Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Protection Center - Anti-Malware hat nicht geholfen (https://www.trojaner-board.de/103050-protection-center-anti-malware-hat-geholfen.html)

TheCaptain 31.08.2011 21:17
Protection Center - Anti-Malware hat nicht geholfen
 
Hallo Leute! *Mein Opa hat mir heute seinen Laptop vorbeigebracht mit den Worten "Der stürzt nach dem Start sofort ab". Habe dann recht schnell rausgefunden, dass sich das bekannte "Protection Center" ausgebreitet hat. Hab den Laptop im abgesicherten Modus hochgefahren und bin der Anleitung des Forums gefolgt. Leider hat der Scan und die Bereinigung durch Malwarebytes noch nicht den gewünschten Erfolg gebracht, außer im abgesicherten Modus fährt sich der Laptop kurz nach dem Start sofort wieder runter. *Ich poste euch hier die nötigen Logfiles. Falls etwas fehlt oder ich was falsch gemacht habe, berichtigt mich bitte. Ich hoffe ihr könnt mir helfen. Schonmal danke im Vorraus! Da ich diesen Thread von unterwegs vom iPad aus poste kann ich die gezipten Logfiles erst später anfügen

Hier die OLTOTL Logfile:
Code:
OTL logfile created on: 8/31/2011 5:03:03 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 ****Folder = C:\Users\rudi\Desktop
Home Premium Edition *(Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.87 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 55.53% Memory free
5.73 Gb Paging File | 4.51 Gb Available in Paging File | 78.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424.66 Gb Total Space | 387.97 Gb Free Space | 91.36% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS

Computer Name: RUDI-PC | User Name: rudi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 17:00:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 16:46:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\rudi\Desktop\OTL.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/02 13:43:10 | 000,355,720 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/31 17:00:24 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- *-- (BgRaSvc)
SRV - [2011/05/26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/09/02 13:57:36 | 000,058,248 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2010/09/02 13:51:01 | 000,301,960 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2010/09/02 13:50:26 | 000,175,496 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2010/09/02 13:50:15 | 000,270,728 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2010/09/02 13:47:02 | 000,169,864 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2010/09/02 13:43:10 | 000,355,720 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - [2010/09/02 13:48:54 | 000,056,400 | ---- | M] (BullGuard Ltd.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/08/06 17:52:54 | 000,016,896 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c) Siliten HID Devices(FlexDef2c)
DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation **************************) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/07/24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = rudi

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: *File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 17:00:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/24 17:53:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter

[2010/09/02 19:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudi\AppData\Roaming\mozilla\Extensions
[2011/07/04 17:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudi\AppData\Roaming\mozilla\Firefox\Profiles\vh0dubx9.default\extensions
[2011/05/18 19:54:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\rudi\AppData\Roaming\mozilla\Firefox\Profiles\vh0dubx9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/06 13:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/06/06 13:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RUDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VH0DUBX9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RUDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VH0DUBX9.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2011/08/31 17:00:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/06 13:54:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 17:00:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/31 17:00:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/31 17:00:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/31 17:00:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/31 17:00:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/31 17:00:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - *File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard] *File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [Launch SilverCrest GML807] C:\Program Files\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe (Siliten)
O4 - HKLM..\Run: [LMgrOSD] *File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\rudi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - *File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - *File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - *File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.253
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - *File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21a0d22b-b665-11df-988c-74f06d0acedc}\Shell - "" = AutoRun
O33 - MountPoints2\{21a0d22b-b665-11df-988c-74f06d0acedc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3db7fcb8-d561-11df-b131-00262dc0bc57}\Shell - "" = AutoRun
O33 - MountPoints2\{3db7fcb8-d561-11df-b131-00262dc0bc57}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7b5b66ff-b676-11df-93b5-74f06d0acedc}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5b66ff-b676-11df-93b5-74f06d0acedc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - *File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - *File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - *File not found
NetSvcs: Ntmssvc - *File not found
NetSvcs: NWCWorkstation - *File not found
NetSvcs: Nwsapagent - *File not found
NetSvcs: SRService - *File not found
NetSvcs: WmdmPmSp - *File not found
NetSvcs: LogonHours - *File not found
NetSvcs: PCAudit - *File not found
NetSvcs: helpsvc - *File not found
NetSvcs: uploadmgr - *File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/31 16:46:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\rudi\Desktop\OTL.exe
[2011/08/31 13:28:59 | 000,000,000 | ---D | C] -- C:\Users\rudi\AppData\Roaming\Malwarebytes
[2011/08/31 13:28:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/31 13:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 13:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/31 13:28:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/31 13:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/31 13:27:58 | 009,466,208 | ---- | C] (Malwarebytes Corporation ***********************************) -- C:\Users\rudi\Desktop\herbert.exe
[2011/08/31 13:08:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/31 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\rudi\AppData\Roaming\Opuxoz
[2011/08/31 12:23:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/28 13:07:01 | 000,000,000 | RHSD | C] -- C:\Users\rudi\M-1-74-6482-7942-8945
[2010/06/28 15:06:07 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/31 16:46:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\rudi\Desktop\OTL.exe
[2011/08/31 16:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/31 16:32:03 | 384,828,946 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/31 16:31:55 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/31 16:26:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/31 16:22:15 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2011/08/31 14:27:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 14:27:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 13:28:53 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 13:28:15 | 009,466,208 | ---- | M] (Malwarebytes Corporation ***********************************) -- C:\Users\rudi\Desktop\herbert.exe
[2011/08/31 12:50:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/31 10:43:37 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/31 10:43:37 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/31 10:43:37 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/31 10:43:37 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/31 10:42:18 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/31 16:22:15 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2011/08/31 13:28:53 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 13:06:59 | 384,828,946 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/28 19:42:17 | 000,069,632 | ---- | C] () -- C:\Users\rudi\AppData\Roaming\chrtmp
[2011/02/20 22:09:02 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/02 18:03:42 | 000,033,134 | ---- | C] () -- C:\Users\rudi\AppData\Roaming\UserTile.png
[2010/06/29 01:38:29 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/06/29 01:28:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/06/28 17:46:27 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/06/28 15:06:08 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/06/28 15:06:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/06/28 15:06:07 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/06/28 15:06:07 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/06/28 15:06:06 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/06/28 15:06:06 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/05/18 08:50:33 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/18 08:50:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/18 08:50:33 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/18 08:50:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,287,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/08/23 00:52:44 | 000,000,000 | -HSD | M] -- C:\Users\rudi\AppData\Roaming\.#
[2010/09/02 10:32:52 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\Ashampoo
[2010/09/02 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\BullGuard
[2011/07/31 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\DVDVideoSoft
[2011/05/18 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/31 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\Opuxoz
[2011/08/26 01:10:38 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\SoftGrid Client
[2010/09/08 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\TP
[2010/11/03 19:59:38 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\Verbindungsassistent
[2011/06/22 09:14:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010/11/07 19:47:03 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/02/12 19:19:46 | 000,000,000 | ---D | M] -- C:\685c0b2420b0b2a9a9
[2010/09/02 09:57:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/06/29 01:30:50 | 000,000,000 | ---D | M] -- C:\Intel
[2010/09/12 20:10:43 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010/11/01 22:36:14 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2011/08/31 13:28:49 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/08/31 13:28:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/09/02 09:57:00 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/08/31 22:41:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/09/02 10:10:59 | 000,000,000 | R--D | M] -- C:\Users
[2011/08/31 16:32:03 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE *>
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/05/18 10:45:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/05/18 10:32:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/05/18 10:32:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/05/18 10:45:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: REGEDIT.EXE *>
[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: USERINIT.EXE *>
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE *>
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE *>
[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-30 18:58:00

< End of report >
--- --- ---

cosinus 01.09.2011 23:30
Zitat:
*Ich poste euch hier die nötigen Logfiles.
Ja ich bitte darum :)

TheCaptain 02.09.2011 10:49
Ich hoffe diesmal hats geklappt: Die gezipten Logfiles im Anhang.

cosinus 02.09.2011 13:33
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

TheCaptain 02.09.2011 18:24
Das hier war der erste Scan, den ich gemacht habe mit 70(!) Funden:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7619

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

31.08.2011 14:09:34
mbam-log-2011-08-31 (14-09-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308303
Laufzeit: 37 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 70

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Backdoor.IRCBot.WR) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\rudi\m-1-74-6482-7942-8945\winsvc.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\30IMFAPZ\stat[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\NVJOWRDW\stat[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SU53Z30T\main[1].exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UQ19CIXP\ok[1].exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UQ19CIXP\stat[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UQ19CIXP\stl[1].exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\0.64376548605302.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\0383226.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\1312241.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\2151306.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\2359887.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\2B63.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3536795.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3624888.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3654494.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3706653.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3767284.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3957313.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\4867371.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\5497757.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\5845815.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6054988.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6295122.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6594228.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6607219.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6731590.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7100441.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7152722.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\71AE.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7676683.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\78875.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7943560.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7973583.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\87A4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\8942847.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\9082668.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\9794.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\B019.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\C41E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup1508226640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup1536145816.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup155329568.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup1692662584.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup194569472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2116970368.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2279928872.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2401885624.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2518587208.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2654075072.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2849794480.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3191075488.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3271199012.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3714177072.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3934541472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3986242384.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup4049136420.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup674794996.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup789581524.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35\620a36a3-79abad71 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\rudi\downloads\pic04402011.jpg.scr (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Windows\softwaredistribution\Download\2c2ccedb4df3da26ac099387547f04d8\BIT66A1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\70A3.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6042078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\control center.lnk (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4880132474961957.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.9894269051104149.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Roaming\Adobe\plugs\mmc22167726.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Roaming\Adobe\plugs\mmc84.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Und den Scan habe ich heute gemacht:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7636

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

02.09.2011 19:11:01
mbam-log-2011-09-02 (19-11-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 286760
Laufzeit: 27 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Temp\0.8402708139587759.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

cosinus 04.09.2011 12:56
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


TheCaptain 04.09.2011 17:51
Hier der ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8fa541586eac0a47be18a24e4cdd34b0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-04 04:02:22
# local_time=2011-09-04 06:02:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=4609 16776574 60 20 268 48039311 0 0
# compatibility_mode=5893 16776573 100 94 417622 66779486 0 0
# compatibility_mode=8192 67108863 100 0 910 910 0 0
# scanned=129833
# found=5
# cleaned=0
# scan_time=3847
C:\Users\rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30IMFAPZ\ok[1].exe a variant of Win32/Injector.IYC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\rudi\Downloads\MediaPlayer_Setup.exe a variant of Win32/SweetIM.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\4b513494-17799318 Java/Agent.DJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\drivers\tdx.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 04.09.2011 18:05
Kannst du die Funde mit ESET entfernen?

TheCaptain 04.09.2011 19:18
Mit dem Scanner den ich da runtergeladen habe kann ich aber nichts entfernen oder? Muss ich mir dann diese Testversion holen?

cosinus 05.09.2011 09:03
Zitat:
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
Anleitung nicht gelesen? Im ersten Lauf von ESET sollst du keinen Fund entfernen lassen, wenn sich herausstellt, dass alles weg kann, dann kann man auch die Funde entfernen lassen.

TheCaptain 05.09.2011 12:59
Doch doch, ich bin der Anleitung genau so gefolgt. Habe dann jetzt ESET nochmal gestartet und den Hacken bei remove threats gesetzt. Als der Scan beendet war, waren plötzlich alle Desktopsymbole, bis auf den Papierkorb und 'Computer' verschwunden. Der Laptop hat sich dann selbstständig runtergefahren. Jetzt lässt er sich allerdings nicht mehr hochfahren. Das Bild bleibt Schwarz, nur oben Links blinkt ein kleiner Balken.

cosinus 05.09.2011 13:51
Da musst du mit OTLPE ran. Benötigt wird dafür ein zweiter (virenfreier!!) Windows-Rechner mit Brenner und einen CD-R oder CD-RW Rohling. Den infizierten Rechner von dieser selbstgebrannten OTLPE-CD dann booten.


Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

TheCaptain 05.09.2011 16:09
Habe den Laptop per CD gebootet, es erschien der Ladebalken "starting reatogo-x-pe". Als der Balken voll geladen war kam ein Bluescreen mit folgendem Text:

"a problem has eben detected and windows has been shut down to prevent damage to your computer". Dann die Aufforderung dass ich den Computer neu starten soll falls das Problem zum ersten mal auftaucht, und dass ich die Festplatten kontrollieren soll. Ich habe den Laptop neu gestartet, allerdings erschien der Bluescreen erneut.

Unten steht noch "Technical Information: STOP: 0x0000007B (0xF78DA528, 0xC0000034 ...)

cosinus 05.09.2011 21:31
Geh mal ins BIOS deines Computers und stell den Plattencontroller von AHCI auf IDE bzw. Compatible um. Genauere Anleitungen kann man nicht posten, da fast jedes BIOS anders aussieht. Schau notfalls ins Handbuch.

Um das installierte Windows wieder booten zu können musst du natürlich auf AHCI wieder umstellen.

TheCaptain 06.09.2011 10:56
Ich habe auf IDE umgestellt, der Laptop ist auch hochgefahren. Wenn ich allerdings OTLPE öffne, erscheint ein Fenster mit "Browse for Folder". Egal welchen Ordner ich wähle es erscheint die Fehlermeldung "no Windows Installation Found"

cosinus 06.09.2011 15:20
Du musst den Windows-Ordner auswählen - den des auf Platte installierten Windows.
Oder wird die Partition nicht angezeigt? Wenn nur Laufwerk B: (RAMdrive) und das CDROM angezeigt werden, haben wir ein Problem... :crazy:

TheCaptain 06.09.2011 16:05
Okay ich denke ich habe den richtigen Ordner gefunden. Eine Extra.txt wurde jedoch nicht erstellt. Hier die OTL.txtOTL Logfile:
Code:
OTL logfile created on: 9/6/2011 8:43:18 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.21 Mb Free Space | 75.21% Space Free | Partition Type: NTFS
Drive E: | 424.66 Gb Total Space | 386.99 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
Drive F: | 40.00 Gb Total Space | 21.60 Gb Free Space | 54.00% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (BsScanner)
SRV - File not found [On_Demand] --  -- (BgRaSvc)
SRV - [2011/05/26 08:34:34 | 000,191,752 | -H-- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/10 14:57:04 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/09/02 07:57:36 | 000,058,248 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2010/09/02 07:50:26 | 000,175,496 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2010/09/02 07:50:15 | 000,270,728 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2010/09/02 07:47:02 | 000,169,864 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2010/09/02 07:43:10 | 000,355,720 | -H-- | M] (BullGuard Ltd.) [Auto] -- E:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2010/04/23 19:10:54 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/23 19:10:44 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/03 23:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/12/10 02:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/10 02:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/22 20:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) [On_Demand] -- E:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:45:11 | 000,296,400 | -H-- | M] () [Auto] -- E:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2007/07/24 05:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto] -- E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (.tdx)
DRV - [2011/07/06 13:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/02 07:48:54 | 000,056,400 | -H-- | M] (BullGuard Ltd.) [File_System | System] -- E:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/08/06 11:52:54 | 000,016,896 | -H-- | M] (Siliten) [Kernel | On_Demand] -- E:\Windows\System32\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c) Siliten HID Devices(FlexDef2c)
DRV - [2010/05/24 09:46:34 | 000,193,056 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/04/23 19:10:54 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/23 19:10:52 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/23 19:10:50 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/23 19:10:44 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/03/04 11:53:08 | 000,067,624 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/02 07:24:58 | 001,006,624 | -H-- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/26 23:01:22 | 000,132,480 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010/02/03 13:06:34 | 000,232,960 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/09/17 22:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:12:11 | 000,074,240 | -H-- | M] () [Kernel | System] -- E:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/07/24 05:03:56 | 000,101,760 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Medion | MSN [binary data]
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Medion | MSN [binary data]
IE - HKU\rudi_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = rudi
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 11:00:25 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/24 11:53:40 | 000,000,000 | -H-D | M]
 
[2011/06/06 07:55:07 | 000,000,000 | -H-D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/06/06 07:55:07 | 000,000,000 | -H-D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/31 11:00:25 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/06 07:54:54 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 11:00:23 | 000,001,392 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/31 11:00:23 | 000,002,252 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/31 11:00:23 | 000,001,153 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/31 11:00:23 | 000,006,805 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/31 11:00:23 | 000,001,178 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/31 11:00:23 | 000,001,105 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} -  File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\rudi_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard]  File not found
O4 - HKLM..\Run: [CLMLServer] E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] E:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [Launch SilverCrest GML807] E:\Program Files\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe (Siliten)
O4 - HKLM..\Run: [LMgrOSD]  File not found
O4 - HKLM..\Run: [LMgrVolOSD] E:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVBg] E:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] E:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\.DEFAULT..\Run: [MGkvxUlhYCnUvhK] E:\ProgramData\MGkvxUlhYCnUvhK.exe (RealVNC Ltd.)
O4 - HKU\rudi_ON_E..\Run: [2F7ZUJ7GVIWWVUYDTUFFFZSMGIW] E:\SystemData\217FA966EB8.exe (Len Larva Saw)
O4 - HKU\rudi_ON_E..\Run: [CTSyncU.exe] E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\rudi_ON_E..\RunOnce: [FlashPlayerUpdate] E:\Windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - E:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.253
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/05 07:25:17 | 000,000,000 | -H-D | C] -- E:\System Recovery
[2011/09/05 07:24:48 | 000,325,632 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:31 | 000,407,040 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/04 10:43:05 | 000,000,000 | -H-D | C] -- E:\Program Files\ESET
[2011/09/04 10:42:15 | 002,322,184 | -H-- | C] (ESET) -- E:\Users\rudi\Desktop\esetsmartinstaller_enu.exe
[2011/08/31 14:32:34 | 000,000,000 | -H-D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/31 14:32:34 | 000,000,000 | -H-D | C] -- E:\Program Files\7-Zip
[2011/08/31 10:46:31 | 000,580,608 | -H-- | C] (OldTimer Tools) -- E:\Users\rudi\Desktop\OTL.exe
[2011/08/31 07:28:59 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Malwarebytes
[2011/08/31 07:28:52 | 000,041,272 | -H-- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/31 07:28:52 | 000,000,000 | -H-D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 07:28:52 | 000,000,000 | -H-D | C] -- E:\ProgramData\Malwarebytes
[2011/08/31 07:28:49 | 000,022,712 | -H-- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbam.sys
[2011/08/31 07:28:49 | 000,000,000 | -H-D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2011/08/31 07:27:58 | 009,466,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- E:\Users\rudi\Desktop\herbert.exe
[2011/08/31 07:08:15 | 000,000,000 | -H-D | C] -- E:\Windows\Minidump
[2011/08/31 06:25:21 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Opuxoz
[2011/08/31 06:23:09 | 000,000,000 | -H-D | C] -- E:\Windows\Sun
[2011/08/24 08:03:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tzres.dll
[2011/08/22 15:54:27 | 003,957,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2011/08/22 15:54:25 | 003,902,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2011/08/22 15:53:10 | 000,599,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2011/08/22 15:53:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iedkcs32.dll
[2011/08/22 15:53:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedsbs.dll
[2011/08/22 15:53:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mstime.dll
[2011/08/22 15:53:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2011/08/22 15:53:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2011/08/22 15:53:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2011/08/22 15:53:04 | 000,048,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2011/08/22 15:53:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[2011/08/22 15:53:02 | 000,386,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2011/08/22 15:53:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2011/08/22 15:52:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2011/08/22 15:52:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2011/08/22 15:52:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2011/08/22 15:52:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/22 15:52:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/22 15:52:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/22 15:52:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/22 15:52:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/22 15:52:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/22 15:52:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/22 15:52:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/22 15:52:40 | 000,319,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbcjt32.dll
[2011/08/22 15:52:40 | 000,122,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccp32.dll
[2011/08/22 15:52:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccr32.dll
[2011/08/22 15:52:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbctrac.dll
[2011/08/22 15:52:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\odbccu32.dll
[2010/06/28 09:06:07 | 000,004,096 | -H-- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/05 07:46:35 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2011/09/05 07:25:18 | 000,000,192 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | M] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | M] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/05 07:24:48 | 000,325,632 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/05 07:18:48 | 000,000,000 | RH-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verbindungsassistent
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials 4
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2011/09/05 07:18:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/09/05 07:15:15 | 000,407,040 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/05 06:23:19 | 2307,862,528 | -HS- | M] () -- E:\hiberfil.sys
[2011/09/04 10:42:42 | 002,322,184 | -H-- | M] (ESET) -- E:\Users\rudi\Desktop\esetsmartinstaller_enu.exe
[2011/09/02 13:13:38 | 004,194,304 | -H-- | M] () -- E:\Windows\System32\xadqgnnk.dll
[2011/08/31 14:32:21 | 001,110,476 | -H-- | M] () -- E:\Users\rudi\Desktop\7z920.exe
[2011/08/31 12:22:08 | 000,002,002 | -H-- | M] () -- E:\Users\rudi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/31 11:56:01 | 210,290,938 | -H-- | M] () -- E:\Windows\MEMORY.DMP
[2011/08/31 11:26:10 | 000,302,592 | -H-- | M] () -- E:\Users\rudi\Desktop\2vnj04l6.exe
[2011/08/31 11:11:10 | 000,050,477 | -H-- | M] () -- E:\Users\rudi\Desktop\Defogger.exe
[2011/08/31 10:46:32 | 000,580,608 | -H-- | M] (OldTimer Tools) -- E:\Users\rudi\Desktop\OTL.exe
[2011/08/31 10:26:35 | 000,001,090 | -H-- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/31 10:22:15 | 000,003,224 | -H-- | M] () -- E:\bootsqm.dat
[2011/08/31 08:27:02 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 08:27:02 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 07:28:15 | 009,466,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- E:\Users\rudi\Desktop\herbert.exe
[2011/08/31 06:50:10 | 000,001,094 | -H-- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/31 04:43:37 | 000,654,610 | -H-- | M] () -- E:\Windows\System32\perfh007.dat
[2011/08/31 04:43:37 | 000,616,452 | -H-- | M] () -- E:\Windows\System32\perfh009.dat
[2011/08/31 04:43:37 | 000,130,192 | -H-- | M] () -- E:\Windows\System32\perfc007.dat
[2011/08/31 04:43:37 | 000,106,574 | -H-- | M] () -- E:\Windows\System32\perfc009.dat
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/09/05 07:25:18 | 000,000,192 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | C] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | C] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/02 13:13:38 | 004,194,304 | -H-- | C] () -- E:\Windows\System32\xadqgnnk.dll
[2011/08/31 14:32:15 | 001,110,476 | -H-- | C] () -- E:\Users\rudi\Desktop\7z920.exe
[2011/08/31 11:26:07 | 000,302,592 | -H-- | C] () -- E:\Users\rudi\Desktop\2vnj04l6.exe
[2011/08/31 11:11:10 | 000,050,477 | -H-- | C] () -- E:\Users\rudi\Desktop\Defogger.exe
[2011/08/31 10:22:15 | 000,003,224 | -H-- | C] () -- E:\bootsqm.dat
[2011/08/31 07:06:59 | 210,290,938 | -H-- | C] () -- E:\Windows\MEMORY.DMP
[2011/08/28 13:42:17 | 000,069,632 | -H-- | C] () -- E:\Users\rudi\AppData\Roaming\chrtmp
[2011/02/20 16:09:02 | 000,000,952 | -HS- | C] () -- E:\ProgramData\KGyGaAvL.sys
[2010/09/02 12:03:42 | 000,033,134 | -H-- | C] () -- E:\Users\rudi\AppData\Roaming\UserTile.png
[2010/06/28 19:38:29 | 000,451,072 | -H-- | C] () -- E:\Windows\System32\ISSRemoveSP.exe
[2010/06/28 19:28:10 | 000,000,032 | -H-- | C] () -- E:\Windows\System32\drivers\rtkhdaud.dat
[2010/06/28 11:46:27 | 000,072,017 | -H-- | C] () -- E:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/06/28 09:06:08 | 000,208,896 | -H-- | C] () -- E:\Windows\System32\iglhsip32.dll
[2010/06/28 09:06:08 | 000,143,360 | -H-- | C] () -- E:\Windows\System32\iglhcp32.dll
[2010/06/28 09:06:07 | 000,870,560 | -H-- | C] () -- E:\Windows\System32\igkrng575.bin
[2010/06/28 09:06:07 | 000,104,636 | -H-- | C] () -- E:\Windows\System32\igfcg575m.bin
[2010/06/28 09:06:06 | 000,127,868 | -H-- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2010/06/28 09:06:06 | 000,000,151 | -H-- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2010/05/18 02:50:33 | 000,654,610 | -H-- | C] () -- E:\Windows\System32\perfh007.dat
[2010/05/18 02:50:33 | 000,295,922 | -H-- | C] () -- E:\Windows\System32\perfi007.dat
[2010/05/18 02:50:33 | 000,130,192 | -H-- | C] () -- E:\Windows\System32\perfc007.dat
[2010/05/18 02:50:33 | 000,038,104 | -H-- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,287,744 | -H-- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,452 | -H-- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | -H-- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,574 | -H-- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | -H-- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | -H-- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | -H-- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:12:11 | 000,074,240 | -H-- | C] () -- E:\Windows\System32\drivers\tdx.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/09/04 10:53:47 | 000,000,000 | -H-D | M] -- E:\ProgramData\BullGuard
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/06/28 12:01:40 | 000,000,000 | -H-D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2010/10/14 15:25:58 | 000,000,000 | -H-D | M] -- E:\ProgramData\VirtualizedApplications
[2011/07/24 11:55:33 | 000,000,000 | -H-D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/22 03:14:34 | 000,032,632 | -H-- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

cosinus 07.09.2011 08:13
Mach einen OTL-Fix über OTLPE: starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
DRV - File not found [Kernel | On_Demand] --  -- (.tdx)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} -  File not found
O3 - HKU\rudi_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [MGkvxUlhYCnUvhK] E:\ProgramData\MGkvxUlhYCnUvhK.exe (RealVNC Ltd.)
O4 - HKU\rudi_ON_E..\Run: [2F7ZUJ7GVIWWVUYDTUFFFZSMGIW] E:\SystemData\217FA966EB8.exe (Len Larva Saw)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - E:\autoexec.bat -- [ NTFS ]
[2011/09/05 07:25:17 | 000,000,000 | -H-D | C] -- E:\System Recovery
[2011/09/05 07:24:48 | 000,325,632 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:31 | 000,407,040 | -H-- | C] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/08/31 06:25:21 | 000,000,000 | -H-D | C] -- E:\Users\rudi\AppData\Roaming\Opuxoz
[2011/09/05 07:25:18 | 000,000,192 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | M] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | M] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | M] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/05 07:24:48 | 000,325,632 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011/09/05 07:15:15 | 000,407,040 | -H-- | M] (RealVNC Ltd.) -- E:\ProgramData\MGkvxUlhYCnUvhK.exe
[2011/09/02 13:13:38 | 004,194,304 | -H-- | M] () -- E:\Windows\System32\xadqgnnk.dll
[2011/09/05 07:25:18 | 000,000,192 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/05 07:25:18 | 000,000,168 | -H-- | C] () -- E:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/05 07:25:17 | 000,000,583 | -H-- | C] () -- E:\System Recovery.lnk
[2011/09/05 07:25:01 | 000,000,336 | -H-- | C] () -- E:\ProgramData\P1kAlMiG2Kb7Fz
[2011/09/02 13:13:38 | 004,194,304 | -H-- | C] () -- E:\Windows\System32\xadqgnnk.dll
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

TheCaptain 07.09.2011 12:08
Habe nach dem Fix den PC neu gestartet und wieder auf AHCI umgestellt. Windows startet leider immer noch nicht.

Hier der Logfile nach dem Fix:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.tdx deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC872B94-35E3-4B94-B028-184A2A1C7CCE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC872B94-35E3-4B94-B028-184A2A1C7CCE}\ deleted successfully.
Registry value HKEY_USERS\rudi_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MGkvxUlhYCnUvhK deleted successfully.
E:\ProgramData\MGkvxUlhYCnUvhK.exe moved successfully.
Registry value HKEY_USERS\rudi_ON_E\Software\Microsoft\Windows\CurrentVersion\Run\\2F7ZUJ7GVIWWVUYDTUFFFZSMGIW deleted successfully.
E:\SystemData\217FA966EB8.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
E:\autoexec.bat moved successfully.
E:\System Recovery folder moved successfully.
E:\ProgramData\P1kAlMiG2Kb7Fz.exe moved successfully.
File E:\ProgramData\MGkvxUlhYCnUvhK.exe not found.
E:\Users\rudi\AppData\Roaming\Opuxoz folder moved successfully.
E:\ProgramData\~P1kAlMiG2Kb7Fz moved successfully.
E:\ProgramData\~P1kAlMiG2Kb7Fzr moved successfully.
E:\System Recovery.lnk moved successfully.
E:\ProgramData\P1kAlMiG2Kb7Fz moved successfully.
File E:\ProgramData\P1kAlMiG2Kb7Fz.exe not found.
File E:\ProgramData\MGkvxUlhYCnUvhK.exe not found.
E:\Windows\System32\xadqgnnk.dll moved successfully.
File E:\ProgramData\~P1kAlMiG2Kb7Fz not found.
File E:\ProgramData\~P1kAlMiG2Kb7Fzr not found.
File E:\System Recovery.lnk not found.
File E:\ProgramData\P1kAlMiG2Kb7Fz not found.
File E:\Windows\System32\xadqgnnk.dll not found.
========== COMMANDS ==========
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 09072011_175343

cosinus 07.09.2011 13:42
Dann mach bitte ein neues OTLPE-Log.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131