Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt (https://www.trojaner-board.de/99735-befall-trojan-fakems-desktop-schwarz-eigene-dateien-versteckt.html)

papaskoo 29.05.2011 20:34
Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt
 
Hallo ihr Lieben,

ich wurde gestern beim Surfen vom Trojaner "Trojan.FakeMS" befallen mit den hier anscheinend bekannten Begleiterscheinungen: Schwarzer und leerer Desktop, User-files, Libraries und Eigenen Dateien sind verschwunden (eventl. versteckt) und es kamen Error-Meldungen, dass die HD defekt wäre, bzw. mein System befallen ist. Es folgte ein erzwungener Restart.
Ich dachte mir schon, dass es so ein erpresserischer Trojaner Arsch ist, der von mir will, dass ich irgendwelche Programme herunterlade. Ähnliches habe ich dann auch bei euch gelesen: http://www.trojaner-board.de/99673-f...-detected.html

1. Als erstes habe ich in der Registry den Eintrag "lobouyvvyw.exe" in Run entfernt, damit mein System nicht dauernd restartet.
2. Als nächstes habe ich Malwarebytes rüberlaufen lassen und die 4 befallenen Dateien entfernt.
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6713

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

29.05.2011 20:01:03
mbam-log-2011-05-29 (20-00-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 277131
Laufzeit: 40 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\lobouyvvyw.exe (Trojan.FakeMS) -> No action taken.
c:\Users\Pasi\AppData\Local\Temp\0.11180625347784401.exe (Trojan.FakeMS) -> No action taken.
c:\Users\Pasi\AppData\Local\Temp\tmpD39C.tmp (Trojan.FakeMS) -> No action taken.
c:\programdata\28303096.exe (Trojan.Agent) -> No action taken.
Nach dem Neustart hat sich am optischen Zustand allerdings nichts geändert. Bevor ich nun auf eigene Faust weitersäubere, wollte ich lieber die Fachmänner fragen und um eure Hilfe beten. Der OTL und Gmer Log folgen gleich. Vielen Dank!

Hier die Logs OTL.txt und Extras.txt:

OTL Logfile:
Code:
OTL logfile created on: 29.05.2011 21:26:56 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Pasi\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,29% Memory free
6,50 Gb Paging File | 5,24 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 16,43 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive F: | 471,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PASI-PC | User Name: Pasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.29 21:05:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Pasi\Downloads\OTL.exe
PRC - [2011.05.07 19:09:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.28 14:41:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.17 15:31:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.14 15:04:48 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010.12.14 15:03:16 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.29 18:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2006.07.18 17:15:18 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VMSnap3.exe
PRC - [2006.07.04 15:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
PRC - [2006.01.25 00:07:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM303_STI.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.29 21:05:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Pasi\Downloads\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.28 14:41:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.17 15:31:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.14 15:03:16 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.12.14 15:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.07.29 18:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.24 19:39:20 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.17 15:31:38 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.02.23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.29 20:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.23 22:39:49 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.17 23:39:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.17 23:31:26 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.27 14:41:10 | 000,306,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.06.10 04:19:15 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.03.18 19:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007.03.16 17:24:50 | 001,474,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.11 10:07:09 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 C9 4E 3D 34 1E CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.07 19:09:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 19:09:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.29 12:40:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.03.12 02:27:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Extensions
[2010.11.21 04:48:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.24 13:53:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\9y584fcc.default\extensions
[2011.03.12 02:27:29 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\9y584fcc.default\extensions\firefox@tvunetworks.com
[2011.05.20 15:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.20 15:13:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.03.12 02:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\PASI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9Y584FCC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.07 19:09:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.03.03 17:32:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.07 19:09:04 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.07 19:09:04 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.05.07 19:09:04 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.07 19:09:04 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.07 19:09:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.07 19:09:04 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [VMSnap3] C:\Windows\VMSnap3.exe (Vimicro)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.09.21 04:23:26 | 000,000,710 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2224acd9-862a-11e0-82b0-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{2224acd9-862a-11e0-82b0-00059a3c7800}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9761c121-fc7f-11df-aacd-001fd028da4b}\Shell - "" = AutoRun
O33 - MountPoints2\{9761c121-fc7f-11df-aacd-001fd028da4b}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{dcc4710d-f28d-11df-bd92-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dcc4710d-f28d-11df-bd92-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2009.09.21 03:12:55 | 000,777,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.29 15:26:32 | 000,000,000 | ---D | C] -- C:\Users\Pasi\AppData\Roaming\Malwarebytes
[2011.05.29 15:26:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 15:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.29 15:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.29 15:26:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.29 15:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.29 15:25:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Pasi\mbam-setup-1.50.1.1100.exe
[2011.05.29 00:39:58 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.24 19:54:33 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Local\Activision
[2011.05.24 19:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011.05.24 19:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011.05.24 19:39:20 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.05.24 19:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.05.24 19:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.05.24 19:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2011.05.24 19:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2011.05.24 19:15:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.05.22 15:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2011.05.22 15:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung ML-3470 Series
[2011.05.22 15:59:21 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2011.05.22 15:59:04 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2011.05.22 15:59:04 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2011.05.22 15:58:15 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sml347ci.exe
[2011.05.22 15:58:15 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sml347ci.dll
[2011.05.22 15:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.05.21 21:15:54 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS
[2011.05.21 20:59:20 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Local\Diagnostics
[2011.05.21 20:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2011.05.21 20:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\avmwlanstick
[2011.05.21 20:33:34 | 000,265,088 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusb.sys
[2011.05.21 20:33:34 | 000,074,752 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwlanci.dll
[2011.05.21 20:33:34 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys
[2011.05.21 20:33:34 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver
[2011.05.21 20:33:31 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AVM_Driver
[2011.05.20 15:12:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras
[2011.05.20 15:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.20 15:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.05.19 23:49:51 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\Desktop\Call of Duty 4 Modern Warfare + MP FULL-RIP[COTTA]
[2011.05.15 22:46:58 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Roaming\vlc
[2011.05.15 22:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Users\Pasi\*.tmp files -> C:\Users\Pasi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.29 20:10:06 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.29 20:10:06 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.29 20:07:02 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.29 20:07:02 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.29 20:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.29 20:02:49 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.29 20:00:36 | 000,186,770 | ---- | M] () -- C:\Users\Pasi\Desktop\trojaner.jpg
[2011.05.29 19:59:51 | 003,932,214 | ---- | M] () -- C:\Users\Pasi\Desktop\New Bitmap Image.bmp
[2011.05.29 15:26:27 | 000,001,095 | ---- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.05.29 15:26:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 15:26:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Pasi\mbam-setup-1.50.1.1100.exe
[2011.05.29 00:53:54 | 359,520,698 | -H-- | M] () -- C:\Users\Pasi\Desktop\Calista Natural Big Boobs Fucked On The Bed.wmv
[2011.05.29 00:52:10 | 234,119,326 | -H-- | M] () -- C:\Users\Pasi\Desktop\BustyTeen_Brooke_Lynn.mp4
[2011.05.29 00:39:59 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~28303096r
[2011.05.29 00:39:59 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28303096
[2011.05.29 00:39:58 | 000,000,635 | -H-- | M] () -- C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk
[2011.05.29 00:39:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\28303096
[2011.05.26 21:15:43 | 000,654,319 | -H-- | M] () -- C:\Users\Pasi\Desktop\wer ist das.png
[2011.05.26 21:09:08 | 003,421,879 | -H-- | M] () -- C:\Users\Pasi\Desktop\love-lost-prod-by-black-diamond.mp3
[2011.05.24 19:39:20 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.05.24 19:19:05 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2011.05.24 19:15:16 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011.05.24 15:53:28 | 000,022,328 | -H-- | M] () -- C:\Users\Pasi\AppData\Roaming\PnkBstrK.sys
[2011.05.24 15:53:28 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.20 00:32:28 | 000,001,272 | -H-- | M] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - MP.lnk
[2011.05.20 00:32:28 | 000,001,272 | -H-- | M] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - Modern Warfare.lnk
[2011.05.07 19:09:17 | 000,002,002 | -H-- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.05.05 16:07:42 | 000,001,411 | -H-- | M] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.05.05 12:08:25 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Users\Pasi\*.tmp files -> C:\Users\Pasi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.29 20:00:27 | 000,186,770 | ---- | C] () -- C:\Users\Pasi\Desktop\trojaner.jpg
[2011.05.29 19:59:25 | 003,932,214 | ---- | C] () -- C:\Users\Pasi\Desktop\New Bitmap Image.bmp
[2011.05.29 15:26:27 | 000,001,095 | ---- | C] () -- C:\Users\Pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.05.29 15:26:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 00:40:45 | 234,119,326 | -H-- | C] () -- C:\Users\Pasi\Desktop\BustyTeen_Brooke_Lynn.mp4
[2011.05.29 00:39:59 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~28303096r
[2011.05.29 00:39:58 | 000,000,635 | -H-- | C] () -- C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk
[2011.05.29 00:39:58 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~28303096
[2011.05.29 00:39:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\28303096
[2011.05.29 00:30:15 | 359,520,698 | -H-- | C] () -- C:\Users\Pasi\Desktop\Calista Natural Big Boobs Fucked On The Bed.wmv
[2011.05.26 21:08:13 | 003,421,879 | -H-- | C] () -- C:\Users\Pasi\Desktop\love-lost-prod-by-black-diamond.mp3
[2011.05.26 21:03:50 | 000,654,319 | -H-- | C] () -- C:\Users\Pasi\Desktop\wer ist das.png
[2011.05.24 19:15:16 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011.05.22 15:59:22 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.05.21 20:33:35 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.05.20 00:32:28 | 000,001,272 | -H-- | C] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - MP.lnk
[2011.05.20 00:32:28 | 000,001,272 | -H-- | C] () -- C:\Users\Pasi\Desktop\Call of Duty 4 - Modern Warfare.lnk
[2011.05.05 12:08:25 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.22 19:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.28 16:00:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.12 02:33:22 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.03.04 18:48:43 | 000,000,600 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\winscp.rnd
[2010.12.12 02:03:07 | 000,000,095 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\Movies2iPhone.ini
[2010.11.21 03:53:57 | 000,022,328 | -H-- | C] () -- C:\Users\Pasi\AppData\Roaming\PnkBstrK.sys
[2010.11.21 03:53:57 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.21 03:53:24 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.11.21 03:53:22 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.11.21 03:53:22 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.20 20:31:15 | 000,126,976 | ---- | C] () -- C:\Windows\System32\vmcoinst_zc0301plh.dll
[2010.11.20 20:30:48 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2010.11.20 20:30:48 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.12.04 10:48:08 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009.12.04 10:48:06 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ml347Pl3.dll
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,364,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\DAEMON Tools Lite
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\elsterformular
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Foxit
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Foxit Software
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\IrfanView
[2011.03.12 02:27:17 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Leadertech
[2011.03.12 02:27:30 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\OpenOffice.org
[2011.03.12 02:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\Thunderbird
[2011.03.12 02:27:35 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\TrueCrypt
[2011.03.12 02:27:35 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\TuneUp Software
[2011.05.29 21:11:54 | 000,000,000 | -H-D | M] -- C:\Users\Pasi\AppData\Roaming\uTorrent
[2009.07.14 06:53:46 | 000,021,196 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.03.12 11:02:27 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR
[2009.07.14 06:54:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.12 02:34:41 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q
[2011.04.23 16:12:12 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.07.13 18:05:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.29 15:26:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.05.29 20:01:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.12 03:05:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.05.29 16:39:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.12 00:24:14 | 000,000,000 | -H-D | M] -- C:\Temp
[2011.03.12 02:28:41 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.29 01:43:20 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-27 13:08:54
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 29.05.2011 21:26:56 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Pasi\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,29% Memory free
6,50 Gb Paging File | 5,24 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 16,43 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive F: | 471,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PASI-PC | User Name: Pasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{362483B1-91EB-4CB4-B9BB-3B4B4C644404}" = ZC0301PLH_Driver_Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = VIMICRO USB PC Camera (ZC0301PLH)
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Download Manager" = Download Manager 2.3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Movies2iPhone" = Movies2iPhone 1.21 beta for Windows
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MySSID_is1" = Vtune 7.12
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Samsung ML-3470 Series" = Samsung ML-3470 Series
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2011 20:33:12 | Computer Name = Pasi-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =
 
Error - 11.03.2011 20:33:13 | Computer Name = Pasi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Avira\AntiVir
 Desktop\avwsc.exe".  Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11.03.2011 21:06:27 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (3836) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 14.03.2011 16:32:03 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (2844) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 23.04.2011 10:12:36 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (304) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 05.05.2011 06:08:40 | Computer Name = Pasi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WU-IE9-Windows7-x86.exe, version: 9.0.8112.16421,
 time stamp: 0x4d762851  Faulting module name: WU-IE9-Windows7-x86.exe, version: 9.0.8112.16421,
 time stamp: 0x4d762851  Exception code: 0xc0000005  Fault offset: 0x000162b1  Faulting
 process id: 0x8e0  Faulting application start time: 0x01cc0b0ba2dacbca  Faulting application
 path: C:\Windows\SoftwareDistribution\Download\Install\WU-IE9-Windows7-x86.exe  Faulting
 module path: C:\Windows\SoftwareDistribution\Download\Install\WU-IE9-Windows7-x86.exe
Report
 Id: a5c88529-76ff-11e0-b693-001fd028da4b
 
Error - 19.05.2011 19:50:49 | Computer Name = Pasi-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: fd0    Start
 Time: 01cc1673fcac8331    Termination Time: 93    Application Path: C:\Program Files\Mozilla
 Firefox\firefox.exe    Report Id: cecf7bf1-8272-11e0-9643-001fd028da4b 
 
Error - 24.05.2011 09:48:41 | Computer Name = Pasi-PC | Source = VSS | ID = 8194
Description =
 
Error - 26.05.2011 22:13:02 | Computer Name = Pasi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TuneUpUtilitiesService32.exe, version:
10.0.3000.99, time stamp: 0x4d076afa  Faulting module name: unknown, version: 0.0.0.0,
 time stamp: 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00540052  Faulting
 process id: 0x134  Faulting application start time: 0x01cc1c0898973586  Faulting application
 path: C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe  Faulting
 module path: unknown  Report Id: d91b965c-8806-11e0-b478-001fd028da4b
 
Error - 28.05.2011 19:37:01 | Computer Name = Pasi-PC | Source = ESENT | ID = 215
Description = WinMail (2504) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
[ System Events ]
Error - 29.05.2011 09:11:30 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
 error:  %%1083
 
Error - 29.05.2011 09:11:32 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:  %%20
 
Error - 29.05.2011 09:11:40 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  sptd
 
Error - 29.05.2011 09:15:59 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:  %%1058
 
Error - 29.05.2011 13:57:51 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:  %%1058
 
Error - 29.05.2011 14:02:41 | Computer Name = Pasi-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
 
Error - 29.05.2011 14:02:52 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
 error:  %%1083
 
Error - 29.05.2011 14:02:54 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:  %%20
 
Error - 29.05.2011 14:03:01 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  sptd
 
Error - 29.05.2011 14:03:14 | Computer Name = Pasi-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:  %%1058
 
 
< End of report >
--- --- ---

GMER Logfile:
Code:
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-05-29 22:18:27
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD6400AAKS-65A7B2 rev.01.03B01
Running: jciu6nkj.exe; Driver: C:\Users\Pasi\AppData\Local\Temp\kxldapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13C1          8308A339 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2  830C3D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000057      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----[/QUOTE]
--- --- ---

markusg 30.05.2011 10:56
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.


:OTL
[2011.05.29 00:39:58 | 000,000,000 | -H-D | C] -- C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.29 00:39:59 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~28303096r
[2011.05.29 00:39:59 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28303096
[2011.05.29 00:39:58 | 000,000,635 | -H-- | M] () -- C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

papaskoo 30.05.2011 17:56
Vielen Dank für die Hilfe. Hier der OTL Fix-Log und der ComboFix Log
Nach dem Neustart ist der Desktop noch schwarz, die Dateien sind wieder da. Das Startmenü ist allerdings noch leer und die Verknüpfungen in der Taskleiste sind verwaist. "Cant open this iten" .. Aber manuell funktionieren die Programme.

Zitat:
All processes killed
========== OTL ==========
C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery folder moved successfully.
C:\ProgramData\~28303096r moved successfully.
C:\ProgramData\~28303096 moved successfully.
C:\Users\Pasi\Desktop\Windows 7 Recovery.lnk moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Lisa
->Flash cache emptied: 562 bytes

User: Pasi
->Flash cache emptied: 1196443 bytes

User: Public

Total Flash Files Cleaned = 1,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lisa
->Temp folder emptied: 967 bytes
->Temporary Internet Files folder emptied: 66341 bytes
->FireFox cache emptied: 78865529 bytes
->Flash cache emptied: 0 bytes

User: Pasi
->Temp folder emptied: 2423737 bytes
->Temporary Internet Files folder emptied: 89397005 bytes
->Java cache emptied: 1448339 bytes
->FireFox cache emptied: 46940362 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 712156 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 210,00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05302011_175905

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Combofix Logfile:
Code:
ComboFix 11-05-29.04 - Pasi 30.05.2011  18:32:41.1.4 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1033.18.3326.2227 [GMT 2:00]
ausgeführt von:: c:\users\Pasi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pasi\mbam-setup-1.50.1.1100.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-28 bis 2011-05-30  ))))))))))))))))))))))))))))))
.
.
2011-05-30 16:31 . 2011-05-30 16:31        --------        d-----w-        C:\32788R22FWJFW
2011-05-30 15:59 . 2011-05-30 15:59        --------        d-----w-        C:\_OTL
2011-05-29 13:26 . 2011-05-29 13:26        --------        d-----w-        c:\users\Pasi\AppData\Roaming\Malwarebytes
2011-05-29 13:26 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:26 . 2011-05-29 13:26        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-29 13:26 . 2011-05-29 18:01        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-29 13:26 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-28 23:37 . 2011-05-28 23:37        --------        d-----w-        c:\users\Lisa\AppData\Roaming\TuneUp Software
2011-05-27 13:08 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9758B10-5161-4BD6-9578-91C38E5E00FB}\mpengine.dll
2011-05-25 13:38 . 2011-04-22 19:14        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2011-05-24 17:54 . 2011-05-24 17:54        --------        d-----w-        c:\users\Pasi\AppData\Local\Activision
2011-05-24 17:41 . 2011-05-24 17:41        --------        d-----w-        c:\program files\Activision
2011-05-24 17:39 . 2011-05-24 17:39        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-24 17:39 . 2011-05-24 17:39        --------        d-----w-        c:\program files\DAEMON Tools Lite
2011-05-24 17:18 . 2011-05-24 17:18        --------        d-----w-        c:\program files\Common Files\Deterministic Networks
2011-05-24 17:18 . 2011-05-24 17:19        --------        d-----w-        c:\users\Pasi\B0BF705768694E4B920CEA2A58DA07F0.TMP
2011-05-24 11:56 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\system32\poqexec.exe
2011-05-22 13:59 . 2009-09-21 01:12        482408        ----a-w-        c:\windows\ssndii.exe
2011-05-22 13:59 . 2011-05-22 13:59        --------        d-----w-        c:\windows\Samsung
2011-05-22 13:59 . 2009-06-11 04:42        81920        ----a-w-        c:\windows\system32\ssdevm.dll
2011-05-22 13:59 . 2007-01-08 01:57        49152        ----a-w-        c:\windows\system32\ssusbpn.dll
2011-05-22 13:59 . 2007-01-08 01:57        44544        ----a-w-        c:\windows\system32\msxml4a.dll
2011-05-22 13:59 . 2007-01-08 01:57        38160        ----a-w-        c:\windows\system32\msxml2r.dll
2011-05-22 13:59 . 2007-01-08 01:57        21776        ----a-w-        c:\windows\system32\msxml2a.dll
2011-05-22 13:59 . 2007-01-08 01:57        701440        ----a-w-        c:\windows\system32\msxml2.dll
2011-05-22 13:58 . 2007-01-10 03:40        151552        ----a-w-        c:\windows\system32\sml347ci.exe
2011-05-22 13:58 . 2007-01-10 03:40        65536        ----a-w-        c:\windows\system32\sml347ci.dll
2011-05-22 13:57 . 2011-05-22 13:57        --------        d-----w-        c:\program files\Samsung
2011-05-22 13:55 . 2009-12-04 08:48        19968        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\ml347Ppc.dll
2011-05-21 19:15 . 2007-01-11 08:07        5120        ------w-        c:\windows\system32\drivers\SSPORT.SYS
2011-05-21 18:59 . 2011-05-21 18:59        --------        d-----w-        c:\users\Pasi\AppData\Local\Diagnostics
2011-05-21 18:33 . 2011-05-21 18:33        --------        d-----w-        c:\program files\avmwlanstick
2011-05-21 18:33 . 2007-01-25 23:00        97360        ----a-w-        c:\windows\system32\drivers\Fwusb1b.bin
2011-05-21 18:33 . 2011-05-21 18:33        --------        d-----w-        c:\windows\AVM_Driver
2011-05-21 18:33 . 2007-01-25 23:00        74752        ----a-w-        c:\windows\system32\fwlanci.dll
2011-05-21 18:33 . 2007-01-25 23:00        4352        ----a-w-        c:\windows\system32\drivers\avmeject.sys
2011-05-21 18:33 . 2007-01-25 23:00        265088        ----a-w-        c:\windows\system32\drivers\fwlanusb.sys
2011-05-21 18:33 . 2011-05-21 18:33        --------        d-----w-        c:\users\Pasi\AVM_Driver
2011-05-21 15:41 . 2011-05-21 15:41        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 13:12 . 2011-05-24 17:39        --------        d-----w-        c:\programdata\Skype Extras
2011-05-20 13:12 . 2011-05-20 13:12        --------        d-----w-        c:\program files\Common Files\Skype
2011-05-15 20:46 . 2011-05-15 23:35        --------        d-----w-        c:\users\Pasi\AppData\Roaming\vlc
2011-05-11 20:06 . 2011-04-09 06:02        3967872        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-05-11 20:06 . 2011-04-09 06:02        3912576        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-07 17:09 . 2011-05-07 17:09        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 17:09 . 2011-05-07 17:09        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 17:09 . 2011-05-07 17:09        89048        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 17:09 . 2011-05-07 17:09        465880        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 17:09 . 2011-05-07 17:09        1974616        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-07 17:09 . 2011-05-07 17:09        1892184        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 17:09 . 2011-05-07 17:09        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 17:09 . 2011-05-07 17:09        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 13:53 . 2010-11-21 01:53        22328        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-05-24 13:53 . 2010-11-21 01:53        22328        ----a-w-        c:\users\Pasi\AppData\Roaming\PnkBstrK.sys
2011-05-24 13:53 . 2010-11-21 01:53        103736        ----a-w-        c:\windows\system32\PnkBstrB.exe
2011-05-24 13:52 . 2010-11-21 01:53        66872        ----a-w-        c:\windows\system32\PnkBstrA.exe
2011-04-22 18:07 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2011-03-17 13:31 . 2010-11-17 21:51        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-12 11:23 . 2011-04-28 12:46        870912        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-03-11 05:39 . 2011-04-28 12:46        148864        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-03-11 05:39 . 2011-04-28 12:46        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39 . 2011-04-28 12:46        1211264        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39 . 2011-04-28 12:46        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38 . 2011-04-28 12:46        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38 . 2011-04-28 12:46        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38 . 2011-04-28 12:46        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33 . 2011-04-14 08:46        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 08:46        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-28 12:46        1699328        ----a-w-        c:\windows\system32\esent.dll
2011-03-11 05:31 . 2011-04-28 12:46        74240        ----a-w-        c:\windows\system32\fsutil.exe
2011-03-08 05:28 . 2011-04-14 08:46        741376        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-03 15:32 . 2011-03-03 15:32        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-03 05:38 . 2011-04-14 08:47        132608        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-14 08:47        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-14 08:46        2333184        ----a-w-        c:\windows\system32\win32k.sys
2011-05-07 17:09 . 2011-05-07 17:09        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-07-30 2158592]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-09-24 614400]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-17 691696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
R3 rt70x86;ASUS RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [2010-04-27 306016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-24 218688]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-11 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-29 248936]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\9y584fcc.default\
FF - prefs.js: browser.startup.homepage - SPIEGEL ONLINE - Nachrichten
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Pasi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
AddRemove-{A64240FF-9C31-4858-AE9D-65483C5DE63A} - c:\users\Pasi\AppData\Local\{DFF7F5B3-9811-4BE0-94D3-DE8D714CEC8A}\Living Hell Light Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-30  18:38:46
ComboFix-quarantined-files.txt  2011-05-30 16:38
.
Vor Suchlauf: 17.514.594.304 bytes free
Nach Suchlauf: 17.280.811.008 bytes free
.
- - End Of File - - A9C0175D05F457FC02D365B21D70929E
--- --- ---

markusg 30.05.2011 18:17
öffne computer , öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

aber unter alle programme sind noch welche zu finden oder nicht? den rest können wir leider nicht rückgängig machen.
lösche halt die schnellstart verknüpfungen und hänge sie neu an.

papaskoo 31.05.2011 14:45
Vielen Dank, war ne super Hilfe! Es ist alles wieder da, soweit ich das gesehen habe. Ja die Programme funktionieren, ich mache die Verknüpfungen neu. Ich lade die Daten im Laufe des Abends hoch.
Kann ich mein System als sauber betrachten oder empfiehlt sich trotzdem ne Neuinstallation?

Viel Erfolg weiterhin!

markusg 31.05.2011 14:50
sieht io aus, wir machen aber noch 2 3 kleinigkeiten.

papaskoo 02.06.2011 20:15
Okay, ist hochgeladen.

markusg 05.06.2011 15:55
lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

papaskoo 05.06.2011 22:50
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 11.03.2011 6,00MB 10.1.102.64 wichtig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 20.05.2011 6,00MB 10.3.181.14 unwichtig
Apple Application Support Apple Inc. 21.04.2011 51,0MB 1.5.1 unwichtig
Apple Mobile Device Support Apple Inc. 13.03.2011 21,8MB 3.4.0.25 unwichtig
Apple Software Update Apple Inc. 20.11.2010 2,26MB 2.1.2.120 unwichtig
Audacity 1.3.12 Audacity Team 30.05.2011 32,3MB wichtig
Avira AntiVir Personal - Free Antivirus Avira GmbH 27.04.2011 70,7MB 10.0.0.648 wichtig
Bonjour Apple Inc. 21.04.2011 1,10MB 2.0.5.0 wichtig
Call of Duty: Black Ops 23.05.2011 wichtig
CCleaner Piriform 04.06.2011 3.07 wichtig
Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 23.05.2011 11,6MB 5.0.6 wichtig
Crysis(R) Electronic Arts 20.11.2010 6.353MB 1.00.0000 wichtig
DAEMON Tools Lite DT Soft Ltd 23.05.2011 4.40.2.0131 wichtig
DAEMON Tools Toolbar DT Soft Ltd 11.03.2011 1.1.2.0185 unwichtig
DivX-Setup DivX, Inc. 11.03.2011 2.1.2.2 unbekannt
Download Manager 2.3.10 IGN Entertainment, Inc. 11.03.2011 2.3.10 unwichtig
FIFA 11 Electronic Arts 20.11.2010 6.262MB 1.0.0.0 wichtig
Foxit Reader Foxit Corporation 11.03.2011 11,1MB 4.3.0.1110 wichtig
Foxit Toolbar Ask.com 20.11.2010 2,57MB 1.9.1.0 unwichtig
GIMP 2.6.11 The GIMP Team 07.04.2011 106,8MB 2.6.11 wichtig
IrfanView (remove only) Irfan Skiljan 11.03.2011 1,50MB 4.27 wichtig
iTunes Apple Inc. 21.04.2011 143,9MB 10.2.2.12 wichtig
Java(TM) 6 Update 22 Oracle 02.03.2011 95,0MB 6.0.220 wichtig
LAME v3.98.3 for Audacity 30.05.2011 1,17MB wichtig
Malwarebytes' Anti-Malware Malwarebytes Corporation 28.05.2011 10,5MB wichtig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.03.2011 38,8MB 4.0.30319 wichtig
Microsoft Office Enterprise 2007 Microsoft Corporation 11.03.2011 12.0.4518.1014 wichtig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20.11.2010 0,42MB 8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 20.11.2010 0,24MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.11.2010 0,58MB 9.0.30729.4148 unbekannt
Movies2iPhone 1.21 beta for Windows OKprods Ltd 11.03.2011 1.21 beta for Windows wichtig
Mozilla Firefox 4.0.1 (x86 de) Mozilla 06.05.2011 32,7MB 4.0.1 wichtig
Mozilla Thunderbird (3.1.10) Mozilla 28.04.2011 3.1.10 (de) wichtig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 30.11.2010 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 01.12.2010 1,33MB 4.20.9876.0 unbekannt
NVIDIA Display Control Panel NVIDIA Corporation 11.03.2011 6.14.12.5919 unwichtig
NVIDIA Drivers NVIDIA Corporation 11.03.2011 63,0MB 1.10.62.40 wichtig
NVIDIA PhysX NVIDIA Corporation 16.11.2010 73,8MB 9.10.0224 unbekannt
NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 11.03.2011 7.17.12.5919 unbekannt
OpenOffice.org 3.3 OpenOffice.org 08.03.2011 413MB 3.3.9567 wichtig
PDF24 Creator 2.8.8 PDF24.org 28.11.2010 16,1MB wichtig
PunkBuster Services Even Balance, Inc. 11.03.2011 0.986 unwichtig
QuickTime Apple Inc. 11.01.2011 73,7MB 7.69.80.9 unwichtig
Samsung ML-3470 Series Samsung Electronics CO.,LTD 21.05.2011 wichtig
Skype Toolbars Skype Technologies S.A. 19.05.2011 6,95MB 5.3.7280 unwichtig
Skype™ 5.3 Skype Technologies S.A. 19.05.2011 22,6MB 5.3.111 wichtig
TrueCrypt TrueCrypt Foundation 11.03.2011 7.0a wichtig
TuneUp Utilities 2011 TuneUp Software 11.03.2011 10.0.3000.99 wichtig
VIMICRO USB PC Camera (ZC0301PLH) 11.03.2011 wichtig
VLC media player 1.1.9 VideoLAN 14.05.2011 1.1.9 wichtig
Vtune 7.12 16.11.2010 11,1MB unwichtig
Winamp Nullsoft, Inc 11.03.2011 5.581 wichtig
WinRAR 11.03.2011 wichtig
WinSCP 4.3.2 Martin Prikryl 03.03.2011 8,56MB 4.3.2 wichtig
ZC0301PLH_Driver_Setup Vimicro 19.11.2010 1.00.0000 unbekannt
µTorrent 11.03.2011 2.2.0 wichtig

markusg 06.06.2011 10:08
deinstaliere
DAEMON Tools Toolbar
Download Manager
Foxit Toolbar Ask
PunkBuster
Skype Toolbars
TuneUp Utilities verzichte auf sonen schrott der kann dir das system zerschießen und bringt nichts.
bereinige mit dem ccleaner.

papaskoo 19.06.2011 14:03
Okay, ist alles erledigt. Ist sonst noch was zu tun? Sonst bedanke ich mich für die Hilfe!


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131