -H-- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/10 14:57:04 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/09/02 07:57:36 | 000,058,248 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2010/09/02 07:50:26 | 000,175,496 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2010/09/02 07:50:15 | 000,270,728 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2010/09/02 07:47:02 | 000,169,864 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2010/09/02 07:43:10 | 000,355,720 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2010/04/23 19:10:54 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/23 19:10:44 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/03 23:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/12/10 02:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/10 02:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/22 20:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) [On_Demand] -- E:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:45:11 | 000,296,400 | -H-- | M] () [Auto] -- E:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2007/07/24 05:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto] -- E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (.tdx)
DRV - [2011/07/06 13:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/02 07:48:54 | 000,056,400 | -H-- | M] (BullGuard Ltd.) [File_System | System] -- E:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/08/06 11:52:54 | 000,016,896 | -H-- | M] (Siliten) [Kernel | On_Demand] -- E:\Windows\System32\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c) Siliten HID Devices(FlexDef2c)
DRV - [2010/05/24 09:46:34 | 000,193,056 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/04/23 19:10:54 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/23 19:10:52 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/23 19:10:50 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/23 19:10:44 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/03/04 11:53:08 | 000,067,624 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/02 07:24:58 | 001,006,624 | -H-- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/26 23:01:22 | 000,132,480 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010/02/03 13:06:34 | 000,232,960 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/09/17 22:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:12:11 | 000,074,240 | -H-- | M] () [Kernel | System] -- E:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/07/24 05:03:56 | 000,101,760 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Medion | MSN [binary data]
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Medion | MSN [binary data]
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = rudi
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 11:00:25 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/24 11:53:40 | 000,000,000 | -H-D | M]
 
[2011/06/06 07:55:07 | 000,000,000 | -H-D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/06/06 07:55:07 | 000,000,000 | -H-D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/31 11:00:25 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/06 07:54:54 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 11:00:23 | 000,001,392 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/31 11:00:23 | 000,002,252 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/31 11:00:23 | 000,001,153 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/31 11:00:23 | 000,006,805 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/31 11:00:23 | 000,001,178 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/31 11:00:23 | 000,001,105 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} -  File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\rudi_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard]  File not found
O4 - HKLM..\Run: [CLMLServer] E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] E:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [Launch SilverCrest GML807] E:\Program Files\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe (Siliten)
O4 - HKLM..\Run: [LMgrOSD]  File not found
O4 - HKLM..\Run: [LMgrVolOSD] E:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVBg] E:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] E:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\.DEFAULT..\Run: [MGkvxUlhYCnUvhK] E:\ProgramData\MGkvxUlhYCnUvhK.exe (RealVNC Ltd.)
O4 - HKU\rudi_ON_E..\Run: [2F7ZUJ7GVIWWVUYDTUFFFZSMGIW] E:\SystemData\217FA966EB8.exe (Len Larva Saw)
O4 - HKU\rudi_ON_E..\Run: [CTSyncU.exe] E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\rudi_ON_E..\RunOnce: [FlashPlayerUpdate] E:\Windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.253
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/05 07:25:17 | 000,000,000 | -H-D | C] -- E:\System Recovery
[2011/09/05 07:24:48 | 000,325,632 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:31 | 000,407,040 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/04 10:43:05 | 000,000,000 | -H-D | C] -- E:\Program Files\ESET
[2011/09/04 10:42:15 | 002,322,184 | -H-- | C] (ESET) -- E:\Users\rudi\Desktop\esetsmartinstaller_enu.exe
[2011/08/31 14:32:34 | 000,000,000 | -H-D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/31 14:32:34 | 000,000,000 | -H-D | C] -- E:\Program Files\7-Zip
[2011/08/31 10:46:31 | 000,580,608 | -H-- | C] (OldTimer Tools) -- E:\Users\rudi\Desktop\OTL.exe
[2011/08/31 07:28:59 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Malwarebytes
[2011/08/31 07:28:52 | 000,041,272 | -H-- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/31 07:28:52 | 000,000,000 | -H-D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 07:28:52 | 000,000,000 | -H-D | C] -- E:\ProgramData\Malwarebytes
[2011/08/31 07:28:49 | 000,022,712 | -H-- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbam.sys
[2011/08/31 07:28:49 | 000,000,000 | -H-D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2011/08/31 07:27:58 | 009,466,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- E:\Users\rudi\Desktop\herbert.exe
[2011/08/31 07:08:15 | 000,000,000 | -H-D | C] -- E:\Windows\Minidump
[2011/08/31 06:25:21 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Opuxoz
[2011/08/31 06:23:09 | 000,000,000 | -H-D | C] -- E:\Windows\Sun
[2011/08/24 08:03:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tzres.dll
[2011/08/22 15:54:27 | 003,957,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2011/08/22 15:54:25 | 003,902,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2011/08/22 15:53:10 | 000,599,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2011/08/22 15:53:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iedkcs32.dll
[2011/08/22 15:53:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedsbs.dll
[2011/08/22 15:53:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mstime.dll
[2011/08/22 15:53:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2011/08/22 15:53:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2011/08/22 15:53:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2011/08/22 15:53:04 | 000,048,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2011/08/22 15:53:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2011/08/22 15:53:02 | 000,386,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2011/08/22 15:53:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2011/08/22 15:52:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2011/08/22 15:52:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2011/08/22 15:52:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2011/08/22 15:52:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/22 15:52:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/22 15:52:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/22 15:52:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/22 15:52:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/22 15:52:40 | 000,319,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbcjt32.dll
[2011/08/22 15:52:40 | 000,122,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccp32.dll
[2011/08/22 15:52:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccr32.dll
[2011/08/22 15:52:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbctrac.dll
[2011/08/22 15:52:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccu32.dll
[2010/06/28 09:06:07 | 000,004,096 | -H-- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/05 07:46:35 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2011/09/05 07:25:18 | 000,000,192 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | M] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | M] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/05 07:24:48 | 000,325,632 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verbindungsassistent
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials 4
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/09/05 07:15:15 | 000,407,040 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/05 06:23:19 | 2307,862,528 | -HS- | M] () -- E:\hiberfil.sys
[2011/09/04 10:42:42 | 002,322,184 | -H-- | M] (ESET) -- E:\Users\rudi\Desktop\esetsmartinstaller_enu.exe
[2011/09/02 13:13:38 | 004,194,304 | -H-- | M] () -- E:\Windows\System32\xadqgnnk.dll
[2011/08/31 14:32:21 | 001,110,476 | -H-- | M] () -- E:\Users\rudi\Desktop\7z920.exe
[2011/08/31 12:22:08 | 000,002,002 | -H-- | M] () -- E:\Users\rudi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/31 11:56:01 | 210,290,938 | -H-- | M] () -- E:\Windows\MEMORY.DMP
[2011/08/31 11:26:10 | 000,302,592 | -H-- | M] () -- E:\Users\rudi\Desktop\2vnj04l6.exe
[2011/08/31 11:11:10 | 000,050,477 | -H-- | M] () -- E:\Users\rudi\Desktop\Defogger.exe
[2011/08/31 10:46:32 | 000,580,608 | -H-- | M] (OldTimer Tools) -- E:\Users\rudi\Desktop\OTL.exe
[2011/08/31 10:26:35 | 000,001,090 | -H-- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/31 10:22:15 | 000,003,224 | -H-- | M] () -- E:\bootsqm.dat
[2011/08/31 08:27:02 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 08:27:02 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 07:28:15 | 009,466,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- E:\Users\rudi\Desktop\herbert.exe
[2011/08/31 06:50:10 | 000,001,094 | -H-- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/31 04:43:37 | 000,654,610 | -H-- | M] () -- E:\Windows\System32\perfh007.dat
[2011/08/31 04:43:37 | 000,616,452 | -H-- | M] () -- E:\Windows\System32\perfh009.dat
[2011/08/31 04:43:37 | 000,130,192 | -H-- | M] () -- E:\Windows\System32\perfc007.dat
[2011/08/31 04:43:37 | 000,106,574 | -H-- | M] () -- E:\Windows\System32\perfc009.dat
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/09/05 07:25:18 | 000,000,192 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | C] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | C] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/02 13:13:38 | 004,194,304 | -H-- | C] () -- E:\Windows\System32\xadqgnnk.dll
[2011/08/31 14:32:15 | 001,110,476 | -H-- | C] () -- E:\Users\rudi\Desktop\7z920.exe
[2011/08/31 11:26:07 | 000,302,592 | -H-- | C] () -- E:\Users\rudi\Desktop\2vnj04l6.exe
[2011/08/31 11:11:10 | 000,050,477 | -H-- | C] () -- E:\Users\rudi\Desktop\Defogger.exe
[2011/08/31 10:22:15 | 000,003,224 | -H-- | C] () -- E:\bootsqm.dat
[2011/08/31 07:06:59 | 210,290,938 | -H-- | C] () -- E:\Windows\MEMORY.DMP
[2011/08/28 13:42:17 | 000,069,632 | -H-- | C] () -- E:\Users\rudi\AppData\Roaming\chrtmp
[2011/02/20 16:09:02 | 000,000,952 | -HS- | C] () -- E:\ProgramData\KGyGaAvL.sys
[2010/09/02 12:03:42 | 000,033,134 | -H-- | C] () -- E:\Users\rudi\AppData\Roaming\UserTile.png
[2010/06/28 19:38:29 | 000,451,072 | -H-- | C] () -- E:\Windows\System32\ISSRemoveSP.exe
[2010/06/28 19:28:10 | 000,000,032 | -H-- | C] () -- E:\Windows\System32\drivers\rtkhdaud.dat
[2010/06/28 11:46:27 | 000,072,017 | -H-- | C] () -- E:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/06/28 09:06:08 | 000,208,896 | -H-- | C] () -- E:\Windows\System32\iglhsip32.dll
[2010/06/28 09:06:08 | 000,143,360 | -H-- | C] () -- E:\Windows\System32\iglhcp32.dll
[2010/06/28 09:06:07 | 000,870,560 | -H-- | C] () -- E:\Windows\System32\igkrng575.bin
[2010/06/28 09:06:07 | 000,104,636 | -H-- | C] () -- E:\Windows\System32\igfcg575m.bin
[2010/06/28 09:06:06 | 000,127,868 | -H-- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2010/06/28 09:06:06 | 000,000,151 | -H-- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2010/05/18 02:50:33 | 000,654,610 | -H-- | C] () -- E:\Windows\System32\perfh007.dat
[2010/05/18 02:50:33 | 000,295,922 | -H-- | C] () -- E:\Windows\System32\perfi007.dat
[2010/05/18 02:50:33 | 000,130,192 | -H-- | C] () -- E:\Windows\System32\perfc007.dat
[2010/05/18 02:50:33 | 000,038,104 | -H-- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,287,744 | -H-- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,452 | -H-- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | -H-- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,574 | -H-- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | -H-- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | -H-- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | -H-- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:12:11 | 000,074,240 | -H-- | C] () -- E:\Windows\System32\drivers\tdx.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/09/04 10:53:47 | 000,000,000 | -H-D | M] -- E:\ProgramData\BullGuard
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/06/28 12:01:40 | 000,000,000 | -H-D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2010/10/14 15:25:58 | 000,000,000 | -H-D | M] -- E:\ProgramData\VirtualizedApplications
[2011/07/24 11:55:33 | 000,000,000 | -H-D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/22 03:14:34 | 000,032,632 | -H-- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

cosinus 07.09.2011 08:13
Mach einen OTL-Fix über OTLPE: starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
DRV - File not found [Kernel | On_Demand] --  -- (.tdx)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} -  File not found
O3 - HKU\rudi_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [MGkvxUlhYCnUvhK] E:\ProgramData\MGkvxUlhYCnUvhK.exe (RealVNC Ltd.)
O4 - HKU\rudi_ON_E..\Run: [2F7ZUJ7GVIWWVUYDTUFFFZSMGIW] E:\SystemData\217FA966EB8.exe (Len Larva Saw)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - E:\autoexec.bat -- [ NTFS ]
[2011/09/05 07:25:17 | 000,000,000 | -H-D | C] -- E:\System Recovery
[2011/09/05 07:24:48 | 000,325,632 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:31 | 000,407,040 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/08/31 06:25:21 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Opuxoz
[2011/09/05 07:25:18 | 000,000,192 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | M] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | M] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/05 07:24:48 | 000,325,632 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:15 | 000,407,040 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/02 13:13:38 | 004,194,304 | -H-- | M] () -- E:\Windows\System32\xadqgnnk.dll
[2011/09/05 07:25:18 | 000,000,192 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | C] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | C] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/02 13:13:38 | 004,194,304 | -H-- | C] () -- E:\Windows\System32\xadqgnnk.dll
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

TheCaptain 07.09.2011 12:08
Habe nach dem Fix den PC neu gestartet und wieder auf AHCI umgestellt. Windows startet leider immer noch nicht.

Hier der Logfile nach dem Fix:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.tdx deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC872B94-35E3-4B94-B028-184A2A1C7CCE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC872B94-35E3-4B94-B028-184A2A1C7CCE}\ deleted successfully.
Registry value HKEY_USERS\rudi_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MGkvxUlhYCnUvhK deleted successfully.
E:\ProgramData\MGkvxUlhYCnUvhK.exe moved successfully.
Registry value HKEY_USERS\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Run\\2F7ZUJ7GVIWWVUYDTUFFFZSMGIW deleted successfully.
E:\SystemData\217FA966EB8.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
E:\autoexec.bat moved successfully.
E:\System Recovery folder moved successfully.
E:\ProgramData\P1kAlMiG2Kb7Fz.exe moved successfully.
File E:\ProgramData\MGkvxUlhYCnUvhK.exe not found.
E:\Users\rudi\AppData\Roaming\Opuxoz folder moved successfully.
E:\ProgramData\~P1kAlMiG2Kb7Fz moved successfully.
E:\ProgramData\~P1kAlMiG2Kb7Fzr moved successfully.
E:\System Recovery.lnk moved successfully.
E:\ProgramData\P1kAlMiG2Kb7Fz moved successfully.
File E:\ProgramData\P1kAlMiG2Kb7Fz.exe not found.
File E:\ProgramData\MGkvxUlhYCnUvhK.exe not found.
E:\Windows\System32\xadqgnnk.dll moved successfully.
File E:\ProgramData\~P1kAlMiG2Kb7Fz not found.
File E:\ProgramData\~P1kAlMiG2Kb7Fzr not found.
File E:\System Recovery.lnk not found.
File E:\ProgramData\P1kAlMiG2Kb7Fz not found.
File E:\Windows\System32\xadqgnnk.dll not found.
========== COMMANDS ==========
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 09072011_175343

cosinus 07.09.2011 13:42
Dann mach bitte ein neues OTLPE-Log.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:01 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131